Skip to content

Commit b91d300

Browse files
authored
add: secure connection for docker compose (#2344)
Signed-off-by: Viet Nguyen Duc <[email protected]>
1 parent 9ba062a commit b91d300

36 files changed

+750
-287
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,3 +153,4 @@ ENV/
153153
/charts/*/**.lock
154154
/charts/*.tgz
155155
/charts/*/RELEASE_NOTES.md
156+
Base/certs

Base/Dockerfile

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
9090
#==========
9191
# Selenium & relaxing permissions for OpenShift and other non-sudo environments
9292
#==========
93-
&& mkdir -p /opt/selenium /opt/selenium/assets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
93+
&& mkdir -p /opt/selenium /opt/selenium/assets /opt/selenium/secrets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
9494
${HOME}/.mozilla ${HOME}/.vnc ${HOME}/.pki/nssdb \
9595
# NSSDB initialization with an empty password
9696
&& certutil -d sql:${HOME}/.pki/nssdb -N --empty-password \
@@ -134,11 +134,20 @@ COPY --chown="${SEL_UID}:${SEL_GID}" check-grid.sh entry_point.sh configs/node/n
134134
#======================================
135135
COPY supervisord.conf /etc
136136

137+
#===================================================
138+
# Add the default self-signed certificate to the bundle CA
139+
#===================================================
140+
ARG CERT_TRUST_ATTR=TCu,Cu,Tu
141+
COPY --chown="${SEL_UID}:${SEL_GID}" certs/add-cert-helper.sh certs/add-jks-helper.sh /opt/bin/
142+
COPY --chown="${SEL_UID}:${SEL_GID}" certs/tls.crt certs/tls.key certs/server.jks certs/server.pass /opt/selenium/secrets/
143+
137144
#===================================================
138145
# Run the following commands as non-privileged user
139146
#===================================================
140147
USER ${SEL_UID}:${SEL_GID}
141148

149+
RUN /opt/bin/add-jks-helper.sh -d /opt/selenium/secrets \
150+
&& /opt/bin/add-cert-helper.sh -d /opt/selenium/secrets ${CERT_TRUST_ATTR}
142151
#======================================
143152
# Configure environement
144153
#======================================
@@ -150,6 +159,11 @@ ENV SE_BIND_HOST=false \
150159
SE_OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED=true \
151160
SE_OTEL_TRACES_EXPORTER="otlp" \
152161
SE_SUPERVISORD_LOG_LEVEL="info" \
153-
SE_OPT_BIN="/opt/bin"
162+
SE_ENABLE_TLS=false \
163+
SE_JAVA_SSL_TRUST_STORE="/opt/selenium/secrets/server.jks" \
164+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="/opt/selenium/secrets/server.pass" \
165+
SE_JAVA_DISABLE_HOSTNAME_VERIFICATION=true \
166+
SE_HTTPS_CERTIFICATE="/opt/selenium/secrets/tls.crt" \
167+
SE_HTTPS_PRIVATE_KEY="/opt/selenium/secrets/tls.key"
154168

155169
CMD ["/opt/bin/entry_point.sh"]

Base/entry_point.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#!/usr/bin/env bash
22

3-
NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-$SE_OPT_BIN}
3+
NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-"/opt/bin"}
44
#==============================================
55
# OpenShift or non-sudo environments support
66
# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines

Distributor/start-selenium-grid-distributor.sh

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -69,23 +69,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
6969
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
7070
fi
7171

72-
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
73-
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
74-
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
75-
fi
76-
77-
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
78-
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
79-
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
80-
fi
81-
82-
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
83-
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
84-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
85-
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
86-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
87-
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
88-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
72+
if [ "${SE_ENABLE_TLS}" = "true" ]; then
73+
# Configure truststore for the server
74+
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
75+
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
76+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
77+
fi
78+
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
79+
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
80+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
81+
fi
82+
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
83+
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
84+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
85+
fi
86+
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
87+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
88+
# Configure certificate and private key for component communication
89+
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
90+
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
91+
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
92+
fi
93+
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
94+
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
95+
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
96+
fi
8997
fi
9098

9199
if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

EventBus/start-selenium-grid-eventbus.sh

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -34,23 +34,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
3434
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
3535
fi
3636

37-
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
38-
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
39-
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
40-
fi
41-
42-
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
43-
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
44-
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
45-
fi
46-
47-
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
48-
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
49-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
50-
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
51-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
52-
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
53-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
37+
if [ "${SE_ENABLE_TLS}" = "true" ]; then
38+
# Configure truststore for the server
39+
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
40+
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
41+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
42+
fi
43+
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
44+
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
45+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
46+
fi
47+
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
48+
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
49+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
50+
fi
51+
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
52+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
53+
# Configure certificate and private key for component communication
54+
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
55+
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
56+
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
57+
fi
58+
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
59+
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
60+
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
61+
fi
5462
fi
5563

5664
EXTRA_LIBS=""

Hub/start-selenium-grid-hub.sh

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -37,23 +37,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
3737
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
3838
fi
3939

40-
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
41-
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
42-
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
43-
fi
44-
45-
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
46-
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
47-
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
48-
fi
49-
50-
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
51-
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
52-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
53-
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
54-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
55-
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
56-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
40+
if [ "${SE_ENABLE_TLS}" = "true" ]; then
41+
# Configure truststore for the server
42+
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
43+
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
44+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
45+
fi
46+
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
47+
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
48+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
49+
fi
50+
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
51+
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
52+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
53+
fi
54+
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
55+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
56+
# Configure certificate and private key for component communication
57+
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
58+
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
59+
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
60+
fi
61+
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
62+
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
63+
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
64+
fi
5765
fi
5866

5967
if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

Makefile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,8 @@ ci: build test
6969

7070
base:
7171
rm -rf ./Base/configs/node && mkdir -p ./Base/configs/node && cp -r ./charts/selenium-grid/configs/node ./Base/configs
72+
rm -rf ./Base/certs && cp -r ./charts/selenium-grid/certs ./Base
73+
./Base/certs/gen-cert-helper.sh -d ./Base/certs
7274
cd ./Base && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg VERSION=$(BASE_VERSION) --build-arg RELEASE=$(BASE_RELEASE) --build-arg AUTHORS=$(AUTHORS) -t $(NAME)/base:$(TAG_VERSION) .
7375

7476
base_nightly:
@@ -554,6 +556,8 @@ test_chromium_standalone:
554556

555557
test_parallel: hub chrome firefox edge chromium
556558
sudo rm -rf ./tests/tests
559+
sudo rm -rf ./tests/videos; mkdir -p ./tests/videos
560+
sudo cp -r ./charts/selenium-grid/certs ./tests/videos
557561
for node in DeploymentAutoscaling JobAutoscaling ; do \
558562
cd ./tests || true ; \
559563
echo TAG=$(TAG_VERSION) > .env ; \
@@ -571,6 +575,8 @@ test_parallel: hub chrome firefox edge chromium
571575
echo NODE_CHROME=chromium >> .env ; \
572576
fi; \
573577
echo TEST_PLATFORMS=$(PLATFORMS) >> .env ; \
578+
echo SELENIUM_GRID_PROTOCOL=https >> .env ; \
579+
echo CHART_CERT_PATH=$$(readlink -f ./videos/certs/tls.crt) >> .env ; \
574580
export $$(cat .env | xargs) ; \
575581
DOCKER_DEFAULT_PLATFORM=$(PLATFORMS) docker compose --profile $(PLATFORMS) -f docker-compose-v3-test-parallel.yml up -d --no-log-prefix ; \
576582
RUN_IN_DOCKER_COMPOSE=true bash ./bootstrap.sh $$node ; \

NodeBase/start-selenium-node.sh

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -76,23 +76,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
7676
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
7777
fi
7878

79-
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
80-
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
81-
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
82-
fi
83-
84-
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
85-
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
86-
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
87-
fi
88-
89-
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
90-
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
91-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
92-
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
93-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
94-
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
95-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
79+
if [ "${SE_ENABLE_TLS}" = "true" ]; then
80+
# Configure truststore for the server
81+
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
82+
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
83+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
84+
fi
85+
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
86+
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
87+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
88+
fi
89+
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
90+
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
91+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
92+
fi
93+
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
94+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
95+
# Configure certificate and private key for component communication
96+
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
97+
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
98+
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
99+
fi
100+
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
101+
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
102+
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
103+
fi
96104
fi
97105

98106
if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

NodeDocker/start-selenium-grid-docker.sh

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -44,23 +44,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
4444
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
4545
fi
4646

47-
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
48-
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
49-
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
50-
fi
51-
52-
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
53-
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
54-
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
55-
fi
56-
57-
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
58-
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
59-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
60-
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
61-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
62-
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
63-
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
47+
if [ "${SE_ENABLE_TLS}" = "true" ]; then
48+
# Configure truststore for the server
49+
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
50+
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
51+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
52+
fi
53+
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
54+
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
55+
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
56+
fi
57+
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
58+
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
59+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
60+
fi
61+
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
62+
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
63+
# Configure certificate and private key for component communication
64+
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
65+
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
66+
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
67+
fi
68+
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
69+
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
70+
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
71+
fi
6472
fi
6573

6674
EXTRA_LIBS=""

0 commit comments

Comments
 (0)