From a7ee103963f92a76f79b731f3e6c5e808a9b2a94 Mon Sep 17 00:00:00 2001 From: Jason Date: Mon, 11 Jul 2022 23:40:12 -0400 Subject: [PATCH] =?UTF-8?q?=20=F0=9F=A6=88=F0=9F=8F=A0=F0=9F=90=9C?= =?UTF-8?q?=E2=9D=97=20Initial=20Commit=20=E2=9D=97=F0=9F=90=9C?= =?UTF-8?q?=F0=9F=A6=88=F0=9F=8F=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 93 +++++++++++++++++++++++++++++ Dockerfile | 53 +++++++++++++++++ LICENSE.md | 13 +++++ README.md | 48 +++++++++++++++ bin/.gitkeep | 0 bin/ca-install.sh | 30 ++++++++++ bin/ca-revoke.sh | 29 ++++++++++ bin/ca-setup.sh | 27 +++++++++ bin/entrypoint-ssl-ca.sh | 122 +++++++++++++++++++++++++++++++++++++++ bin/mydomains.sh | 30 ++++++++++ bin/server-setup.sh | 34 +++++++++++ bin/setup-dh.sh | 33 +++++++++++ config/.gitkeep | 0 data/.gitkeep | 0 14 files changed, 512 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE.md create mode 100644 README.md create mode 100644 bin/.gitkeep create mode 100644 bin/ca-install.sh create mode 100644 bin/ca-revoke.sh create mode 100644 bin/ca-setup.sh create mode 100755 bin/entrypoint-ssl-ca.sh create mode 100644 bin/mydomains.sh create mode 100644 bin/server-setup.sh create mode 100644 bin/setup-dh.sh create mode 100644 config/.gitkeep create mode 100644 data/.gitkeep diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2510b4a --- /dev/null +++ b/.gitignore @@ -0,0 +1,93 @@ +# gitignore created on 07/11/22 at 23:40 +# Disable reminder in prompt +ignoredirmessage + +# OS generated files +### Linux ### +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### macOS ### +# General +.DS_Store +.AppleDouble +.LSOverride + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### macOS Patch ### +# iCloud generated files +*.icloud + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# Other +**/.installed + +# ignore commit message +**/.gitcommit + +#ignore .failed +**/.build_failed + +# ignore .bak files +**/*.bak + +# ignore .no_push files +**/.no_push + +# ignore .no_git files +**/.no_git + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..138cc45 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,53 @@ +FROM casjaysdevdocker/alpine:latest as build + +ARG LICENSE=WTFPL \ + IMAGE_NAME=ssl-ca \ + TIMEZONE=America/New_York \ + PORT= + +ENV SHELL=/bin/bash \ + TERM=xterm-256color \ + HOSTNAME=${HOSTNAME:-casjaysdev-$IMAGE_NAME} \ + TZ=$TIMEZONE + +RUN mkdir -p /bin/ /config/ /data/ && \ + rm -Rf /bin/.gitkeep /config/.gitkeep /data/.gitkeep && \ + apk update -U --no-cache + +COPY ./bin/. /usr/local/bin/ +COPY ./config/. /config/ +COPY ./data/. /data/ + +FROM scratch +ARG BUILD_DATE="$(date +'%Y-%m-%d %H:%M')" + +LABEL org.label-schema.name="ssl-ca" \ + org.label-schema.description="Containerized version of ssl-ca" \ + org.label-schema.url="https://hub.docker.com/r/casjaysdevdocker/ssl-ca" \ + org.label-schema.vcs-url="https://github.com/casjaysdevdocker/ssl-ca" \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.version=$BUILD_DATE \ + org.label-schema.vcs-ref=$BUILD_DATE \ + org.label-schema.license="$LICENSE" \ + org.label-schema.vcs-type="Git" \ + org.label-schema.schema-version="latest" \ + org.label-schema.vendor="CasjaysDev" \ + maintainer="CasjaysDev " + +ENV SHELL="/bin/bash" \ + TERM="xterm-256color" \ + HOSTNAME="casjaysdev-ssl-ca" \ + TZ="${TZ:-America/New_York}" + +WORKDIR /root + +VOLUME ["/root","/config","/data"] + +EXPOSE $PORT + +COPY --from=build /. / + +HEALTHCHECK CMD ["/usr/local/bin/entrypoint-ssl-ca.sh", "healthcheck"] + +ENTRYPOINT ["/usr/local/bin/entrypoint-ssl-ca.sh"] + diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..86d4345 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,13 @@ + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (C) 2022 Jason Hempstead + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 1. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md new file mode 100644 index 0000000..816a6ac --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# 👋 ssl-ca Readme 👋 + +ssl-ca README + +## Run container + +```shell +dockermgr install ssl-ca +``` + +### via command line + +```shell +docker pull casjaysdevdocker/ssl-ca:latest && \ +docker run -d \ +--restart always \ +--name casjaysdevdocker-ssl-ca \ +--hostname casjaysdev-ssl-ca \ +-e TZ=${TIMEZONE:-America/New_York} \ +-v $HOME/.local/share/docker/storage/ssl-ca/ssl-ca/data:/data \ +-v $HOME/.local/share/docker/storage/ssl-ca/ssl-ca/config:/config \ +-p 80:80 \ +casjaysdevdocker/ssl-ca:latest +``` + +### via docker-compose + +```yaml +version: "2" +services: + ssl-ca: + image: casjaysdevdocker/ssl-ca + container_name: ssl-ca + environment: + - TZ=America/New_York + - HOSTNAME=casjaysdev-ssl-ca + volumes: + - $HOME/.local/share/docker/storage/ssl-ca/data:/data:z + - $HOME/.local/share/docker/storage/ssl-ca/config:/config:z + ports: + - 80:80 + restart: always +``` + +## Authors + +🤖 casjay: [Github](https://github.com/casjay) [Docker](https://hub.docker.com/r/casjay) 🤖 +⛵ CasjaysDev: [Github](https://github.com/casjaysdev) [Docker](https://hub.docker.com/r/casjaysdev) ⛵ diff --git a/bin/.gitkeep b/bin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/bin/ca-install.sh b/bin/ca-install.sh new file mode 100644 index 0000000..76c6cc5 --- /dev/null +++ b/bin/ca-install.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : ca-install.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : ca-install.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CA" && echo "$PWD" || exit 1)}" +SSL_SYS_DIR="${SSL_DIR}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set bash options +if [[ "$1" == "--debug" ]]; then shift 1 && set -xo pipefail && export SCRIPT_OPTS="--debug" && export _DEBUG="on"; fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +cd "$SSL_DIR/.." || exit 1 +sudo mkdir -p "$SSL_SYS_DIR" +sudo rsync -avhP "." "$SSL_SYS_DIR/" diff --git a/bin/ca-revoke.sh b/bin/ca-revoke.sh new file mode 100644 index 0000000..f485bfa --- /dev/null +++ b/bin/ca-revoke.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : ca-revoke.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : ca-revoke.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}" +REVOKE_FILE="revoke.crl" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests" +cd "$SSL_DIR" || exit 1 +[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh" +openssl ca -config "$SSL_DIR/openssl.cnf" -gencrl -keyfile $SSL_DIR/private/ca.key -cert $SSL_DIR/certs/ca.crt -out "$SSL_DIR/crl/$REVOKE_FILE" -passin file:$SSL_DIR/passwd +openssl crl -inform PEM -in "$SSL_DIR/crl/revoke.crl.pem" -outform DER -out "$SSL_DIR/crl/$REVOKE_FILE" diff --git a/bin/ca-setup.sh b/bin/ca-setup.sh new file mode 100644 index 0000000..1b42553 --- /dev/null +++ b/bin/ca-setup.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : ca-setup.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : ca-setup.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests" +cd "$SSL_DIR" || exit 1 +openssl req -new -x509 -extensions v3_ca -keyout "$SSL_DIR/private/ca.key" -out "$SSL_DIR/certs/ca.crt" -days 3650 -config "$SSL_DIR/openssl-ca.cnf" +openssl pkcs12 -export -out "$SSL_DIR/p12/ca.p12" -in "$SSL_DIR/certs/ca.crt" -inkey "$SSL_DIR/private/ca.key" diff --git a/bin/entrypoint-ssl-ca.sh b/bin/entrypoint-ssl-ca.sh new file mode 100755 index 0000000..0261fa6 --- /dev/null +++ b/bin/entrypoint-ssl-ca.sh @@ -0,0 +1,122 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112339-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : WTFPL +# @ReadME : entrypoint-ssl-ca.sh --help +# @Copyright : Copyright: (c) 2022 Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:39 EDT +# @File : entrypoint-ssl-ca.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0" 2>/dev/null)" +VERSION="202207112339-git" +HOME="${USER_HOME:-$HOME}" +USER="${SUDO_USER:-$USER}" +RUN_USER="${SUDO_USER:-$USER}" +SRC_DIR="${BASH_SOURCE%/*}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set bash options +if [[ "$1" == "--debug" ]]; then shift 1 && set -xo pipefail && export SCRIPT_OPTS="--debug" && export _DEBUG="on"; fi + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set functions +__exec_bash() { + local cmd="${*:-/bin/bash}" + local exitCode=0 + echo "Executing command: $cmd" + $cmd || exitCode=10 + return ${exitCode:-$?} +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__find() { ls -A "$*" 2>/dev/null; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Define default variables +TZ="${TZ:-America/New_York}" +HOSTNAME="${HOSTNAME:-casjaysdev-bin}" +BIN_DIR="${BIN_DIR:-/usr/local/bin}" +DATA_DIR="${DATA_DIR:-$(__find /data/ 2>/dev/null | grep '^' || false)}" +CONFIG_DIR="${CONFIG_DIR:-$(__find /config/ 2>/dev/null | grep '^' || false)}" +CONFIG_COPY="${CONFIG_COPY:-false}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Export variables +export TZ HOSTNAME +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables from file +[[ -f "/root/env.sh" ]] && . "/root/env.sh" +[[ -f "/config/.env.sh" ]] && . "/config/.env.sh" +[[ -f "/root/env.sh" ]] && [[ ! -f "/config/.env.sh" ]] && cp -Rf "/root/env.sh" "/config/.env.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set timezone +[[ -n "${TZ}" ]] && echo "${TZ}" >/etc/timezone +[[ -f "/usr/share/zoneinfo/${TZ}" ]] && ln -sf "/usr/share/zoneinfo/${TZ}" "/etc/localtime" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set hostname +if [[ -n "${HOSTNAME}" ]]; then + echo "${HOSTNAME}" >/etc/hostname + echo "127.0.0.1 ${HOSTNAME} localhost ${HOSTNAME}.local" >/etc/hosts +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Delete any gitkeep files +[[ -n "${CONFIG_DIR}" ]] && { [[ -d "${CONFIG_DIR}" ]] && rm -Rf "${CONFIG_DIR}/.gitkeep" || mkdir -p "/config/"; } +[[ -n "${DATA_DIR}" ]] && { [[ -d "${DATA_DIR}" ]] && rm -Rf "${DATA_DIR}/.gitkeep" || mkdir -p "/data/"; } +[[ -n "${BIN_DIR}" ]] && { [[ -d "${BIN_DIR}" ]] && rm -Rf "${BIN_DIR}/.gitkeep" || mkdir -p "/bin/"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Copy config files to /etc +if [[ -n "${CONFIG_DIR}" ]] && [[ "${CONFIG_COPY}" = "true" ]]; then + for config in ${CONFIG_DIR}; do + if [[ -d "/config/$config" ]]; then + [[ -d "/etc/$config" ]] || mkdir -p "/etc/$config" + cp -Rf "/config/$config/." "/etc/$config/" + elif [[ -f "/config/$config" ]]; then + cp -Rf "/config/$config" "/etc/$config" + fi + done +fi +[[ -f "/etc/.env.sh" ]] && rm -Rf "/etc/.env.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional commands + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +case "$1" in +--help) # Help message + echo 'Docker container for '$APPNAME'' + echo "Usage: $APPNAME [healthcheck, bash, command]" + echo "Failed command will have exit code 10" + echo + exitCode=$? + ;; + +healthcheck) # Docker healthcheck + echo "$(uname -s) $(uname -m) is running" + echo _other_commands here + exitCode=$? + ;; + +*/bin/sh | */bin/bash | bash | shell | sh) # Launch shell + shift 1 + __exec_bash "${@:-/bin/bash}" + exitCode=$? + ;; + +*) # Execute primary command + if [[ $# -eq 0 ]]; then + __exec_bash "/bin/bash" + else + __exec_bash "/bin/bash" + fi + exitCode=$? + ;; +esac +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# end of entrypoint +exit ${exitCode:-$?} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/bin/mydomains.sh b/bin/mydomains.sh new file mode 100644 index 0000000..398515d --- /dev/null +++ b/bin/mydomains.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : mydomains.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : mydomains.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}" +DOMAIN="localhost" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests" +[[ -n "$DOMAIN" ]] || { echo "Usage: $APPNAME" && exit 1; } +[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh" +openssl req -new -sha256 -newkey rsa:2048 -config $SSL_DIR/mydomains.cnf -passin file:$SSL_DIR/passwd -nodes -keyout $SSL_DIR/private/$DOMAIN.key -out $SSL_DIR/requests/$DOMAIN.csr +openssl ca -policy policy_anything -keyfile $SSL_DIR/private/ca.key -config $SSL_DIR/mydomains.cnf -passin file:$SSL_DIR/passwd -out $SSL_DIR/certs/$DOMAIN.crt -infiles $SSL_DIR/requests/$DOMAIN.csr +#clear diff --git a/bin/server-setup.sh b/bin/server-setup.sh new file mode 100644 index 0000000..7a17e24 --- /dev/null +++ b/bin/server-setup.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : server-setup.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : server-setup.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}" +DOMAIN="${1:-$DOM}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests" +cd "$SSL_DIR" || exit 1 +echo "$DOMAIN" +echo "$SSL_DIR" +echo "" +[[ -n "$DOMAIN" ]] || { echo "Usage: $APPNAME mydomain.com" && exit 1; } +[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh" +openssl req -new -sha256 -newkey rsa:2048 -config $SSL_DIR/openssl-req.cnf -passin file:$SSL_DIR/passwd -nodes -keyout $SSL_DIR/private/$DOMAIN.key -out $SSL_DIR/requests/$DOMAIN.csr +openssl ca -policy policy_anything -keyfile $SSL_DIR/private/ca.key -config $SSL_DIR/openssl-req.cnf -passin file:$SSL_DIR/passwd -out $SSL_DIR/certs/$DOMAIN.crt -infiles $SSL_DIR/requests/$DOMAIN.csr +#clear diff --git a/bin/setup-dh.sh b/bin/setup-dh.sh new file mode 100644 index 0000000..4dd3794 --- /dev/null +++ b/bin/setup-dh.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202207112331-git +# @Author : Jason Hempstead +# @Contact : jason@casjaysdev.com +# @License : LICENSE.md +# @ReadME : ca-setup.sh --help +# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments +# @Created : Monday, Jul 11, 2022 23:31 EDT +# @File : ca-setup.sh +# @Description : +# @TODO : +# @Other : +# @Resource : +# @sudo/root : no +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPNAME="$(basename "$0")" +VERSION="202207112331-git" +USER="${SUDO_USER:-${USER}}" +HOME="${USER_HOME:-${HOME}}" +SRC_DIR="${BASH_SOURCE%/*}" +SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}" +SSL_DH_DIR="${MY_SSL_DH_HOME:-$(cd "$SRC_DIR/../dh" && echo "$PWD" || exit 1)}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +mkdir -p "$SSL_DH_DIR" +cd "$SSL_DH_DIR" || exit 1 +umask 022 +for legth in 512 1024 2048 4096; do + if openssl dhparam -out "dh_$legth.tmp" "$legth"; then + mv -f "dh_$legth.tmp" "dh_$legth.pem" + chmod 644 "dh_$legth.pem" + fi +done diff --git a/config/.gitkeep b/config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/data/.gitkeep b/data/.gitkeep new file mode 100644 index 0000000..e69de29