Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: move conf/cert to t/certs and disable ssl by default #2112

Merged
merged 32 commits into from
Nov 20, 2020
Merged

fix: move conf/cert to t/certs and disable ssl by default #2112

merged 32 commits into from
Nov 20, 2020

Conversation

Yiyiyimu
Copy link
Member

What this PR does / why we need it:

fix #2110

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible?

@moonming moonming added this to the 2.1 milestone Sep 16, 2020
@membphis
Copy link
Member

@Yiyiyimu please fix the issue of CI

@Yiyiyimu
Copy link
Member Author

Hi @membphis the CI error is due to there're some problems unsolved. Discussion is on the original issue #2110.

@Yiyiyimu
turn default ssl off
9c5ce68 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix typo
3d66357 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
merge master
095fa8c 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
enable ssl for test
0400580 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix test
df91f35 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
change crt path
f84eb6e 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
1. made apisix.crt could be customizied 2. add cert/key path to 'enab…
b7a396d 
…le_ssl'

Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
change path for enable-ssl
b4fed44 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
check pwd
28eff9e 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
move enbale_ssl path
99626fa 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
sync change in test files
31bd449 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
add ca file
948594f 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix error
1e7a7ed 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix error
97417d0 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@membphis membphis changed the title fix: move conf/cert to t/certs chore: move conf/cert to t/certs Nov 18, 2020
@Yiyiyimu
rm ca crt
2fa0c5e 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix typo
8daaf1e 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix cli test
727197c 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix typo
298237a 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
use mtls certs
8266257 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
fix typo
52afd00 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
revert
d1f5763 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
Copy link
Member Author

Yiyiyimu commented Nov 19, 2020
edited
Loading

Kind of stuck here and need some help. Thx~

juzhiyuan
juzhiyuan reviewed Nov 19, 2020
View reviewed changes
conf/config-default.yaml Outdated
@@ -61,7 +61,7 @@ apisix:
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
# - "::/64"
# port_admin: 9180 # use a separate port
https_admin: true # enable HTTPS when use a separate port for Admin API.
# https_admin: true # enable HTTPS when use a separate port for Admin API.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the default value?

Copy link
Member Author

@Yiyiyimu Yiyiyimu Nov 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nil I think

@nic-chen
Copy link
Member

@Yiyiyimu

It is another issue now.

I think it is caused by ssl not being enabled by default:
https://github.com/apache/apisix/pull/2112/files#diff-8d872babc717e9d733641b56bfc530ef98751fbe4e68f08d79b2b83109c22fffR105

You can modify the test case accordingly and move on.

@Yiyiyimu
enable ssl in one test
3230611 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
@Yiyiyimu
Copy link
Member Author

Thank you for the fix and problem pointing out @nic-chen! All test passed and ready to be reviewed~

@Yiyiyimu
add clearer guidance in config yaml
d4de547 
Signed-off-by: yiyiyimu <wosoyoung@gmail.com>
moonming
moonming reviewed Nov 19, 2020
View reviewed changes
conf/config-default.yaml Outdated
enable_http2: true
listen_port: 9443
# ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
# used to verify the certificate when APISIX needs to do SSL/TLS handshaking
# with external services (e.g. etcd)
ssl_cert: ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is the path or content of the certificate? we need to add comments.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! fixed

@Yiyiyimu Yiyiyimu changed the title chore: move conf/cert to t/certs fix: move conf/cert to t/certs and disable ssl by default Nov 20, 2020
@moonming
Copy link
Member

@nic-chen please take a look

@moonming moonming merged commit 36162e3 into apache:master Nov 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juzhiyuan juzhiyuan juzhiyuan left review comments

@nic-chen nic-chen nic-chen approved these changes

@moonming moonming moonming approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.1
Development

Successfully merging this pull request may close these issues.

request help: move conf/cert to t/cert
6 participants
@Yiyiyimu @membphis @nic-chen @moonming @juzhiyuan @johzchen