dev: manage SSL certificate better
This commit is contained in:
mcolonna
parent
2d673aa016
commit
7b0baf20fb
5 changed files with 70 additions and 89 deletions
69
Makefile
69
Makefile
|
|
@ -3,12 +3,18 @@
|
|||
BUILD_PATH=__build/
|
||||
|
||||
DOCKER=docker
|
||||
MKTEMP=mktemp
|
||||
|
||||
DOMAIN=mcolonna.42.fr
|
||||
|
||||
SRC_COMPOSE=srcs/
|
||||
SRC_WWW_MORE=srcs/www/
|
||||
CERT_PATH=srcs/__cert/
|
||||
CERT_PATH_FILES=$(addprefix $(CERT_PATH), ca.pem cert.key cert.crt )
|
||||
|
||||
.ONESHELL :
|
||||
.SHELLFLAGS = -eu -c
|
||||
.PHONY : run reset re help
|
||||
.PHONY : run reset re cert_reset cert_re help
|
||||
|
||||
### pretty logs ####
|
||||
|
||||
|
|
@ -22,7 +28,7 @@ _ECHO = echoo(){ \
|
|||
|
||||
|
||||
## Run the compose.
|
||||
run :
|
||||
run : $(CERT_PATH_FILES)
|
||||
@$(_ECHO)
|
||||
|
||||
echoo "Running '$(SRC_COMPOSE)'..."
|
||||
|
|
@ -48,6 +54,61 @@ re : reset run
|
|||
echo "run \`make\` or \`make run\` to run the docker."
|
||||
|
||||
|
||||
## Create the SSL certificate.
|
||||
cert : $(CERT_PATH_FILES)
|
||||
|
||||
$(CERT_PATH_FILES) :
|
||||
@$(_ECHO)
|
||||
|
||||
echoo "Creating SSL certificate files..."
|
||||
mkdir -p $(CERT_PATH)
|
||||
cd $(CERT_PATH)
|
||||
|
||||
echoo " -> Creating CA..."
|
||||
# Create local CA
|
||||
TMP_CA_KEY=$$($(MKTEMP))
|
||||
openssl genrsa -out $$TMP_CA_KEY 2048
|
||||
openssl req -x509 -new -nodes -key $$TMP_CA_KEY -sha256 -days 1825 -out ca.pem
|
||||
|
||||
echoo " -> Creating certificate for $(DOMAIN)..."
|
||||
# Create certificate for $(DOMAIN)
|
||||
openssl genrsa -out "cert.key" 2048
|
||||
TMP_CA_CSR=$$($(MKTEMP))
|
||||
openssl req -new -key cert.key -out $$TMP_CA_CSR
|
||||
TMP_EXT=$$($(MKTEMP))
|
||||
>>$$TMP_EXT echo "authorityKeyIdentifier=keyid,issuer"
|
||||
>>$$TMP_EXT echo "basicConstraints=CA:FALSE"
|
||||
>>$$TMP_EXT echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment"
|
||||
>>$$TMP_EXT echo "subjectAltName = @alt_names"
|
||||
>>$$TMP_EXT echo ""
|
||||
>>$$TMP_EXT echo "[alt_names]"
|
||||
>>$$TMP_EXT echo "DNS.1 = $(DOMAIN)"
|
||||
openssl x509 -req -in $$TMP_CA_CSR -CA ca.pem -CAkey $$TMP_CA_KEY \
|
||||
-CAcreateserial -out cert.crt -days 825 -sha256 -extfile $$TMP_EXT
|
||||
|
||||
rm $$TMP_CA_KEY $$TMP_CA_CSR $$TMP_EXT
|
||||
|
||||
echo
|
||||
echo "====="
|
||||
echo "to avoid \"this website was self-signed\" warnings,"
|
||||
echo "install $(CERT_PATH)/ca.pem on whatever you need i guess"
|
||||
echo "====="
|
||||
echo
|
||||
|
||||
cd -
|
||||
|
||||
|
||||
## Remove the SSL certificate.
|
||||
cert_reset :
|
||||
@$(_ECHO)
|
||||
echoo "Removing SSL certificate files..."
|
||||
rm -rf $(CERT_PATH)
|
||||
|
||||
|
||||
## 'cert_reset' then 'cert'
|
||||
cert_re : cert_reset $(CERT_PATH_FILES)
|
||||
|
||||
|
||||
## Show help
|
||||
help :
|
||||
@$(_ECHO)
|
||||
|
|
@ -57,3 +118,7 @@ help :
|
|||
echo "reset Remove all content of the website."
|
||||
echo "re 'reset' then 'run'."
|
||||
echo
|
||||
echo "cert Create the SSL certificate."
|
||||
echo "cert_reset Remove the SSL certificate."
|
||||
echo "cert_re 'cert_reset' then 'cert'."
|
||||
echo
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ services:
|
|||
condition: service_healthy
|
||||
volumes:
|
||||
- www:/www:ro
|
||||
- ./__cert:/cert:ro
|
||||
# domainname: mcolonna.42.fr # TODO(vm) useful? # TODO(any)(nocopy)
|
||||
|
||||
wordpress:
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFyjCCA7KgAwIBAgIUSCJJNkcYCGrdVPyeIij0K+4xYxcwDQYJKoZIhvcNAQEL
|
||||
BQAwgb0xCzAJBgNVBAYTAjozMQ4wDAYDVQQIDAVlYXJ0aDEVMBMGA1UEBwwMc29s
|
||||
YXIgc3lzdGVtMRMwEQYDVQQKDApteWxhbiBjb3JwMS0wKwYDVQQLDCR0aGUgbWFp
|
||||
biBhbmQgb25seSB1bml0IG9mIG15bGFuIGNvcnAxFTATBgNVBAMMDG15bGFuIChj
|
||||
b3JwKTEsMCoGCSqGSIb3DQEJARYdbXlsYW5AbWNvbG9ubmEuNDIuZnIgcHJvYmFi
|
||||
bHkwIBcNMjUwNDAyMTUzMzUxWhgPMjEyNTAzMDkxNTMzNTFaMBkxFzAVBgNVBAMM
|
||||
DnN1cGVyYXdlc29tZWNuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
|
||||
yufae4sNj7+B5buW5gkgW8UtAUJvtAeArY7XqpXIXiosUGzdUJXhgDJO9VHJjFy2
|
||||
3ATEJBMf2uJtXtPOjisxPUZbFlA5xUugWOgoIO2xdLC7Z4Zciu7A928ckhkIFRCw
|
||||
EsaIsYCNmNZV3rQ6DNJE8YCC5C/TDhyin01wEEUNJAIH2POJEyiSuJegmK35Uk4m
|
||||
Qe4qBhc3jM7mdPiUPsNzgxH35L924jhzjh0ZonYN3cdi6mHoUnDUb7DrqHWP5yOC
|
||||
0m39kKHLnH3jWFeRvwYiNWVu5D8PKcETQrhkvmwM2ECv1JhYGpsUgDu6SJSylgvl
|
||||
IK1KUE/8Q2oX5vHLAaoe3HN4VUQqsnW7S2Ncp8x6vdCaNYVROre9zGxur0ibzGQm
|
||||
jzRhC/Yo6eyP7B7IEjoATNQZ8TuXXPgkfRkN819YWXY/YfqzCaP0HGy/dWjc+So8
|
||||
C+nFsITjJYASkd2zCg9BkNWiFxaMlYLc2F8WwPLwGV8ZqAYtdem9IX+LeW3feEbC
|
||||
e/sWlsWbMJA23X6+5hZcxJRzi/J5qzk2Iwpg/jmaTak9vO3pkVbm94alteuewQY8
|
||||
OZVypK6WvY/vdeVQYgeqL2+ra+ORwg3Wumtuz1LFQqwvUEbLtuYicV+kLAL1pZTY
|
||||
ghBICgBtBqkV45c5cbEUbbjrsVcgg51J1n7TC4cZTd8CAwEAAaNjMGEwHwYDVR0R
|
||||
BBgwFoIObWNvbG9ubmEuNDIuZnKHBH8AAAEwHQYDVR0OBBYEFNPoa7p0ltnw8UKu
|
||||
+CjgOkcSYyaYMB8GA1UdIwQYMBaAFPpKGyjeoaBrRvUK7DGX91sfsC8aMA0GCSqG
|
||||
SIb3DQEBCwUAA4ICAQCNyyBfb7poleEHzW9UVvGfZcQlLLdiGmTUX0rFWiva8Tju
|
||||
r7rolKw/Ai08Wt9bT3qld1ss/gWCo7mRjpXLCPgCV9/De5oWhwH+n0dztOavDIi6
|
||||
50Nkg9dIrthiHDBrAU9Z2DuecB6R0h22PKTz/rbxAIdzBfKSnw9AKdfPQGR7LKgy
|
||||
ez3NATa7Ul677FWyRNgeTVajEHIkrPk2kaaNV/2vcQRo35u0p1jOmM2Xys2Qgrfx
|
||||
YhY3ysP7ZncjVeg7DYlsJOa13vHrkHr42eNpglcHLqoGnZ2wriT2V8Ca6WZlTKxn
|
||||
LgHc0sRF6GtOLtRJNrhXgmMBtLBzAbK77qb9m2OhHcphAWQKpnaqONXmrHTbZGxR
|
||||
ct7ZoGZj3XWYQmAyEmS788cHW9sMx9Zv1888r7V+E6mh4UbGlOo64x30Od43RLLH
|
||||
PmEoO9qIGx6epNbLz2UqP24oJM+82XVbEpvkg3mm6tYZXKVAW0eWpMJe7xtAlO0L
|
||||
QhAPcxoA8HCd/TeMzqeomqgUY97IDH8buTK1fuw60jEl4VOvZNP3DA7eqjEkrLYC
|
||||
xNmXP4OBgJU1wYv7VGVagwRJf3g9SpE231kdEOIswBGX8qQ6KBGmqbu8LPgKwMQr
|
||||
P9WQBbSWY4m8Hy/ENQnsIPZ4JlRIXcL5x5KXAf5LPJA4KT1NBD5jF9mYTKRf2A==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDK59p7iw2Pv4Hl
|
||||
u5bmCSBbxS0BQm+0B4CtjteqlcheKixQbN1QleGAMk71UcmMXLbcBMQkEx/a4m1e
|
||||
086OKzE9RlsWUDnFS6BY6Cgg7bF0sLtnhlyK7sD3bxySGQgVELASxoixgI2Y1lXe
|
||||
tDoM0kTxgILkL9MOHKKfTXAQRQ0kAgfY84kTKJK4l6CYrflSTiZB7ioGFzeMzuZ0
|
||||
+JQ+w3ODEffkv3biOHOOHRmidg3dx2LqYehScNRvsOuodY/nI4LSbf2QocucfeNY
|
||||
V5G/BiI1ZW7kPw8pwRNCuGS+bAzYQK/UmFgamxSAO7pIlLKWC+UgrUpQT/xDahfm
|
||||
8csBqh7cc3hVRCqydbtLY1ynzHq90Jo1hVE6t73MbG6vSJvMZCaPNGEL9ijp7I/s
|
||||
HsgSOgBM1BnxO5dc+CR9GQ3zX1hZdj9h+rMJo/QcbL91aNz5KjwL6cWwhOMlgBKR
|
||||
3bMKD0GQ1aIXFoyVgtzYXxbA8vAZXxmoBi116b0hf4t5bd94RsJ7+xaWxZswkDbd
|
||||
fr7mFlzElHOL8nmrOTYjCmD+OZpNqT287emRVub3hqW1657BBjw5lXKkrpa9j+91
|
||||
5VBiB6ovb6tr45HCDda6a27PUsVCrC9QRsu25iJxX6QsAvWllNiCEEgKAG0GqRXj
|
||||
lzlxsRRtuOuxVyCDnUnWftMLhxlN3wIDAQABAoICAGGujeWlE1HNSd1N2n8DDMNx
|
||||
YNG26KzcYcvsNRJoCm6e0fej+UXG6ik7zvxWM/fxWI0CdGTDmjXXhPy+bjXOQGW1
|
||||
3bsXw0AiwN6cYVk85Q3+2TGlIx81gst7/96r01LE1mcrkfoWH9Tg9rUAweOTROKY
|
||||
0irFhU9JZNbZQmZqv8FCgwGkeKyy/zODt6pZMuq3Ob7KyAtnmPQeVR8h3sh6cr06
|
||||
ZMOIk1SkBal4g/NM7y8CQrIAkYZC0Fq26zSN6EnHtD7W+dfrtGixyEWq3rz+WHCp
|
||||
VOHoI8Yfr8SSndl4jhR7y8pGzz97wjpbxroTcAhBULzTADA62YCg7kHdzLQP8Mun
|
||||
+8adXFYGkRO1lFiLebWr9Mg1Y7nO8t5LUAQMV+zOeXXETdSZnmofHCNNfMojxDd7
|
||||
ZKX8uu4Tw9RKnKtujwRREM2XsJqouVNQCquE4/2dgnA2ehA22Id2R3fpQxNabR+9
|
||||
QC8JBbClZ7cel3d225ZchTUm8EggRB0aiVIQV/RyI96b0El5si9qEl+waJ4S1rrU
|
||||
fRcbCgEoSzcTnvuq6Pj1rQEa7xeU0w2VfH5idFV7SSKKJwxkSgOafIjDG/TaQZ7a
|
||||
0yAkKsIQN2bWlFatXGyUwWjJ3rBdMlZsfXbGbIghacsKSbz5X1LQZbXwuDLA7DkI
|
||||
LxSu6XvFoaR0un8sM1GJAoIBAQDqEVayarK9DvLZ1jPIpAqReKg2sHfuYdHtN1gk
|
||||
DcszbAXhUITzKMVytsWEmKYDAzKCaxESpT9zzTJfdPc1aC/nujNvBZ3x8WYXb2TE
|
||||
bxEnbjjgZajPEXHVjiI0qGnjKJb/IDkBPUU9OZ2Mv8g/V7ewPNm/Oo6uxd/pn+Gt
|
||||
XFHUFiVtnb8fotov+86k0Vk7dfp2YSoFNMm/iOBVd4dJ/0utp3DkGPwWkWsGMkFA
|
||||
enTWXTktcjNWQi/pWMDpS4CxplIA+oWt1Ddt8oM1cV222QhCSln9WL2Pz4zk0Cz4
|
||||
9e21xpxs4cKKKQNbfk28JnmTtk+ILExspM37Tzw49w2OYMt5AoIBAQDd6wUqNkXw
|
||||
xb2H1T87IRmflAXKSRZ3+HqZUw4Ib5mxfsuZ8YMy1RNa88HZm33h7U6ThNNvJP3S
|
||||
erV9OdLuSNtyZW9COVwOm3+ELNd8qaMkwansfb3wTohocRUyG2FOHqFJfK0iTnwM
|
||||
2mNs8E0D6kIHkWjIRBARTX0QXF0zQYWh2W79jR3qXZMYQeRU7eQiJ+9thTwvAfJt
|
||||
UfvDcprL6j/46vr1vkYRVC2mKPqFagFa2ZIZNdMBlJoTyRSgdIM6dt0LGai5UURI
|
||||
47+o4/4B9Id8ojloUq641X1yJJxJ8EftZloKbKqx69hNISKDGOFlBK+hUOMRa71d
|
||||
Sm5n3Yrq97YXAoIBAQDl0GRJBQ29JmI2k2OAid9+ePLfz1/Rg+WzfPVjYM+0C0my
|
||||
sXX3sH48ZUuFJsNIjekXt7upjOnB7ySYKKVXoJX4dQ9u4Br1o8hTFiHf5BT5m/To
|
||||
DagytrQHs2fOP9THHeEzWRXfK6NBu8H+oYYg+yT1OqmoYfwZiVqRbVMM/WmyTJQv
|
||||
DgTLMP/8wMVhedKc2PczJ680MWIsVl28TIFem/RX6eCjdAx+tARarxj2D8WLezha
|
||||
cJgLBy03dNbjuCgBRIWbRF3gEE7j+ons/QPANVMwkwPMBUcJXgS9289sGTptkTWg
|
||||
igCR2jbbrCTyqOwRpZxs3OGkgiNjraY5YAfFVTAxAoIBAQCD6udhFm4xGHr4Og2i
|
||||
aqS+tdFTVGsk2fKXHkYjQaQNXSBO3MBvATbGREyhvMrx+I1TKAw/769q5ULps+vt
|
||||
diXtNNsUdOCCVnFQ8w8NrhGrEeyfBohYR3bTDxXYeWo4dADQnGqXECyxv0iHQ7mk
|
||||
cCbcNNYi5kLe5j9H8H/+rh5v/b76vl5gKUv9iX3f9qI8o5yycBc8ol2oGqocnw3h
|
||||
1dg9cgHI/1jLiEyyj32MvV0c0mUE03ghYmLNDCVU1K4FnQ79QD2KHAMJiUkvboha
|
||||
RTAdKJoTp8LxYQd3SMgXM9yuBL/Vno9BwL8N6nqHj8y8rjJxJJI2kuM4h7xlxc6E
|
||||
qsf1AoIBAGwtbYtgM1BhrCnt4lBfyJMtjBSI7JzyY5r/welL7iTYDRYqZDqJjfsG
|
||||
on+pQMScRyFi0EZwKmr9RcGpE202yKHH5P4zcoFdf0uCS2hHy/b4LNF/xTfbbWRH
|
||||
gO74wIvG2wG3dqzstayBoOCqjmMriRy07MXac5y1uatLCeAl2JnC59ON/T3+Hxpv
|
||||
8rqn82gDaV36mg+yUZtoqtKWQ3YJelwMtnd8QrCj9X46gabpMtQyiak0SKg8Ebo7
|
||||
f1aDK67mBT74eT9KxNAexOP+sTdAjaDj/hFIdrRKBVtwu5sj3rXVu4B5xMi0CaZd
|
||||
99QtKthw4Cvq44EJOzKZsdkAy2GGHjM=
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -27,8 +27,8 @@ http {
|
|||
server {
|
||||
listen 443 ssl;
|
||||
server_name mcolonna.42.fr; # TODO(any)(nocopy)
|
||||
ssl_certificate mcolonna.42.fr.crt;
|
||||
ssl_certificate_key mcolonna.42.fr.key; # TODO(any)(secret) secret? # TODO(any)(nocopy)
|
||||
ssl_certificate /cert/cert.crt;
|
||||
ssl_certificate_key /cert/cert.key;
|
||||
ssl_protocols TLSv1.3;
|
||||
error_page 497 =301 /497.php;
|
||||
# TODO ssl_ciphers(any)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue