From 16101144c5b00adb620f16e943a4926944ba0a4a Mon Sep 17 00:00:00 2001 From: bunkerity Date: Fri, 11 Jun 2021 11:39:36 +0200 Subject: [PATCH] self-signed cert - fix bugs --- confs/site/https.conf | 2 +- entrypoint/jobs.sh | 2 +- settings.json | 63 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 2 deletions(-) diff --git a/confs/site/https.conf b/confs/site/https.conf index 0ed523f..a3fab62 100644 --- a/confs/site/https.conf +++ b/confs/site/https.conf @@ -6,7 +6,7 @@ listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %}; {% elif USE_CUSTOM_HTTPS == "yes" %} {% set x = paths.update({"cert": CUSTOM_HTTPS_CERT}) %} {% set x = paths.update({"key": CUSTOM_HTTPS_KEY}) %} -{% elif GENERATE_SELF_SIGNED_HTTPS == "yes" %} +{% elif GENERATE_SELF_SIGNED_SSL == "yes" %} {% if MULTISITE == "yes" %} {% set x = paths.update({"cert": "/etc/nginx/" + FIRST_SERVER + "/self-cert.pem"}) %} {% set x = paths.update({"key": "/etc/nginx/" + FIRST_SERVER + "/self-key.pem"}) %} diff --git a/entrypoint/jobs.sh b/entrypoint/jobs.sh index 698a6e2..e34e470 100644 --- a/entrypoint/jobs.sh +++ b/entrypoint/jobs.sh @@ -19,7 +19,7 @@ if [ "$files" != " " ] ; then SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)" SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)" SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)" - openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1) + openssl_output=$(openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days "$SELF_SIGNED_SSL_EXPIRY" -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN" 2>&1) if [ $? -eq 0 ] ; then echo "[*] Generated self-signed certificate ${dest}self-cert.pem with key ${dest}self-key.pem" else diff --git a/settings.json b/settings.json index f7b0ab8..2c64861 100644 --- a/settings.json +++ b/settings.json @@ -599,6 +599,69 @@ "label": "Generate a self-signed TLS certificate", "regex": "^(yes|no)$", "type": "checkbox" + }, + { + "context": "multisite", + "default": "365", + "env": "SELF_SIGNED_SSL_EXPIRY", + "id": "self-signed-ssl-expiry", + "label": "Expire date of the self-signed certificate", + "regex": "^[0-9]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "CH", + "env": "SELF_SIGNED_SSL_COUNTRY", + "id": "self-signed-ssl-country", + "label": "Country of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "Switzerland", + "env": "SELF_SIGNED_SSL_STATE", + "id": "self-signed-ssl-state", + "label": "State of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "Bern", + "env": "SELF_SIGNED_SSL_CITY", + "id": "self-signed-ssl-city", + "label": "City of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "IT", + "env": "SELF_SIGNED_SSL_OU", + "id": "self-signed-ssl-ou", + "label": "Organizational Unit of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "Acme Inc", + "env": "SELF_SIGNED_SSL_ORG", + "id": "self-signed-ssl-org", + "label": "Organization name of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" + }, + { + "context": "multisite", + "default": "bunkerized", + "env": "SELF_SIGNED_SSL_CN", + "id": "self-signed-ssl-cn", + "label": "Common Name of the self-signed certificate", + "regex": "^[:print:]+$", + "type": "text" } ] },