Configuring ssl for dashboard with env-file

markus.wiedmer · May 17, 2022, 1:41pm

We’re trying to set up tyk dashboard as inside docker configured by env-file. Most properties work fine but I’m unsure how to set the certificates for ssl-usage that way since the examples on the documentation are only for the conf-file.

What we’re trying is declare it like this:
TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES=domain_name:*.banana.com,cert_file:/opt/tyk/dashboard/cert.pem,key_file:/opt/tyk-dashboard/cert.pem.key

(they actual cert-files are mounted inside the container and I’ve checked that they’re actually there, but dashboard quit with the following error:

“level=info msg=”–> Using SSL (https) for dashboard and API"
"level=fatal msg=“Server error: loadkeys: open : no such file or directory”

Can anybody give me a hint what I’m doing wrong?

Olu · May 17, 2022, 1:54pm

Hi @markus.wiedmer, welcome to the community. Can you try using the environment variable below and let us know how it goes

TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES_DOMAINNAMES=<domain_name>
TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES_CERTFILE=
TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES_KEYFILE=

markus.wiedmer · May 17, 2022, 2:19pm

thx for your reply. If I do that I get the following error, so I guess the server is not evaluationg those properties at all:

time=“May 17 14:26:15” level=panic msg=“Server creation failed! tls: neither Certificates, GetCertificate, nor GetConfigForClient set in Config”
panic: (*logrus.Entry) 0xc0005ca770

Olu · May 17, 2022, 3:22pm

I would suggest to try removing the last S in DOMAINNAMES and try again. Maybe it could work.

TYK_DB_HTTPSERVEROPTIONS_CERTIFICATES_DOMAINNAME

A quick search brought up the suggestion but I am not sure I can find a reference to it anywhere. I would have to ask internally and get back to you.

Kindly let me know if if that small change resolved it.

markus.wiedmer · May 18, 2022, 5:58am

Unfortunately, that doesn’t seem to resolve the problem either. I think the sensible step for us will be to switch to mounting the full conf-file instead of using an env-File, since that seems to be most common way.

Olu · May 19, 2022, 8:22am

I agree with you. Mounting the config file is the way to get around it at the moment. I have checked internally and we are working on this but no finalized ETA. I will update this thread once I get feedback