SCR (Signature Request) is automatically generated in Nginx container environment.
Specifically, create and execute a shell script that uses Expect and openssl.
CSR (signing request) is not created even if the shell script is executed.Applicable source code
[csr_create.sh] #!/bin/sh expect -c " set timeout 1 spawn openssl req -new -key server.key -out server.csr expect -regexp \ "Country Name \ (2 letter code \) \ [. * \]: \" send \ "JP \ r \" expect -regexp \ "State or Province Name (full name) \ [. * \] \" send \ "Prefecture \ r \" expect -regexp \ "Locality Name (eg, city) \ [. * \]: \" send \ "City \ r \" expect -regexp \ "Organization Name (eg, company) \ [. * \]: \" send \ "Organization \ r \" expect -regexp \ "Organizational Unit Name (eg, section) \ [. * \]: \" send \ "development team \ r \" expect -regexp \ "Common Name (e.g. server FQDN or YOUR name) \ [. * \]: \" send \ "www.example.ex \ r \" expect -regexp \ "Email Address \ [. * \]: \" send \ "\ r \" expect -regexp \ "A challenge password \ [. * \]: \" send \ "\ r \" expect -regexp \ "An optional company name \ [. * \]: \" send \ "\ r \" expect. * "
Create an appropriate directory locally, move it, and create the above files in it.
chmod 755 csr_create.sh
In the procedure below,
server.csrIs not generated.
docker pull nginx: 1.15.8
docker run -it -v .../sandbox:/etc/ssl/sandbox [nginx_image_id] bash
agt-get install -y openssl expect
openssl genrsa -out server.key 2024
ls =>csr_create.sh server.key
ls =>csr_create.sh server.key
As a result of trial and error,
It seems that it is because the file cannot be spited out well.
I think that the method of writing the shell script is bad, but there is no idea to deal with it.
-out server.csrI tried the following 4 without using, but it didn't work.
(1) Output the execution result to a file by redirecting
[csr_create.sh] #!/bin/sh &(expect -c " set timeout 1 spawn openssl req -new -key server.key ... [Omitted] ... expect. * ") >>server.csr
echoAnd redirect to output to a file
[csr_create.sh] #!/bin/sh echo&(expect -c " set timeout 1 spawn openssl req -new -key server.key ... [Omitted] ... expect. * ") >>server.csr
(3) Output to file by pipe and redirect
[csr_create.sh] #!/bin/sh &(expect -c " set timeout 1 spawn openssl req -new -key server.key ... [Omitted] ... expect. * ") | >>server.csr
(4) Output to file with pipe and tee
[csr_create.sh] #!/bin/sh &(expect -c " set timeout 1 spawn openssl req -new -key server.key ... [Omitted] ... expect. * ") | tee server.csr
None of them worked.Supplemental information (FW/tool version, etc.)
Docker Image: nginx: 1.15.8
OpenSSL: OpenSSL 1.1.0l 10 Sep 2019 (Library: OpenSSL 1.1.0j 20 Nov 2018)
Expext: version 5.45
I think there is a problem with how to write the shell script, but there is no corresponding idea.
I think it can be achieved if done well.
Is there any good way?
We apologize for the inconvenience, but we would appreciate your advice.
Answer # 1
I don't know the reason why it doesn't work because I haven't scrutinized it, but since it is a process that does not require any interaction, I don't think you should use expect.
For example, in the "Issue Certificate" chapter of the article "Oreore EV SSL Certificate with Firefox" that I wrote before, the private key and CSR are created as follows.
openssl req -config $CONF -new -newkey rsa: 2048 -nodes -keyout svr.key -out svr.csr -subj "/CN=angel.p57/O=Omura Industries MC./ST=Neo-Saitama/C= JP "
$CONFIs a variable that represents the OpenSSL configuration file name, but it is probably the default setting.
-config $CONFThere is no problem if you remove it.
-subjSet the contents specified in according to the items actually requested as CSR. Also, in the case of an article, the order is CN → O →…, but this is the opposite of the usual one and it is bad, so be careful. Note: Is the DN right to left or left to right?
- google apps script - when i created an automatic reply function with gas according to the site, i cannot read the property "
- google apps script - i created a batch conversion function using the translation api, but batch output does not work
- Shell script nginx automation script
- Configuration script for automatic balancing of Nginx cache files and dynamic files
- nginx : Real IP forwarding inside Docker
- nginx - container does not start with docker-compose
- postgresql - errno::enoent: no such file or directory @ dir_s_chdir error appears and app doesn't start on unicorn
- nginx - cannot display "403 forbidden" web on docker container
- nginx - [laravel] container does not start up with $docker-compose up -d
- [docker, rails, nginx, mysql, ec2]docker-compose run app rails db:create gives an error
- nginx - cannot access 172170x with docker
- nginx can't start with bind() to [::]:80 even though port80 is open
- about error dbus-daemon when starting nginx