| 1 |
#!/bin/bash |
| 2 |
|
| 3 |
# Script to generate self-signed SSL certificates for development |
| 4 |
# For production, use proper certificates from Let's Encrypt or a CA |
| 5 |
|
| 6 |
set -e |
| 7 |
|
| 8 |
SSL_DIR="nginx/ssl" |
| 9 |
CERT_FILE="$SSL_DIR/cert.pem" |
| 10 |
KEY_FILE="$SSL_DIR/key.pem" |
| 11 |
|
| 12 |
echo "Generating self-signed SSL certificate for ZephyrFS..." |
| 13 |
|
| 14 |
# Create SSL directory if it doesn't exist |
| 15 |
mkdir -p "$SSL_DIR" |
| 16 |
|
| 17 |
# Generate private key |
| 18 |
openssl genrsa -out "$KEY_FILE" 2048 |
| 19 |
|
| 20 |
# Generate certificate signing request |
| 21 |
openssl req -new -key "$KEY_FILE" -out "$SSL_DIR/cert.csr" -subj "/C=US/ST=State/L=City/O=ZephyrFS/OU=Development/CN=localhost" |
| 22 |
|
| 23 |
# Generate self-signed certificate |
| 24 |
openssl x509 -req -days 365 -in "$SSL_DIR/cert.csr" -signkey "$KEY_FILE" -out "$CERT_FILE" -extensions v3_req -extfile <(cat <<EOF |
| 25 |
[v3_req] |
| 26 |
keyUsage = keyEncipherment, dataEncipherment |
| 27 |
extendedKeyUsage = serverAuth |
| 28 |
subjectAltName = @alt_names |
| 29 |
|
| 30 |
[alt_names] |
| 31 |
DNS.1 = localhost |
| 32 |
DNS.2 = zephyrfs.local |
| 33 |
DNS.3 = *.zephyrfs.local |
| 34 |
IP.1 = 127.0.0.1 |
| 35 |
IP.2 = ::1 |
| 36 |
EOF |
| 37 |
) |
| 38 |
|
| 39 |
# Clean up CSR |
| 40 |
rm "$SSL_DIR/cert.csr" |
| 41 |
|
| 42 |
# Set proper permissions |
| 43 |
chmod 600 "$KEY_FILE" |
| 44 |
chmod 644 "$CERT_FILE" |
| 45 |
|
| 46 |
echo "SSL certificate generated successfully!" |
| 47 |
echo "Certificate: $CERT_FILE" |
| 48 |
echo "Private key: $KEY_FILE" |
| 49 |
echo "" |
| 50 |
echo "For production deployment:" |
| 51 |
echo "1. Replace these files with proper certificates from Let's Encrypt or a CA" |
| 52 |
echo "2. Update the certificate paths in nginx/nginx.conf if needed" |
| 53 |
echo "3. Ensure proper file permissions (600 for key, 644 for cert)" |