问题
I'm having trouble setting up laravels passport on aws elastic beanstalk. The eb client is set up correctly and I can deploy code changes. No errors are shown.
However making requests to laravel results in error 500 afterwards, telling me I'm missing the passport keys in "app/current/storage/oauth-public.key\". Locally everything runs fine.
I guess I'm missing the artisan command "php artisan passport:install", so I added it in the composer file:
"post-install-cmd": [
"Illuminate\\Foundation\\ComposerScripts::postInstall",
"@php artisan passport:install"
]
But apparently it does not create the keys.
Either the post-install hook is not executed after running eb deploy, or there is another error that does not let me create the key file (missing writing permission?)
How can I verify that the post-install hook is executed? Anyone had a similar issue?
I followed the suggestions in this issue but so far it did not help: https://github.com/laravel/passport/issues/418
UPDATE: I sshed into the app and tried to run php artisan passport:install manually, which resulted in an error. I had to give permissions first to the folder (sudo chmod -R 777 storage) then it worked. Unfortunatly the keys are deleted everytime I run eb deploy, so I would have to redo these steps every time - pretty cumbersome. Anyone has found a good way to automate this?
回答1:
Apparently this PR https://github.com/laravel/passport/pull/683 made possible to pass the keys by envvars.
/*
|--------------------------------------------------------------------------
| Encryption Keys
|--------------------------------------------------------------------------
|
| Passport uses encryption keys while generating secure access tokens for
| your application. By default, the keys are stored as local files but
| can be set via environment variables when that is more convenient.
|
*/
'private_key' => env('PASSPORT_PRIVATE_KEY'),
'public_key' => env('PASSPORT_PUBLIC_KEY'),
I didn't test it yet but I will soon.
Update
We tried it and we hit the envvars size limit of 4K: https://forums.aws.amazon.com/thread.jspa?messageID=618423򖾷
At the end, we ended up using our CI instead.
回答2:
Add a file or command within your .ebextensions folder (in the root of your project) which will create new keys when you deploy.
container_commands:
01_passport_install:
command: "php artisan passport:keys --force"
This has advantages and disadvantages :
- CONS it will log all users out, or throw a 401 error, when you deploy a new version of your code to Beanstalk
- PROS this is by far the quickest secure way to handle this problem
回答3:
The trick is to use different .ebignore and .gitignore files.
- Generate the keys in local environment.
- Ignore it in .gitignore (/storage/*.keys)
- Allow it in .ebignore (#/storage/*.keys)
So keys will not be tracked in git, but still uploading to elasticbeanstalk with eb deploy command.
来源:https://stackoverflow.com/questions/52819903/laravel-passport-missing-keys-after-deployment-to-aws