d04e7e6cef
* add basic e2e tests * add e2e to ci * fix docker pull * fix images in ci * maybe this will help * push latest on main for e2e * fix e2e on main * rename jobs
62 lines
1.5 KiB
Bash
62 lines
1.5 KiB
Bash
#!/bin/sh
|
|
set -eu
|
|
|
|
CERT_DIR="${CERT_DIR:-/certs}"
|
|
|
|
mkdir -p "$CERT_DIR"
|
|
|
|
if [ -f "$CERT_DIR/rootCA.pem" ] && [ -f "$CERT_DIR/rootCA.key" ] && [ -f "$CERT_DIR/kemkas.pem" ] && [ -f "$CERT_DIR/kemkas.key" ]; then
|
|
echo "Using existing TLS material from $CERT_DIR"
|
|
exit 0
|
|
fi
|
|
|
|
apk add --no-cache openssl >/dev/null
|
|
|
|
cat > /tmp/kemkas-server.cnf <<'EOF'
|
|
[req]
|
|
default_bits = 2048
|
|
prompt = no
|
|
default_md = sha256
|
|
distinguished_name = dn
|
|
req_extensions = req_ext
|
|
|
|
[dn]
|
|
CN = localhost
|
|
|
|
[req_ext]
|
|
subjectAltName = @alt_names
|
|
keyUsage = digitalSignature, keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
|
|
[alt_names]
|
|
DNS.1 = localhost
|
|
DNS.2 = proxy
|
|
DNS.3 = host.docker.internal
|
|
IP.1 = 127.0.0.1
|
|
IP.2 = ::1
|
|
EOF
|
|
|
|
cat > /tmp/kemkas-v3.ext <<'EOF'
|
|
authorityKeyIdentifier=keyid,issuer
|
|
basicConstraints=CA:FALSE
|
|
keyUsage=digitalSignature,keyEncipherment
|
|
extendedKeyUsage=serverAuth
|
|
subjectAltName=@alt_names
|
|
|
|
[alt_names]
|
|
DNS.1=localhost
|
|
DNS.2=proxy
|
|
DNS.3=host.docker.internal
|
|
IP.1=127.0.0.1
|
|
IP.2=::1
|
|
EOF
|
|
|
|
openssl genrsa -out "$CERT_DIR/rootCA.key" 2048
|
|
openssl req -x509 -new -nodes -key "$CERT_DIR/rootCA.key" -sha256 -days 3650 -subj "/CN=kemkas-local-root" -out "$CERT_DIR/rootCA.pem"
|
|
|
|
openssl genrsa -out "$CERT_DIR/kemkas.key" 2048
|
|
openssl req -new -key "$CERT_DIR/kemkas.key" -out /tmp/kemkas.csr -config /tmp/kemkas-server.cnf
|
|
openssl x509 -req -in /tmp/kemkas.csr -CA "$CERT_DIR/rootCA.pem" -CAkey "$CERT_DIR/rootCA.key" -CAcreateserial -out "$CERT_DIR/kemkas.pem" -days 825 -sha256 -extfile /tmp/kemkas-v3.ext
|
|
|
|
echo "Generated TLS CA and nginx certificate under $CERT_DIR"
|