-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathentrypoint.sh
executable file
·45 lines (37 loc) · 1.37 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/sh
export SERVER_SSL_KEY=${SERVER_SSL_KEY:-ssl/server.key}
export SERVER_SSL_CRT=${SERVER_SSL_CRT:-ssl/server.crt}
SERVER_SSL_CSR=ssl/service.csr
SERVER_SSL_CA_KEY=ssl/service_ca.key
SERVER_SSL_CA_CRT=ssl/service_ca.crt
if [ -f "$SERVER_SSL_KEY" ] && [ -f "$SERVER_SSL_CRT" ]; then
echo "service ssl crt and key already exist"
elif [ "$SERVER_USE_SSL" = "true" ]; then
echo "Gen service ssl key and crt"
openssl genrsa -out ${SERVER_SSL_CA_KEY} 4096
openssl req \
-new -x509 -days 3650 \
-key ${SERVER_SSL_CA_KEY} \
-subj "/C=US/ST=NY/L=NY/O=PentAGI/OU=Project/CN=PentAGI CA" \
-out ${SERVER_SSL_CA_CRT}
openssl req \
-newkey rsa:4096 \
-sha256 \
-nodes \
-keyout ${SERVER_SSL_KEY} \
-subj "/C=US/ST=NY/L=NY/O=PentAGI/OU=Project/CN=localhost" \
-out ${SERVER_SSL_CSR}
echo "subjectAltName=DNS:pentagi.local" > extfile.tmp
echo "keyUsage=critical,digitalSignature,keyAgreement" >> extfile.tmp
openssl x509 -req \
-days 730 \
-extfile extfile.tmp \
-in ${SERVER_SSL_CSR} \
-CA ${SERVER_SSL_CA_CRT} -CAkey ${SERVER_SSL_CA_KEY} -CAcreateserial \
-out ${SERVER_SSL_CRT}
rm extfile.tmp
cat ${SERVER_SSL_CA_CRT} >> ${SERVER_SSL_CRT}
chmod g+r ${SERVER_SSL_KEY}
chmod g+r ${SERVER_SSL_CA_KEY}
fi
exec "$@"