TLS Strategy¶
TLS Strategy waits for one or more files to exist in the container and uses them
and other details to construct a tls.Config which can be used to create secure
connections.
It supports:
- x509 PEM Certificate loaded from a certificate / key file pair.
- Root Certificate Authorities aka RootCAs loaded from PEM encoded files.
- Server name.
- Startup timeout to be used in seconds, default is 60 seconds.
- Poll interval to be used in milliseconds, default is 100 milliseconds.
Waiting for certificate pair¶
The following snippets show how to configure a request to wait for certificate
pair to exist once started and then read the
tls.Config, alongside how to copy a test
certificate pair into a container image using a Dockerfile.
It should be noted that copying certificate pairs into an images is only an example which might be useful for testing with testcontainers-go and should not be done with production images as that could expose your certificates if your images become public.
// The file names passed to ForTLSCert are the paths where the files will
// be copied to in the container as detailed by the Dockerfile.
forCert := wait.ForTLSCert("/app/tls.pem", "/app/tls-key.pem").
WithServerName("testcontainer.go.test")
c, err := testcontainers.Run(ctx, "",
testcontainers.WithDockerfile(testcontainers.FromDockerfile{
Context: filepath.Join("testdata", "http"),
}),
testcontainers.WithWaitStrategy(forCert),
)
config := forCert.TLSConfig()
FROM golang:1.25-alpine@sha256:8e02eb337d9e0ea459e041f1ee5eece41cbb61f1d83e7d883a3e2fb4862063fa as builder
WORKDIR /app
COPY . .
RUN mkdir -p dist
RUN go build -o ./dist/server main.go
FROM alpine
WORKDIR /app
COPY --from=builder /app/tls.pem /app/tls-key.pem ./
COPY --from=builder /app/dist/server .
EXPOSE 6443
CMD ["/app/server"]