casjaysdevdocker/ssl-ca
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/ssl-ca synced 2025-02-22 06:36:45 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

🦈🏠🐜 Initial Commit 🐜🦈🏠

Browse Source
This commit is contained in:
Jason 2022-07-11 23:40:12 -04:00
commit a7ee103963
No known key found for this signature in database
GPG Key ID: 4F765975C1F0EE5F
14 changed files with 512 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
.gitignore vendored Normal file
View File

@ -0,0 +1,93 @@
# gitignore created on 07/11/22 at 23:40
# Disable reminder in prompt
ignoredirmessage
# OS generated files
### Linux ###
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### macOS Patch ###
# iCloud generated files
*.icloud
### Windows ###
# Windows thumbnail cache files
Thumbs.db
Thumbs.db:encryptable
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# Other
**/.installed
# ignore commit message
**/.gitcommit
#ignore .failed
**/.build_failed
# ignore .bak files
**/*.bak
# ignore .no_push files
**/.no_push
# ignore .no_git files
**/.no_git

53
Dockerfile Normal file
View File

@ -0,0 +1,53 @@
FROM casjaysdevdocker/alpine:latest as build
ARG LICENSE=WTFPL \
IMAGE_NAME=ssl-ca \
TIMEZONE=America/New_York \
PORT=
ENV SHELL=/bin/bash \
TERM=xterm-256color \
HOSTNAME=${HOSTNAME:-casjaysdev-$IMAGE_NAME} \
TZ=$TIMEZONE
RUN mkdir -p /bin/ /config/ /data/ && \
rm -Rf /bin/.gitkeep /config/.gitkeep /data/.gitkeep && \
apk update -U --no-cache
COPY ./bin/. /usr/local/bin/
COPY ./config/. /config/
COPY ./data/. /data/
FROM scratch
ARG BUILD_DATE="$(date +'%Y-%m-%d %H:%M')"
LABEL org.label-schema.name="ssl-ca" \
org.label-schema.description="Containerized version of ssl-ca" \
org.label-schema.url="https://hub.docker.com/r/casjaysdevdocker/ssl-ca" \
org.label-schema.vcs-url="https://github.com/casjaysdevdocker/ssl-ca" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.version=$BUILD_DATE \
org.label-schema.vcs-ref=$BUILD_DATE \
org.label-schema.license="$LICENSE" \
org.label-schema.vcs-type="Git" \
org.label-schema.schema-version="latest" \
org.label-schema.vendor="CasjaysDev" \
maintainer="CasjaysDev <docker-admin@casjaysdev.com>"
ENV SHELL="/bin/bash" \
TERM="xterm-256color" \
HOSTNAME="casjaysdev-ssl-ca" \
TZ="${TZ:-America/New_York}"
WORKDIR /root
VOLUME ["/root","/config","/data"]
EXPOSE $PORT
COPY --from=build /. /
HEALTHCHECK CMD ["/usr/local/bin/entrypoint-ssl-ca.sh", "healthcheck"]
ENTRYPOINT ["/usr/local/bin/entrypoint-ssl-ca.sh"]

13
LICENSE.md Normal file
View File

@ -0,0 +1,13 @@
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2022 Jason Hempstead <git-admin@casjaysdev.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
1. You just DO WHAT THE FUCK YOU WANT TO.

48
README.md Normal file
View File

@ -0,0 +1,48 @@
# 👋 ssl-ca Readme 👋
ssl-ca README
## Run container
```shell
dockermgr install ssl-ca
```
### via command line
```shell
docker pull casjaysdevdocker/ssl-ca:latest && \
docker run -d \
--restart always \
--name casjaysdevdocker-ssl-ca \
--hostname casjaysdev-ssl-ca \
-e TZ=${TIMEZONE:-America/New_York} \
-v $HOME/.local/share/docker/storage/ssl-ca/ssl-ca/data:/data \
-v $HOME/.local/share/docker/storage/ssl-ca/ssl-ca/config:/config \
-p 80:80 \
casjaysdevdocker/ssl-ca:latest
```
### via docker-compose
```yaml
version: "2"
services:
ssl-ca:
image: casjaysdevdocker/ssl-ca
container_name: ssl-ca
environment:
- TZ=America/New_York
- HOSTNAME=casjaysdev-ssl-ca
volumes:
- $HOME/.local/share/docker/storage/ssl-ca/data:/data:z
- $HOME/.local/share/docker/storage/ssl-ca/config:/config:z
ports:
- 80:80
restart: always
```
## Authors
🤖 casjay: [Github](https://github.com/casjay) [Docker](https://hub.docker.com/r/casjay) 🤖
⛵ CasjaysDev: [Github](https://github.com/casjaysdev) [Docker](https://hub.docker.com/r/casjaysdev) ⛵

0
bin/.gitkeep Normal file
View File

30
bin/ca-install.sh Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : ca-install.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : ca-install.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CA" && echo "$PWD" || exit 1)}"
SSL_SYS_DIR="${SSL_DIR}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set bash options
if [[ "$1" == "--debug" ]]; then shift 1 && set -xo pipefail && export SCRIPT_OPTS="--debug" && export _DEBUG="on"; fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cd "$SSL_DIR/.." || exit 1
sudo mkdir -p "$SSL_SYS_DIR"
sudo rsync -avhP "." "$SSL_SYS_DIR/"

29
bin/ca-revoke.sh Normal file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : ca-revoke.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : ca-revoke.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}"
REVOKE_FILE="revoke.crl"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests"
cd "$SSL_DIR" || exit 1
[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh"
openssl ca -config "$SSL_DIR/openssl.cnf" -gencrl -keyfile $SSL_DIR/private/ca.key -cert $SSL_DIR/certs/ca.crt -out "$SSL_DIR/crl/$REVOKE_FILE" -passin file:$SSL_DIR/passwd
openssl crl -inform PEM -in "$SSL_DIR/crl/revoke.crl.pem" -outform DER -out "$SSL_DIR/crl/$REVOKE_FILE"

27
bin/ca-setup.sh Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : ca-setup.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : ca-setup.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests"
cd "$SSL_DIR" || exit 1
openssl req -new -x509 -extensions v3_ca -keyout "$SSL_DIR/private/ca.key" -out "$SSL_DIR/certs/ca.crt" -days 3650 -config "$SSL_DIR/openssl-ca.cnf"
openssl pkcs12 -export -out "$SSL_DIR/p12/ca.p12" -in "$SSL_DIR/certs/ca.crt" -inkey "$SSL_DIR/private/ca.key"

122
bin/entrypoint-ssl-ca.sh Executable file
View File

@ -0,0 +1,122 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112339-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : WTFPL
# @ReadME : entrypoint-ssl-ca.sh --help
# @Copyright : Copyright: (c) 2022 Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:39 EDT
# @File : entrypoint-ssl-ca.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0" 2>/dev/null)"
VERSION="202207112339-git"
HOME="${USER_HOME:-$HOME}"
USER="${SUDO_USER:-$USER}"
RUN_USER="${SUDO_USER:-$USER}"
SRC_DIR="${BASH_SOURCE%/*}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set bash options
if [[ "$1" == "--debug" ]]; then shift 1 && set -xo pipefail && export SCRIPT_OPTS="--debug" && export _DEBUG="on"; fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set functions
__exec_bash() {
local cmd="${*:-/bin/bash}"
local exitCode=0
echo "Executing command: $cmd"
$cmd || exitCode=10
return ${exitCode:-$?}
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__find() { ls -A "$*" 2>/dev/null; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Define default variables
TZ="${TZ:-America/New_York}"
HOSTNAME="${HOSTNAME:-casjaysdev-bin}"
BIN_DIR="${BIN_DIR:-/usr/local/bin}"
DATA_DIR="${DATA_DIR:-$(__find /data/ 2>/dev/null | grep '^' || false)}"
CONFIG_DIR="${CONFIG_DIR:-$(__find /config/ 2>/dev/null | grep '^' || false)}"
CONFIG_COPY="${CONFIG_COPY:-false}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional variables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Export variables
export TZ HOSTNAME
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# import variables from file
[[ -f "/root/env.sh" ]] && . "/root/env.sh"
[[ -f "/config/.env.sh" ]] && . "/config/.env.sh"
[[ -f "/root/env.sh" ]] && [[ ! -f "/config/.env.sh" ]] && cp -Rf "/root/env.sh" "/config/.env.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set timezone
[[ -n "${TZ}" ]] && echo "${TZ}" >/etc/timezone
[[ -f "/usr/share/zoneinfo/${TZ}" ]] && ln -sf "/usr/share/zoneinfo/${TZ}" "/etc/localtime"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set hostname
if [[ -n "${HOSTNAME}" ]]; then
echo "${HOSTNAME}" >/etc/hostname
echo "127.0.0.1 ${HOSTNAME} localhost ${HOSTNAME}.local" >/etc/hosts
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Delete any gitkeep files
[[ -n "${CONFIG_DIR}" ]] && { [[ -d "${CONFIG_DIR}" ]] && rm -Rf "${CONFIG_DIR}/.gitkeep" || mkdir -p "/config/"; }
[[ -n "${DATA_DIR}" ]] && { [[ -d "${DATA_DIR}" ]] && rm -Rf "${DATA_DIR}/.gitkeep" || mkdir -p "/data/"; }
[[ -n "${BIN_DIR}" ]] && { [[ -d "${BIN_DIR}" ]] && rm -Rf "${BIN_DIR}/.gitkeep" || mkdir -p "/bin/"; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Copy config files to /etc
if [[ -n "${CONFIG_DIR}" ]] && [[ "${CONFIG_COPY}" = "true" ]]; then
for config in ${CONFIG_DIR}; do
if [[ -d "/config/$config" ]]; then
[[ -d "/etc/$config" ]] || mkdir -p "/etc/$config"
cp -Rf "/config/$config/." "/etc/$config/"
elif [[ -f "/config/$config" ]]; then
cp -Rf "/config/$config" "/etc/$config"
fi
done
fi
[[ -f "/etc/.env.sh" ]] && rm -Rf "/etc/.env.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional commands
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
case "$1" in
--help) # Help message
echo 'Docker container for '$APPNAME''
echo "Usage: $APPNAME [healthcheck, bash, command]"
echo "Failed command will have exit code 10"
echo
exitCode=$?
;;
healthcheck) # Docker healthcheck
echo "$(uname -s) $(uname -m) is running"
echo _other_commands here
exitCode=$?
;;
*/bin/sh | */bin/bash | bash | shell | sh) # Launch shell
shift 1
__exec_bash "${@:-/bin/bash}"
exitCode=$?
;;
*) # Execute primary command
if [[ $# -eq 0 ]]; then
__exec_bash "/bin/bash"
else
__exec_bash "/bin/bash"
fi
exitCode=$?
;;
esac
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# end of entrypoint
exit ${exitCode:-$?}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

30
bin/mydomains.sh Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : mydomains.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : mydomains.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}"
DOMAIN="localhost"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests"
[[ -n "$DOMAIN" ]] || { echo "Usage: $APPNAME" && exit 1; }
[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh"
openssl req -new -sha256 -newkey rsa:2048 -config $SSL_DIR/mydomains.cnf -passin file:$SSL_DIR/passwd -nodes -keyout $SSL_DIR/private/$DOMAIN.key -out $SSL_DIR/requests/$DOMAIN.csr
openssl ca -policy policy_anything -keyfile $SSL_DIR/private/ca.key -config $SSL_DIR/mydomains.cnf -passin file:$SSL_DIR/passwd -out $SSL_DIR/certs/$DOMAIN.crt -infiles $SSL_DIR/requests/$DOMAIN.csr
#clear

34
bin/server-setup.sh Normal file
View File

@ -0,0 +1,34 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : server-setup.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : server-setup.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}"
DOMAIN="${1:-$DOM}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mkdir -p "$SSL_DIR" "$SSL_DIR/crl" "$SSL_DIR/private" "$SSL_DIR/certs" "$SSL_DIR/p12" "$SSL_DIR/requests"
cd "$SSL_DIR" || exit 1
echo "$DOMAIN"
echo "$SSL_DIR"
echo ""
[[ -n "$DOMAIN" ]] || { echo "Usage: $APPNAME mydomain.com" && exit 1; }
[[ -f "$SSL_DIR/certs/ca.crt" ]] || "$SRC_DIR/ca-setup.sh"
openssl req -new -sha256 -newkey rsa:2048 -config $SSL_DIR/openssl-req.cnf -passin file:$SSL_DIR/passwd -nodes -keyout $SSL_DIR/private/$DOMAIN.key -out $SSL_DIR/requests/$DOMAIN.csr
openssl ca -policy policy_anything -keyfile $SSL_DIR/private/ca.key -config $SSL_DIR/openssl-req.cnf -passin file:$SSL_DIR/passwd -out $SSL_DIR/certs/$DOMAIN.crt -infiles $SSL_DIR/requests/$DOMAIN.csr
#clear

33
bin/setup-dh.sh Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202207112331-git
# @Author : Jason Hempstead
# @Contact : jason@casjaysdev.com
# @License : LICENSE.md
# @ReadME : ca-setup.sh --help
# @Copyright : Copyright: (c) Jason Hempstead, Casjays Developments
# @Created : Monday, Jul 11, 2022 23:31 EDT
# @File : ca-setup.sh
# @Description :
# @TODO :
# @Other :
# @Resource :
# @sudo/root : no
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0")"
VERSION="202207112331-git"
USER="${SUDO_USER:-${USER}}"
HOME="${USER_HOME:-${HOME}}"
SRC_DIR="${BASH_SOURCE%/*}"
SSL_DIR="${MY_SSL_HOME:-$(cd "$SRC_DIR/../CasjaysDev" && echo "$PWD" || exit 1)}"
SSL_DH_DIR="${MY_SSL_DH_HOME:-$(cd "$SRC_DIR/../dh" && echo "$PWD" || exit 1)}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mkdir -p "$SSL_DH_DIR"
cd "$SSL_DH_DIR" || exit 1
umask 022
for legth in 512 1024 2048 4096; do
if openssl dhparam -out "dh_$legth.tmp" "$legth"; then
mv -f "dh_$legth.tmp" "dh_$legth.pem"
chmod 644 "dh_$legth.pem"
fi
done

0
config/.gitkeep Normal file
View File

0
data/.gitkeep Normal file
View File