Skip to content

Commit

Permalink
Updates docker file to create test server package (#238)
Browse files Browse the repository at this point in the history
* Updates docker file to create test server package:
- Using liboqs 0.9.0
- Using latest oqs-provider
- Using latest nginx 1.25.2

Updates nginx docker demo to 1.25.2

* revert -j and update docs about OPENSSL_CONF
  • Loading branch information
bhess authored Oct 19, 2023
1 parent 36815e0 commit 4d5f472
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 11 deletions.
7 changes: 4 additions & 3 deletions nginx/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ ARG SIG_ALG="dilithium3"
ARG DEFAULT_GROUPS=x25519:x448:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024

# define the nginx version to include
ARG NGINX_VERSION=1.23.3
ARG NGINX_VERSION=1.25.2

# Define the degree of parallelism when building the image; leave the number away only if you know what you are doing
ARG MAKE_DEFINES="-j 18"
Expand Down Expand Up @@ -126,6 +126,7 @@ STOPSIGNAL SIGTERM
# Enable a normal user to create new server keys off set CA
RUN addgroup -g 1000 -S oqs && adduser --uid 1000 -S oqs -G oqs && chown -R oqs.oqs ${INSTALLDIR}
USER oqs

# From nginx 1.25.2: "nginx does not try to load OpenSSL configuration if the --with-openssl option was used to built OpenSSL and the OPENSSL_CONF environment variable is not set".
# We therefore have to set the OPENSSL_CONF environment variable.
ENV OPENSSL_CONF ${OSSLDIR}/ssl/openssl.cnf
CMD ["nginx", "-c", "nginx-conf/nginx.conf", "-g", "daemon off;"]

12 changes: 6 additions & 6 deletions nginx/fulltest-provider/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
# First: global build arguments:

# liboqs build type variant; maximum portability of image:
ARG LIBOQS_VERSION=0.8.0
ARG LIBOQS_VERSION=0.9.0

ARG OPENSSL_VERSION=master

ARG OQS_PROVIDER_VERSION=0.5.1
ARG OQS_PROVIDER_VERSION=main

ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"

Expand All @@ -26,7 +26,7 @@ ARG SIG_ALG="dilithium3"
ARG DEFAULT_GROUPS=x25519:x448:prime256v1:secp384r1:secp521r1:kyber512:p256_kyber512:kyber768:p384_kyber768:kyber1024:p521_kyber1024

# define the nginx version to include
ARG NGINX_VERSION=1.25.1
ARG NGINX_VERSION=1.25.2

# Define the degree of parallelism when building the image; leave the number away only if you know what you are doing
ARG MAKE_DEFINES="-j"
Expand Down Expand Up @@ -97,7 +97,7 @@ COPY genconfig.py ${CONFIGDIR}
COPY common.py ${CONFIGDIR}
COPY ext-csr.conf ${CONFIGDIR}
COPY index-template ${CONFIGDIR}
COPY chromium-template ${CONFIGDIR}
#COPY chromium-template ${CONFIGDIR}
COPY success.htm ${CONFIGDIR}
COPY OsslAlgParser.scala ${CONFIGDIR}

Expand All @@ -108,8 +108,8 @@ RUN python3 genconfig.py

RUN sed -i "s/LIBOQS_RELEASE/${LIBOQS_VERSION}/g" index-base.html
RUN sed -i "s/OQSPROVIDER_RELEASE/${OQS_PROVIDER_VERSION}/g" index-base.html
RUN sed -i "s/LIBOQS_RELEASE/${LIBOQS_VERSION}/g" chromium-base.html
RUN sed -i "s/OQSPROVIDER_RELEASE/${OQS_PROVIDER_VERSION}/g" chromium-base.html
#RUN sed -i "s/LIBOQS_RELEASE/${LIBOQS_VERSION}/g" chromium-base.html
#RUN sed -i "s/OQSPROVIDER_RELEASE/${OQS_PROVIDER_VERSION}/g" chromium-base.html

RUN rm -rf ${INSTALLDIR}/pki
RUN rm -rf ${INSTALLDIR}/logs/*
Expand Down
8 changes: 7 additions & 1 deletion nginx/fulltest-provider/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ Note that, the oqs-nginx-{LIBOQS_VERSION}.tgz package contains all required conf

#### Activation

Execute `/opt/nginx/sbin/nginx -c /opt/nginx/interop.conf` to start the test server.
Execute `OPENSSL_CONF=/opt/openssl/.openssl/ssl/openssl.cnf /opt/nginx/sbin/nginx -c /opt/nginx/interop.conf` to start the test server.

*Note*: From nginx version 1.25.2, nginx does not try to load OpenSSL configuration if the --with-openssl option was used to built OpenSSL. We therefore have to set the `OPENSSL_CONF` environment variable when activating nginx.

*Note*: As the server many of ports, the server may need to be configured to permit this, e.g., using `ulimit -S -n 4096`.

#### Test run

The `testrun.sh` script runs test connections against all ports configured by the server. To run the script, execute `testrun.sh openquantumsafe/curl`.
2 changes: 1 addition & 1 deletion nginx/fulltest-provider/build_ubuntu.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@
docker build --no-cache -t oqs-nginx-fulltest-provider .

# Copy tar from image
docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.8.0.tgz .
docker cp $(docker create oqs-nginx-fulltest-provider:latest):oqs-nginx-0.9.0.tgz .

0 comments on commit 4d5f472

Please sign in to comment.