Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable cert & key location #27

Open
richcar58 opened this issue Oct 23, 2024 · 1 comment
Open

Configurable cert & key location #27

richcar58 opened this issue Oct 23, 2024 · 1 comment
Assignees
Labels
enhancement New feature or request

Comments

@richcar58
Copy link
Contributor

richcar58 commented Oct 23, 2024

Allow the location of the certificate and the private key to be configurable in the ~/.tms/config/tms.toml file. Currently, tms_server expects the full certificate chain to be in ~/.tms/certs/cert.pm and the private key to be in ~./tms/certs/key.pm. These locations should be the default but overridable from the configuration file.

Another approach would be to create a script automatically invoked on cert/key update that copies the cert and key to the ~./tms/certs directory of the id that runs tms_server as follows:

    cd ~/.tms/certs (as root)
    cp -p /etc/letsencrypt/live/tms-server-dev.tacc.utexas.edu/fullchain.pem cert.pem    
    cp -p /etc/letsencrypt/live/tms-server-dev.tacc.utexas.edu/privkey.pem key.pem
    chmod 600 cert.pem key.pem
    chown <tms_userid>:<tms_userid> cert.pem key.pem 

@richcar58 richcar58 added the enhancement New feature or request label Oct 23, 2024
@richcar58 richcar58 self-assigned this Oct 23, 2024
@scblack321 scblack321 self-assigned this Dec 13, 2024
@scblack321 scblack321 moved this from To Do to On Hold in Tapis Project Beta Board Dec 13, 2024
@scblack321
Copy link
Contributor

scblack321 commented Dec 13, 2024

This may not be a good idea.
Instead, it might be better to configure a post-processor for when the key and cert get updated.
The post-processor would move them into the ~/.tms/certs directory and update the permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: On Hold
Development

No branches or pull requests

2 participants