dev: manage SSL certificate better
This commit is contained in:
mcolonna
parent
2d673aa016
commit
7b0baf20fb
5 changed files with 70 additions and 89 deletions
69
Makefile
69
Makefile
|
|
@ -3,12 +3,18 @@
|
|||
BUILD_PATH=__build/
|
||||
|
||||
DOCKER=docker
|
||||
MKTEMP=mktemp
|
||||
|
||||
DOMAIN=mcolonna.42.fr
|
||||
|
||||
SRC_COMPOSE=srcs/
|
||||
SRC_WWW_MORE=srcs/www/
|
||||
CERT_PATH=srcs/__cert/
|
||||
CERT_PATH_FILES=$(addprefix $(CERT_PATH), ca.pem cert.key cert.crt )
|
||||
|
||||
.ONESHELL :
|
||||
.SHELLFLAGS = -eu -c
|
||||
.PHONY : run reset re help
|
||||
.PHONY : run reset re cert_reset cert_re help
|
||||
|
||||
### pretty logs ####
|
||||
|
||||
|
|
@ -22,7 +28,7 @@ _ECHO = echoo(){ \
|
|||
|
||||
|
||||
## Run the compose.
|
||||
run :
|
||||
run : $(CERT_PATH_FILES)
|
||||
@$(_ECHO)
|
||||
|
||||
echoo "Running '$(SRC_COMPOSE)'..."
|
||||
|
|
@ -48,6 +54,61 @@ re : reset run
|
|||
echo "run \`make\` or \`make run\` to run the docker."
|
||||
|
||||
|
||||
## Create the SSL certificate.
|
||||
cert : $(CERT_PATH_FILES)
|
||||
|
||||
$(CERT_PATH_FILES) :
|
||||
@$(_ECHO)
|
||||
|
||||
echoo "Creating SSL certificate files..."
|
||||
mkdir -p $(CERT_PATH)
|
||||
cd $(CERT_PATH)
|
||||
|
||||
echoo " -> Creating CA..."
|
||||
# Create local CA
|
||||
TMP_CA_KEY=$$($(MKTEMP))
|
||||
openssl genrsa -out $$TMP_CA_KEY 2048
|
||||
openssl req -x509 -new -nodes -key $$TMP_CA_KEY -sha256 -days 1825 -out ca.pem
|
||||
|
||||
echoo " -> Creating certificate for $(DOMAIN)..."
|
||||
# Create certificate for $(DOMAIN)
|
||||
openssl genrsa -out "cert.key" 2048
|
||||
TMP_CA_CSR=$$($(MKTEMP))
|
||||
openssl req -new -key cert.key -out $$TMP_CA_CSR
|
||||
TMP_EXT=$$($(MKTEMP))
|
||||
>>$$TMP_EXT echo "authorityKeyIdentifier=keyid,issuer"
|
||||
>>$$TMP_EXT echo "basicConstraints=CA:FALSE"
|
||||
>>$$TMP_EXT echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment"
|
||||
>>$$TMP_EXT echo "subjectAltName = @alt_names"
|
||||
>>$$TMP_EXT echo ""
|
||||
>>$$TMP_EXT echo "[alt_names]"
|
||||
>>$$TMP_EXT echo "DNS.1 = $(DOMAIN)"
|
||||
openssl x509 -req -in $$TMP_CA_CSR -CA ca.pem -CAkey $$TMP_CA_KEY \
|
||||
-CAcreateserial -out cert.crt -days 825 -sha256 -extfile $$TMP_EXT
|
||||
|
||||
rm $$TMP_CA_KEY $$TMP_CA_CSR $$TMP_EXT
|
||||
|
||||
echo
|
||||
echo "====="
|
||||
echo "to avoid \"this website was self-signed\" warnings,"
|
||||
echo "install $(CERT_PATH)/ca.pem on whatever you need i guess"
|
||||
echo "====="
|
||||
echo
|
||||
|
||||
cd -
|
||||
|
||||
|
||||
## Remove the SSL certificate.
|
||||
cert_reset :
|
||||
@$(_ECHO)
|
||||
echoo "Removing SSL certificate files..."
|
||||
rm -rf $(CERT_PATH)
|
||||
|
||||
|
||||
## 'cert_reset' then 'cert'
|
||||
cert_re : cert_reset $(CERT_PATH_FILES)
|
||||
|
||||
|
||||
## Show help
|
||||
help :
|
||||
@$(_ECHO)
|
||||
|
|
@ -57,3 +118,7 @@ help :
|
|||
echo "reset Remove all content of the website."
|
||||
echo "re 'reset' then 'run'."
|
||||
echo
|
||||
echo "cert Create the SSL certificate."
|
||||
echo "cert_reset Remove the SSL certificate."
|
||||
echo "cert_re 'cert_reset' then 'cert'."
|
||||
echo
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue