diff --git a/.travis/apisix_cli_test.sh b/.travis/apisix_cli_test.sh index a8e0389ed81c..72c513ce4c8d 100755 --- a/.travis/apisix_cli_test.sh +++ b/.travis/apisix_cli_test.sh @@ -67,6 +67,9 @@ echo "passed: nginx.conf file contains reuseport configuration" echo " apisix: ssl: + enable: true + ssl_cert: '../t/certs/apisix.crt' + ssl_cert_key: '../t/certs/apisix.key' listen_port: 8443 " > conf/config.yaml @@ -95,6 +98,9 @@ apisix: - 9081 - 9082 ssl: + enable: true + ssl_cert: '../t/certs/apisix.crt' + ssl_cert_key: '../t/certs/apisix.key' listen_port: - 9443 - 9444 @@ -252,6 +258,13 @@ git checkout conf/config.yaml echo " apisix: + ssl: + enable: true + ssl_cert: '../t/certs/apisix.crt' + ssl_cert_key: '../t/certs/apisix.key' + admin_api_mtls: + admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt' + admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key' port_admin: 9180 https_admin: true " > conf/config.yaml @@ -494,6 +507,14 @@ echo "passed: using env to set worker processes" # set worker processes with env git checkout conf/config.yaml +echo ' +apisix: + ssl: + enable: true + ssl_cert: "../t/certs/apisix.crt" + ssl_cert_key: "../t/certs/apisix.key" +' > conf/config.yaml + make init count=`grep -c "ssl_session_tickets off;" conf/nginx.conf || true ` @@ -506,6 +527,8 @@ echo ' apisix: ssl: enable: true + ssl_cert: "../t/certs/apisix.crt" + ssl_cert_key: "../t/certs/apisix.key" ssl_session_tickets: true ' > conf/config.yaml diff --git a/.travis/common.sh b/.travis/common.sh index 62760a6c7928..299b2bf60698 100644 --- a/.travis/common.sh +++ b/.travis/common.sh @@ -34,3 +34,16 @@ create_lua_deps() { sudo cp -r deps build-cache/ sudo cp rockspec/apisix-master-0.rockspec build-cache/ } + +enable_ssl() { + echo " + apisix: + ssl: + enable: true + ssl_cert: '../t/certs/apisix.crt' + ssl_cert_key: '../t/certs/apisix.key' + admin_api_mtls: + admin_ssl_cert: '../t/certs/mtls_client.crt' + admin_ssl_cert_key: '../t/certs/mtls_client.key' + " > conf/config.yaml +} diff --git a/.travis/linux_apisix_current_luarocks_runner.sh b/.travis/linux_apisix_current_luarocks_runner.sh index 71ea2e715f9a..4313116f52e0 100755 --- a/.travis/linux_apisix_current_luarocks_runner.sh +++ b/.travis/linux_apisix_current_luarocks_runner.sh @@ -27,6 +27,7 @@ do_install() { script() { export_or_prefix openresty -V + enable_ssl sudo rm -rf /usr/local/apisix diff --git a/.travis/linux_openresty_runner.sh b/.travis/linux_openresty_runner.sh index 686f0e081dc0..1be27eec00f1 100755 --- a/.travis/linux_openresty_runner.sh +++ b/.travis/linux_openresty_runner.sh @@ -101,6 +101,7 @@ script() { export_or_prefix openresty -V + enable_ssl ./build-cache/grpc_server_example & diff --git a/Makefile b/Makefile index 1f39acfe443b..9ac5c60e2d38 100644 --- a/Makefile +++ b/Makefile @@ -124,7 +124,6 @@ install: default $(INSTALL) conf/mime.types /usr/local/apisix/conf/mime.types $(INSTALL) conf/config.yaml /usr/local/apisix/conf/config.yaml $(INSTALL) conf/config-default.yaml /usr/local/apisix/conf/config-default.yaml - $(INSTALL) conf/cert/apisix.* /usr/local/apisix/conf/cert/ $(INSTALL) -d $(INST_LUADIR)/apisix $(INSTALL) apisix/*.lua $(INST_LUADIR)/apisix/ diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index d66b84e4fdf5..c53a4ca7f3b6 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -233,18 +233,12 @@ http { {%if https_admin then%} listen {* port_admin *} ssl; - {%if admin_api_mtls and admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert ~= "" and - admin_api_mtls.admin_ssl_cert_key and admin_api_mtls.admin_ssl_cert_key ~= "" and - admin_api_mtls.admin_ssl_ca_cert and admin_api_mtls.admin_ssl_ca_cert ~= "" - then%} - ssl_verify_client on; ssl_certificate {* admin_api_mtls.admin_ssl_cert *}; ssl_certificate_key {* admin_api_mtls.admin_ssl_cert_key *}; + {%if admin_api_mtls.admin_ssl_ca_cert and admin_api_mtls.admin_ssl_ca_cert ~= "" then%} + ssl_verify_client on; ssl_client_certificate {* admin_api_mtls.admin_ssl_ca_cert *}; - {% else %} - ssl_certificate cert/apisix_admin_ssl.crt; - ssl_certificate_key cert/apisix_admin_ssl.key; - {%end%} + {% end %} ssl_session_cache shared:SSL:20m; ssl_protocols {* ssl.ssl_protocols *}; @@ -323,8 +317,9 @@ http { {% end %} {% end %} {% -- if enable_ipv6 %} - ssl_certificate cert/apisix.crt; - ssl_certificate_key cert/apisix.key; + {% if ssl.enable then %} + ssl_certificate {* ssl.ssl_cert *}; + ssl_certificate_key {* ssl.ssl_cert_key *}; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; @@ -340,6 +335,7 @@ http { {% else %} ssl_session_tickets off; {% end %} + {% end %} {% if with_module_status then %} location = /apisix/nginx_status { @@ -382,9 +378,11 @@ http { } {% end %} + {% if ssl.enable then %} ssl_certificate_by_lua_block { apisix.http_ssl_phase() } + {% end %} location / { set $upstream_mirror_host ''; diff --git a/bin/apisix b/bin/apisix index eef0306f1be2..e257c6a2d8be 100755 --- a/bin/apisix +++ b/bin/apisix @@ -426,6 +426,19 @@ Please modify "admin_key" in conf/config.yaml . end end + admin_api_mtls = yaml_conf.apisix.admin_api_mtls + if yaml_conf.apisix.https_admin and not (admin_api_mtls and + admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert ~= "" and + admin_api_mtls.admin_ssl_cert_key and admin_api_mtls.admin_ssl_cert_key ~= "" ) then + error("missing ssl cert for https admin") + end + + ssl = yaml_conf.apisix.ssl + if ssl and ssl.enable and not ( + ssl.ssl_cert and ssl.ssl_cert ~= "" and + ssl.ssl_cert_key and ssl.ssl_cert_key ~= "") then + error("missing ssl cert for ssl") + end -- Using template.render local sys_conf = { diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 703741ac0e2c..f067078a11b0 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -101,12 +101,15 @@ apisix: dns_resolver_valid: 30 # valid time for dns result 30 seconds resolver_timeout: 5 # resolver timeout ssl: - enable: true + enable: false # ssl is disabled by default + # enable it to use your own cert and key enable_http2: true listen_port: 9443 # ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format # used to verify the certificate when APISIX needs to do SSL/TLS handshaking # with external services (e.g. etcd) + # ssl_cert: /path/to/ssl_cert + # ssl_cert_key: /path/to/ssl_cert_key ssl_protocols: "TLSv1.2 TLSv1.3" ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless. diff --git a/t/APISIX.pm b/t/APISIX.pm index 43de420b5546..a5492a4294fa 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -74,12 +74,12 @@ my $default_yaml_config = read_file("conf/config-default.yaml"); $default_yaml_config =~ s/#- example-plugin/- example-plugin/; my $user_yaml_config = read_file("conf/config.yaml"); -my $ssl_crt = read_file("conf/cert/apisix.crt"); -my $ssl_key = read_file("conf/cert/apisix.key"); -my $ssl_ecc_crt = read_file("conf/cert/apisix_ecc.crt"); -my $ssl_ecc_key = read_file("conf/cert/apisix_ecc.key"); -my $test2_crt = read_file("conf/cert/test2.crt"); -my $test2_key = read_file("conf/cert/test2.key"); +my $ssl_crt = read_file("t/certs/apisix.crt"); +my $ssl_key = read_file("t/certs/apisix.key"); +my $ssl_ecc_crt = read_file("t/certs/apisix_ecc.crt"); +my $ssl_ecc_key = read_file("t/certs/apisix_ecc.key"); +my $test2_crt = read_file("t/certs/test2.crt"); +my $test2_key = read_file("t/certs/test2.key"); $user_yaml_config = <<_EOC_; apisix: node_listen: 1984 diff --git a/t/admin/ssl.t b/t/admin/ssl.t index c8bda4c15dc3..4a4eaf37363c 100644 --- a/t/admin/ssl.t +++ b/t/admin/ssl.t @@ -30,8 +30,8 @@ __DATA__ local etcd = require("apisix.core.etcd") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -157,8 +157,8 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "foo.com"} local code, message, res = t.test('/apisix/admin/ssl', @@ -210,8 +210,8 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {sni = "foo.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -249,8 +249,8 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "*.foo.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -287,8 +287,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = { cert = ssl_cert, key = ssl_key, snis = {"*.foo.com", "bar.com"}, @@ -328,8 +328,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = { cert = ssl_cert, key = ssl_key, sni = "bar.com", @@ -371,8 +371,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/a-b-c-ABC_0123', @@ -401,8 +401,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/a-b-c-ABC_0123', @@ -430,8 +430,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/*invalid', @@ -459,10 +459,10 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") - local ssl_ecc_cert = t.read_file("conf/cert/apisix_ecc.crt") - local ssl_ecc_key = t.read_file("conf/cert/apisix_ecc.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") + local ssl_ecc_cert = t.read_file("t/certs/apisix_ecc.crt") + local ssl_ecc_key = t.read_file("t/certs/apisix_ecc.key") local data = { cert = ssl_cert, key = ssl_key, @@ -505,7 +505,7 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_ecc_cert = t.read_file("conf/cert/apisix_ecc.crt") + local ssl_ecc_cert = t.read_file("t/certs/apisix_ecc.crt") local data = { sni = "test.com", @@ -548,8 +548,8 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com", labels = { version = "v2", build = "16", env = "production"}} local code, body = t.test('/apisix/admin/ssl/1', @@ -592,8 +592,8 @@ passed local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com", labels = { env = {"production", "release"}}} local code, body = t.test('/apisix/admin/ssl/1', @@ -635,8 +635,8 @@ GET /t local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = { cert = ssl_cert, key = ssl_key, @@ -710,8 +710,8 @@ GET /t local etcd = require("apisix.core.etcd") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body, res = t.test('/apisix/admin/ssl', diff --git a/conf/cert/apisix.crt b/t/certs/apisix.crt similarity index 100% rename from conf/cert/apisix.crt rename to t/certs/apisix.crt diff --git a/conf/cert/apisix.key b/t/certs/apisix.key similarity index 100% rename from conf/cert/apisix.key rename to t/certs/apisix.key diff --git a/conf/cert/apisix_admin_ssl.crt b/t/certs/apisix_admin_ssl.crt similarity index 100% rename from conf/cert/apisix_admin_ssl.crt rename to t/certs/apisix_admin_ssl.crt diff --git a/conf/cert/apisix_admin_ssl.key b/t/certs/apisix_admin_ssl.key similarity index 100% rename from conf/cert/apisix_admin_ssl.key rename to t/certs/apisix_admin_ssl.key diff --git a/conf/cert/apisix_ecc.crt b/t/certs/apisix_ecc.crt similarity index 100% rename from conf/cert/apisix_ecc.crt rename to t/certs/apisix_ecc.crt diff --git a/conf/cert/apisix_ecc.key b/t/certs/apisix_ecc.key similarity index 100% rename from conf/cert/apisix_ecc.key rename to t/certs/apisix_ecc.key diff --git a/conf/cert/openssl-test2.conf b/t/certs/openssl-test2.conf similarity index 100% rename from conf/cert/openssl-test2.conf rename to t/certs/openssl-test2.conf diff --git a/conf/cert/openssl.conf b/t/certs/openssl.conf similarity index 100% rename from conf/cert/openssl.conf rename to t/certs/openssl.conf diff --git a/conf/cert/test2.crt b/t/certs/test2.crt similarity index 100% rename from conf/cert/test2.crt rename to t/certs/test2.crt diff --git a/conf/cert/test2.key b/t/certs/test2.key similarity index 100% rename from conf/cert/test2.key rename to t/certs/test2.key diff --git a/t/plugin/redirect.t b/t/plugin/redirect.t index 45dcb1e61370..616a657f2ff9 100644 --- a/t/plugin/redirect.t +++ b/t/plugin/redirect.t @@ -574,8 +574,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/1', diff --git a/t/router/multi-ssl-certs.t b/t/router/multi-ssl-certs.t index 6990ad925c22..f8a556e211be 100644 --- a/t/router/multi-ssl-certs.t +++ b/t/router/multi-ssl-certs.t @@ -32,8 +32,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -180,8 +180,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local ssl_key = t.read_file("conf/cert/test2.key") + local ssl_cert = t.read_file("t/certs/test2.crt") + local ssl_key = t.read_file("t/certs/test2.key") local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"} local code, body = t.test('/apisix/admin/ssl/2', @@ -265,8 +265,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix_admin_ssl.crt") - local ssl_key = t.read_file("conf/cert/apisix_admin_ssl.key") + local ssl_cert = t.read_file("t/certs/apisix_admin_ssl.crt") + local ssl_key = t.read_file("t/certs/apisix_admin_ssl.key") local data = {cert = ssl_cert, key = ssl_key, sni = "apisix.dev"} local code, body = t.test('/apisix/admin/ssl/3', diff --git a/t/router/radixtree-sni.t b/t/router/radixtree-sni.t index 88d3da60b6b7..7ce24f361e66 100644 --- a/t/router/radixtree-sni.t +++ b/t/router/radixtree-sni.t @@ -32,8 +32,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "www.test.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -220,8 +220,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "*.test.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -335,8 +335,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") local data = {cert = ssl_cert, key = ssl_key, sni = "test.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -450,8 +450,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local ssl_key = t.read_file("conf/cert/test2.key") + local ssl_cert = t.read_file("t/certs/test2.crt") + local ssl_key = t.read_file("t/certs/test2.key") local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -743,8 +743,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local ssl_key = t.read_file("conf/cert/test2.key") + local ssl_cert = t.read_file("t/certs/test2.crt") + local ssl_key = t.read_file("t/certs/test2.key") local data = {cert = ssl_cert, key = ssl_key, snis = {"test2.com", "*.test2.com"}} local code, body = t.test('/apisix/admin/ssl/1', @@ -873,8 +873,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local ssl_key = t.aes_encrypt(t.read_file("conf/cert/test2.key")) + local ssl_cert = t.read_file("t/certs/test2.crt") + local ssl_key = t.aes_encrypt(t.read_file("t/certs/test2.key")) local data = {cert = ssl_cert, key = ssl_key, snis = {"test2.com", "*.test2.com"}} local code, body = t.test('/apisix/admin/ssl/1', @@ -953,10 +953,10 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/apisix.crt") - local ssl_key = t.read_file("conf/cert/apisix.key") - local ssl_ecc_cert = t.read_file("conf/cert/apisix_ecc.crt") - local ssl_ecc_key = t.read_file("conf/cert/apisix_ecc.key") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") + local ssl_ecc_cert = t.read_file("t/certs/apisix_ecc.crt") + local ssl_ecc_key = t.read_file("t/certs/apisix_ecc.key") local data = { cert = ssl_cert, @@ -1084,8 +1084,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local ssl_key = t.read_file("conf/cert/test2.key") + local ssl_cert = t.read_file("t/certs/test2.crt") + local ssl_key = t.read_file("t/certs/test2.key") local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"} local code, body = t.test('/apisix/admin/ssl/1', @@ -1180,8 +1180,8 @@ location /t { local core = require("apisix.core") local t = require("lib.test_admin") - local ssl_cert = t.read_file("conf/cert/test2.crt") - local raw_ssl_key = t.read_file("conf/cert/test2.key") + local ssl_cert = t.read_file("t/certs/test2.crt") + local raw_ssl_key = t.read_file("t/certs/test2.key") local ssl_key = t.aes_encrypt(raw_ssl_key) local data = { certs = { ssl_cert },