dev: manage SSL certificate better
This commit is contained in:
mcolonna
parent
2d673aa016
commit
7b0baf20fb
5 changed files with 70 additions and 89 deletions
69
Makefile
69
Makefile
|
|
@ -3,12 +3,18 @@
|
||||||
BUILD_PATH=__build/
|
BUILD_PATH=__build/
|
||||||
|
|
||||||
DOCKER=docker
|
DOCKER=docker
|
||||||
|
MKTEMP=mktemp
|
||||||
|
|
||||||
|
DOMAIN=mcolonna.42.fr
|
||||||
|
|
||||||
SRC_COMPOSE=srcs/
|
SRC_COMPOSE=srcs/
|
||||||
SRC_WWW_MORE=srcs/www/
|
SRC_WWW_MORE=srcs/www/
|
||||||
|
CERT_PATH=srcs/__cert/
|
||||||
|
CERT_PATH_FILES=$(addprefix $(CERT_PATH), ca.pem cert.key cert.crt )
|
||||||
|
|
||||||
.ONESHELL :
|
.ONESHELL :
|
||||||
.SHELLFLAGS = -eu -c
|
.SHELLFLAGS = -eu -c
|
||||||
.PHONY : run reset re help
|
.PHONY : run reset re cert_reset cert_re help
|
||||||
|
|
||||||
### pretty logs ####
|
### pretty logs ####
|
||||||
|
|
||||||
|
|
@ -22,7 +28,7 @@ _ECHO = echoo(){ \
|
||||||
|
|
||||||
|
|
||||||
## Run the compose.
|
## Run the compose.
|
||||||
run :
|
run : $(CERT_PATH_FILES)
|
||||||
@$(_ECHO)
|
@$(_ECHO)
|
||||||
|
|
||||||
echoo "Running '$(SRC_COMPOSE)'..."
|
echoo "Running '$(SRC_COMPOSE)'..."
|
||||||
|
|
@ -48,6 +54,61 @@ re : reset run
|
||||||
echo "run \`make\` or \`make run\` to run the docker."
|
echo "run \`make\` or \`make run\` to run the docker."
|
||||||
|
|
||||||
|
|
||||||
|
## Create the SSL certificate.
|
||||||
|
cert : $(CERT_PATH_FILES)
|
||||||
|
|
||||||
|
$(CERT_PATH_FILES) :
|
||||||
|
@$(_ECHO)
|
||||||
|
|
||||||
|
echoo "Creating SSL certificate files..."
|
||||||
|
mkdir -p $(CERT_PATH)
|
||||||
|
cd $(CERT_PATH)
|
||||||
|
|
||||||
|
echoo " -> Creating CA..."
|
||||||
|
# Create local CA
|
||||||
|
TMP_CA_KEY=$$($(MKTEMP))
|
||||||
|
openssl genrsa -out $$TMP_CA_KEY 2048
|
||||||
|
openssl req -x509 -new -nodes -key $$TMP_CA_KEY -sha256 -days 1825 -out ca.pem
|
||||||
|
|
||||||
|
echoo " -> Creating certificate for $(DOMAIN)..."
|
||||||
|
# Create certificate for $(DOMAIN)
|
||||||
|
openssl genrsa -out "cert.key" 2048
|
||||||
|
TMP_CA_CSR=$$($(MKTEMP))
|
||||||
|
openssl req -new -key cert.key -out $$TMP_CA_CSR
|
||||||
|
TMP_EXT=$$($(MKTEMP))
|
||||||
|
>>$$TMP_EXT echo "authorityKeyIdentifier=keyid,issuer"
|
||||||
|
>>$$TMP_EXT echo "basicConstraints=CA:FALSE"
|
||||||
|
>>$$TMP_EXT echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment"
|
||||||
|
>>$$TMP_EXT echo "subjectAltName = @alt_names"
|
||||||
|
>>$$TMP_EXT echo ""
|
||||||
|
>>$$TMP_EXT echo "[alt_names]"
|
||||||
|
>>$$TMP_EXT echo "DNS.1 = $(DOMAIN)"
|
||||||
|
openssl x509 -req -in $$TMP_CA_CSR -CA ca.pem -CAkey $$TMP_CA_KEY \
|
||||||
|
-CAcreateserial -out cert.crt -days 825 -sha256 -extfile $$TMP_EXT
|
||||||
|
|
||||||
|
rm $$TMP_CA_KEY $$TMP_CA_CSR $$TMP_EXT
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "====="
|
||||||
|
echo "to avoid \"this website was self-signed\" warnings,"
|
||||||
|
echo "install $(CERT_PATH)/ca.pem on whatever you need i guess"
|
||||||
|
echo "====="
|
||||||
|
echo
|
||||||
|
|
||||||
|
cd -
|
||||||
|
|
||||||
|
|
||||||
|
## Remove the SSL certificate.
|
||||||
|
cert_reset :
|
||||||
|
@$(_ECHO)
|
||||||
|
echoo "Removing SSL certificate files..."
|
||||||
|
rm -rf $(CERT_PATH)
|
||||||
|
|
||||||
|
|
||||||
|
## 'cert_reset' then 'cert'
|
||||||
|
cert_re : cert_reset $(CERT_PATH_FILES)
|
||||||
|
|
||||||
|
|
||||||
## Show help
|
## Show help
|
||||||
help :
|
help :
|
||||||
@$(_ECHO)
|
@$(_ECHO)
|
||||||
|
|
@ -57,3 +118,7 @@ help :
|
||||||
echo "reset Remove all content of the website."
|
echo "reset Remove all content of the website."
|
||||||
echo "re 'reset' then 'run'."
|
echo "re 'reset' then 'run'."
|
||||||
echo
|
echo
|
||||||
|
echo "cert Create the SSL certificate."
|
||||||
|
echo "cert_reset Remove the SSL certificate."
|
||||||
|
echo "cert_re 'cert_reset' then 'cert'."
|
||||||
|
echo
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
volumes:
|
volumes:
|
||||||
- www:/www:ro
|
- www:/www:ro
|
||||||
|
- ./__cert:/cert:ro
|
||||||
# domainname: mcolonna.42.fr # TODO(vm) useful? # TODO(any)(nocopy)
|
# domainname: mcolonna.42.fr # TODO(vm) useful? # TODO(any)(nocopy)
|
||||||
|
|
||||||
wordpress:
|
wordpress:
|
||||||
|
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFyjCCA7KgAwIBAgIUSCJJNkcYCGrdVPyeIij0K+4xYxcwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwgb0xCzAJBgNVBAYTAjozMQ4wDAYDVQQIDAVlYXJ0aDEVMBMGA1UEBwwMc29s
|
|
||||||
YXIgc3lzdGVtMRMwEQYDVQQKDApteWxhbiBjb3JwMS0wKwYDVQQLDCR0aGUgbWFp
|
|
||||||
biBhbmQgb25seSB1bml0IG9mIG15bGFuIGNvcnAxFTATBgNVBAMMDG15bGFuIChj
|
|
||||||
b3JwKTEsMCoGCSqGSIb3DQEJARYdbXlsYW5AbWNvbG9ubmEuNDIuZnIgcHJvYmFi
|
|
||||||
bHkwIBcNMjUwNDAyMTUzMzUxWhgPMjEyNTAzMDkxNTMzNTFaMBkxFzAVBgNVBAMM
|
|
||||||
DnN1cGVyYXdlc29tZWNuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
|
|
||||||
yufae4sNj7+B5buW5gkgW8UtAUJvtAeArY7XqpXIXiosUGzdUJXhgDJO9VHJjFy2
|
|
||||||
3ATEJBMf2uJtXtPOjisxPUZbFlA5xUugWOgoIO2xdLC7Z4Zciu7A928ckhkIFRCw
|
|
||||||
EsaIsYCNmNZV3rQ6DNJE8YCC5C/TDhyin01wEEUNJAIH2POJEyiSuJegmK35Uk4m
|
|
||||||
Qe4qBhc3jM7mdPiUPsNzgxH35L924jhzjh0ZonYN3cdi6mHoUnDUb7DrqHWP5yOC
|
|
||||||
0m39kKHLnH3jWFeRvwYiNWVu5D8PKcETQrhkvmwM2ECv1JhYGpsUgDu6SJSylgvl
|
|
||||||
IK1KUE/8Q2oX5vHLAaoe3HN4VUQqsnW7S2Ncp8x6vdCaNYVROre9zGxur0ibzGQm
|
|
||||||
jzRhC/Yo6eyP7B7IEjoATNQZ8TuXXPgkfRkN819YWXY/YfqzCaP0HGy/dWjc+So8
|
|
||||||
C+nFsITjJYASkd2zCg9BkNWiFxaMlYLc2F8WwPLwGV8ZqAYtdem9IX+LeW3feEbC
|
|
||||||
e/sWlsWbMJA23X6+5hZcxJRzi/J5qzk2Iwpg/jmaTak9vO3pkVbm94alteuewQY8
|
|
||||||
OZVypK6WvY/vdeVQYgeqL2+ra+ORwg3Wumtuz1LFQqwvUEbLtuYicV+kLAL1pZTY
|
|
||||||
ghBICgBtBqkV45c5cbEUbbjrsVcgg51J1n7TC4cZTd8CAwEAAaNjMGEwHwYDVR0R
|
|
||||||
BBgwFoIObWNvbG9ubmEuNDIuZnKHBH8AAAEwHQYDVR0OBBYEFNPoa7p0ltnw8UKu
|
|
||||||
+CjgOkcSYyaYMB8GA1UdIwQYMBaAFPpKGyjeoaBrRvUK7DGX91sfsC8aMA0GCSqG
|
|
||||||
SIb3DQEBCwUAA4ICAQCNyyBfb7poleEHzW9UVvGfZcQlLLdiGmTUX0rFWiva8Tju
|
|
||||||
r7rolKw/Ai08Wt9bT3qld1ss/gWCo7mRjpXLCPgCV9/De5oWhwH+n0dztOavDIi6
|
|
||||||
50Nkg9dIrthiHDBrAU9Z2DuecB6R0h22PKTz/rbxAIdzBfKSnw9AKdfPQGR7LKgy
|
|
||||||
ez3NATa7Ul677FWyRNgeTVajEHIkrPk2kaaNV/2vcQRo35u0p1jOmM2Xys2Qgrfx
|
|
||||||
YhY3ysP7ZncjVeg7DYlsJOa13vHrkHr42eNpglcHLqoGnZ2wriT2V8Ca6WZlTKxn
|
|
||||||
LgHc0sRF6GtOLtRJNrhXgmMBtLBzAbK77qb9m2OhHcphAWQKpnaqONXmrHTbZGxR
|
|
||||||
ct7ZoGZj3XWYQmAyEmS788cHW9sMx9Zv1888r7V+E6mh4UbGlOo64x30Od43RLLH
|
|
||||||
PmEoO9qIGx6epNbLz2UqP24oJM+82XVbEpvkg3mm6tYZXKVAW0eWpMJe7xtAlO0L
|
|
||||||
QhAPcxoA8HCd/TeMzqeomqgUY97IDH8buTK1fuw60jEl4VOvZNP3DA7eqjEkrLYC
|
|
||||||
xNmXP4OBgJU1wYv7VGVagwRJf3g9SpE231kdEOIswBGX8qQ6KBGmqbu8LPgKwMQr
|
|
||||||
P9WQBbSWY4m8Hy/ENQnsIPZ4JlRIXcL5x5KXAf5LPJA4KT1NBD5jF9mYTKRf2A==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDK59p7iw2Pv4Hl
|
|
||||||
u5bmCSBbxS0BQm+0B4CtjteqlcheKixQbN1QleGAMk71UcmMXLbcBMQkEx/a4m1e
|
|
||||||
086OKzE9RlsWUDnFS6BY6Cgg7bF0sLtnhlyK7sD3bxySGQgVELASxoixgI2Y1lXe
|
|
||||||
tDoM0kTxgILkL9MOHKKfTXAQRQ0kAgfY84kTKJK4l6CYrflSTiZB7ioGFzeMzuZ0
|
|
||||||
+JQ+w3ODEffkv3biOHOOHRmidg3dx2LqYehScNRvsOuodY/nI4LSbf2QocucfeNY
|
|
||||||
V5G/BiI1ZW7kPw8pwRNCuGS+bAzYQK/UmFgamxSAO7pIlLKWC+UgrUpQT/xDahfm
|
|
||||||
8csBqh7cc3hVRCqydbtLY1ynzHq90Jo1hVE6t73MbG6vSJvMZCaPNGEL9ijp7I/s
|
|
||||||
HsgSOgBM1BnxO5dc+CR9GQ3zX1hZdj9h+rMJo/QcbL91aNz5KjwL6cWwhOMlgBKR
|
|
||||||
3bMKD0GQ1aIXFoyVgtzYXxbA8vAZXxmoBi116b0hf4t5bd94RsJ7+xaWxZswkDbd
|
|
||||||
fr7mFlzElHOL8nmrOTYjCmD+OZpNqT287emRVub3hqW1657BBjw5lXKkrpa9j+91
|
|
||||||
5VBiB6ovb6tr45HCDda6a27PUsVCrC9QRsu25iJxX6QsAvWllNiCEEgKAG0GqRXj
|
|
||||||
lzlxsRRtuOuxVyCDnUnWftMLhxlN3wIDAQABAoICAGGujeWlE1HNSd1N2n8DDMNx
|
|
||||||
YNG26KzcYcvsNRJoCm6e0fej+UXG6ik7zvxWM/fxWI0CdGTDmjXXhPy+bjXOQGW1
|
|
||||||
3bsXw0AiwN6cYVk85Q3+2TGlIx81gst7/96r01LE1mcrkfoWH9Tg9rUAweOTROKY
|
|
||||||
0irFhU9JZNbZQmZqv8FCgwGkeKyy/zODt6pZMuq3Ob7KyAtnmPQeVR8h3sh6cr06
|
|
||||||
ZMOIk1SkBal4g/NM7y8CQrIAkYZC0Fq26zSN6EnHtD7W+dfrtGixyEWq3rz+WHCp
|
|
||||||
VOHoI8Yfr8SSndl4jhR7y8pGzz97wjpbxroTcAhBULzTADA62YCg7kHdzLQP8Mun
|
|
||||||
+8adXFYGkRO1lFiLebWr9Mg1Y7nO8t5LUAQMV+zOeXXETdSZnmofHCNNfMojxDd7
|
|
||||||
ZKX8uu4Tw9RKnKtujwRREM2XsJqouVNQCquE4/2dgnA2ehA22Id2R3fpQxNabR+9
|
|
||||||
QC8JBbClZ7cel3d225ZchTUm8EggRB0aiVIQV/RyI96b0El5si9qEl+waJ4S1rrU
|
|
||||||
fRcbCgEoSzcTnvuq6Pj1rQEa7xeU0w2VfH5idFV7SSKKJwxkSgOafIjDG/TaQZ7a
|
|
||||||
0yAkKsIQN2bWlFatXGyUwWjJ3rBdMlZsfXbGbIghacsKSbz5X1LQZbXwuDLA7DkI
|
|
||||||
LxSu6XvFoaR0un8sM1GJAoIBAQDqEVayarK9DvLZ1jPIpAqReKg2sHfuYdHtN1gk
|
|
||||||
DcszbAXhUITzKMVytsWEmKYDAzKCaxESpT9zzTJfdPc1aC/nujNvBZ3x8WYXb2TE
|
|
||||||
bxEnbjjgZajPEXHVjiI0qGnjKJb/IDkBPUU9OZ2Mv8g/V7ewPNm/Oo6uxd/pn+Gt
|
|
||||||
XFHUFiVtnb8fotov+86k0Vk7dfp2YSoFNMm/iOBVd4dJ/0utp3DkGPwWkWsGMkFA
|
|
||||||
enTWXTktcjNWQi/pWMDpS4CxplIA+oWt1Ddt8oM1cV222QhCSln9WL2Pz4zk0Cz4
|
|
||||||
9e21xpxs4cKKKQNbfk28JnmTtk+ILExspM37Tzw49w2OYMt5AoIBAQDd6wUqNkXw
|
|
||||||
xb2H1T87IRmflAXKSRZ3+HqZUw4Ib5mxfsuZ8YMy1RNa88HZm33h7U6ThNNvJP3S
|
|
||||||
erV9OdLuSNtyZW9COVwOm3+ELNd8qaMkwansfb3wTohocRUyG2FOHqFJfK0iTnwM
|
|
||||||
2mNs8E0D6kIHkWjIRBARTX0QXF0zQYWh2W79jR3qXZMYQeRU7eQiJ+9thTwvAfJt
|
|
||||||
UfvDcprL6j/46vr1vkYRVC2mKPqFagFa2ZIZNdMBlJoTyRSgdIM6dt0LGai5UURI
|
|
||||||
47+o4/4B9Id8ojloUq641X1yJJxJ8EftZloKbKqx69hNISKDGOFlBK+hUOMRa71d
|
|
||||||
Sm5n3Yrq97YXAoIBAQDl0GRJBQ29JmI2k2OAid9+ePLfz1/Rg+WzfPVjYM+0C0my
|
|
||||||
sXX3sH48ZUuFJsNIjekXt7upjOnB7ySYKKVXoJX4dQ9u4Br1o8hTFiHf5BT5m/To
|
|
||||||
DagytrQHs2fOP9THHeEzWRXfK6NBu8H+oYYg+yT1OqmoYfwZiVqRbVMM/WmyTJQv
|
|
||||||
DgTLMP/8wMVhedKc2PczJ680MWIsVl28TIFem/RX6eCjdAx+tARarxj2D8WLezha
|
|
||||||
cJgLBy03dNbjuCgBRIWbRF3gEE7j+ons/QPANVMwkwPMBUcJXgS9289sGTptkTWg
|
|
||||||
igCR2jbbrCTyqOwRpZxs3OGkgiNjraY5YAfFVTAxAoIBAQCD6udhFm4xGHr4Og2i
|
|
||||||
aqS+tdFTVGsk2fKXHkYjQaQNXSBO3MBvATbGREyhvMrx+I1TKAw/769q5ULps+vt
|
|
||||||
diXtNNsUdOCCVnFQ8w8NrhGrEeyfBohYR3bTDxXYeWo4dADQnGqXECyxv0iHQ7mk
|
|
||||||
cCbcNNYi5kLe5j9H8H/+rh5v/b76vl5gKUv9iX3f9qI8o5yycBc8ol2oGqocnw3h
|
|
||||||
1dg9cgHI/1jLiEyyj32MvV0c0mUE03ghYmLNDCVU1K4FnQ79QD2KHAMJiUkvboha
|
|
||||||
RTAdKJoTp8LxYQd3SMgXM9yuBL/Vno9BwL8N6nqHj8y8rjJxJJI2kuM4h7xlxc6E
|
|
||||||
qsf1AoIBAGwtbYtgM1BhrCnt4lBfyJMtjBSI7JzyY5r/welL7iTYDRYqZDqJjfsG
|
|
||||||
on+pQMScRyFi0EZwKmr9RcGpE202yKHH5P4zcoFdf0uCS2hHy/b4LNF/xTfbbWRH
|
|
||||||
gO74wIvG2wG3dqzstayBoOCqjmMriRy07MXac5y1uatLCeAl2JnC59ON/T3+Hxpv
|
|
||||||
8rqn82gDaV36mg+yUZtoqtKWQ3YJelwMtnd8QrCj9X46gabpMtQyiak0SKg8Ebo7
|
|
||||||
f1aDK67mBT74eT9KxNAexOP+sTdAjaDj/hFIdrRKBVtwu5sj3rXVu4B5xMi0CaZd
|
|
||||||
99QtKthw4Cvq44EJOzKZsdkAy2GGHjM=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
@ -27,8 +27,8 @@ http {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
server_name mcolonna.42.fr; # TODO(any)(nocopy)
|
server_name mcolonna.42.fr; # TODO(any)(nocopy)
|
||||||
ssl_certificate mcolonna.42.fr.crt;
|
ssl_certificate /cert/cert.crt;
|
||||||
ssl_certificate_key mcolonna.42.fr.key; # TODO(any)(secret) secret? # TODO(any)(nocopy)
|
ssl_certificate_key /cert/cert.key;
|
||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
error_page 497 =301 /497.php;
|
error_page 497 =301 /497.php;
|
||||||
# TODO ssl_ciphers(any)
|
# TODO ssl_ciphers(any)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue