当前位置: 文江博客话题详情

在我的AWS Canary Puppeteer脚本中安装SSL证书

发布于 2025-01-17 08:41:37 字数 853 浏览 1 评论 0原文

我正在尝试编写一个用于测试我的API的脚本,该脚本已在CloudWatch Synthetics(Canary)中部署在AWS EKS中。 但是我看不到将我的证书和键以及我的API请求以及我的API请求以及键的规定。

如何与API的请求标头一起插入证书? 在我的本地,我使用FS附加证书并将其附加到Axios标题。 如果需要在Puppeteer脚本中附加证书,我该如何实现?

引用的错误消息

错误:请求失败。请求: httpps://myapirequestdns.com/com/api/api/api/api/api/v1.0/testeroute/testeroute/testeroute/testeroute/testeroute/testeroute/testroute/testeroute/testerute/ /a> 错误:失败原因:错误:读取Econnreset堆栈:错误:tlswrap.callbacktrampoline(internal/async_hooks.js:130:130:130:17)

读取tlswrap.unstreamread(nestern/stream_base_commons.js:209:20)的读取econnreset
原文

I am trying to write a script for testing my API which is deployed in AWS EKS in Cloudwatch synthetics (Canary).
But I don't see the provision to add my certificate and key along with my API request.

How can I insert certificate along with the request header of the API?
In my local I am appending the certificates using fs and append it to the axios headers.
If the certificate needs to be append in puppeteer script, how can I achieve it?

Error message for reference

ERROR: Request failed. Request: https://myapirequestdns.com/api/v1.0/testroute/testdomain
ERROR: Failure reason: Error: read ECONNRESET Stack: Error: read ECONNRESET at TLSWrap.onStreamRead (internal/stream_base_commons.js:209:20) at TLSWrap.callbackTrampoline (internal/async_hooks.js:130:17)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

滥情哥ㄟ 2025-01-24 08:41:37

这是我们在运行syn-nodejs-puppeTeer-3.5检索并使用AWS Secrets Manager的CADERIVE和使用CA的Canary函数顶部使用的代码:

const synthetics = require('Synthetics');
const log = require('SyntheticsLogger');
const syntheticsConfiguration = synthetics.getConfiguration();

const AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});
const secretsManager = new AWS.SecretsManager();

// We need to load a client certificate to authenticate to endpoints that require mTLS, specified in these env variables
const secretName    = process.env.SECRET_NAME
const keyItemName   = process.env.KEY_ITEM_NAME
const certItemName  = process.env.CERT_ITEM_NAME
const caItemName    = process.env.CA_ITEM_NAME

// Function to retrieve specified key/cert from specified secret and return them as plain strings
const getKeyAndCertAndCA = async function () {
  // Retrieve secret
  const data    = await secretsManager.getSecretValue({SecretId: process.env.SECRET_NAME}).promise();
  // Turn secret string into object
  const secret  = JSON.parse(data.SecretString);
  // Base64 decode the cert and key and return them
  const key     = Buffer.from(secret[keyItemName], 'base64').toString('ascii');
  const cert    = Buffer.from(secret[certItemName], 'base64').toString('ascii');
  const ca      = Buffer.from(secret[caItemName], 'base64').toString('ascii');
  return [ key, cert, ca ];
}

然后apicanaryblueprint功能,加载键/cert/ca

const apiCanaryBlueprint = async function () {
    // Load TLS client cert and key for calls requiring TLS
    const [ key, cert, ca ] = await getKeyAndCertAndCA();

,然后在设置request> requestOptions时,指定键>键certca参数:

      let requestOptions = {
          hostname: url.host,
          method: 'GET',
          path: url.path,
          port: '443',
          protocol: 'https:',
          body: "",
          headers: {},
          key: key,
          cert: cert,
          ca: ca
          };
  • 您必须配置金丝雀环境变量以指定秘密名称以及哪些键(不是私钥)证书,私钥和CA存储在秘密中;
  • 该秘密项目必须具有证书,私钥和CA为基本64字符串。

This is the code we use at the top of our canary function running syn-nodejs-puppeteer-3.5 to retrieve and use a certificate, private key, and CA from AWS secrets manager:

const synthetics = require('Synthetics');
const log = require('SyntheticsLogger');
const syntheticsConfiguration = synthetics.getConfiguration();

const AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});
const secretsManager = new AWS.SecretsManager();

// We need to load a client certificate to authenticate to endpoints that require mTLS, specified in these env variables
const secretName    = process.env.SECRET_NAME
const keyItemName   = process.env.KEY_ITEM_NAME
const certItemName  = process.env.CERT_ITEM_NAME
const caItemName    = process.env.CA_ITEM_NAME

// Function to retrieve specified key/cert from specified secret and return them as plain strings
const getKeyAndCertAndCA = async function () {
  // Retrieve secret
  const data    = await secretsManager.getSecretValue({SecretId: process.env.SECRET_NAME}).promise();
  // Turn secret string into object
  const secret  = JSON.parse(data.SecretString);
  // Base64 decode the cert and key and return them
  const key     = Buffer.from(secret[keyItemName], 'base64').toString('ascii');
  const cert    = Buffer.from(secret[certItemName], 'base64').toString('ascii');
  const ca      = Buffer.from(secret[caItemName], 'base64').toString('ascii');
  return [ key, cert, ca ];
}

Then, just inside the apiCanaryBlueprint function, load the key/cert/CA

const apiCanaryBlueprint = async function () {
    // Load TLS client cert and key for calls requiring TLS
    const [ key, cert, ca ] = await getKeyAndCertAndCA();

and then later, when setting requestOptions, specify the key, cert, and ca parameters:

      let requestOptions = {
          hostname: url.host,
          method: 'GET',
          path: url.path,
          port: '443',
          protocol: 'https:',
          body: "",
          headers: {},
          key: key,
          cert: cert,
          ca: ca
          };
  • You must configure your canary environment variables to specify the secret name and what keys (not private key) the certificate, private key, and CA are stored under within the secret;
  • The secret item must have the cert, private key, and CA included as base64 strings.
回复 原文
~没有更多了~

关于作者

送君千里

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文