docker-apache-2.4/data/docker-entrypoint.d/08-cert-gen.sh at a03f169ada5630112286eacf66235c9c69bc6fee · devilbox/docker-apache-2.4 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/usr/bin/env bash

set -e
set -u
set -o pipefail


############################################################
# Functions
############################################################

###
### Generate CA
###
cert_gen_generate_ca() {
	local key="${1}"
	local crt="${2}"
	local verbose="${3}"
	local debug="${4}"
	local def_days="${5:-}"

	# Create directories
	if [ ! -d "$( dirname "${key}" )" ]; then
		run "mkdir -p $( dirname ${key} )" "${debug}"
	fi
	if [ ! -d "$( dirname "${crt}" )" ]; then
		run "mkdir -p $( dirname ${crt} )" "${debug}"
	fi

	# cert-gen verbosity
	if [ "${verbose}" -gt "0" ]; then
		verbose="-v"
	else
		verbose=""
	fi

	# user defined custom days
	if [ -z "${def_days}"  ]; then
		def_days="820"
	else
		def_days="${5}"
	fi

	# Generate CA if it does not exist yet
	if [ ! -f "${key}" ] || [ ! -f "${crt}" ]; then
		run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' -d ${def_days} ${key} ${crt}" "${DEBUG_LEVEL}"
	fi
}


###
### Generate SSL certificate
###
cert_gen_generate_cert() {
	local enable="${1}"
	local ssl_type="${2}"
	local ca_key="${3}"
	local ca_crt="${4}"
	local key="${5}"
	local csr="${6}"
	local crt="${7}"
	local domains="${8}"
	local verbose="${9}"
	local debug="${10}"
	local def_days="${11:-}"

	# If not enabled, skip SSL certificate eneration
	if [ "${enable}" != "1" ]; then
		return
	fi

	# If no SSL is requested, skip the SSL certificate generation
	if [ "${ssl_type}" = "plain" ]; then
		return
	fi

	# Create directories
	if [ ! -d "$( dirname "${key}" )" ]; then
		run "mkdir -p $( dirname ${key} )" "${debug}"
	fi
	if [ ! -d "$( dirname "${csr}" )" ]; then
		run "mkdir -p $( dirname ${csr} )" "${debug}"
	fi
	if [ ! -d "$( dirname "${crt}" )" ]; then
		run "mkdir -p $( dirname ${crt} )" "${debug}"
	fi

	# cert-gen verbosity
	if [ "${verbose}" -gt "0" ]; then
		verbose="-v"
	else
		verbose=""
	fi

	# user defined custom days
	if [ -z "${def_days}"  ]; then
		def_days="820"
	else
		def_days="${11}"
	fi

	# Get domain name and alt_names
	cn=
	alt_names=
	for domain in ${domains//,/ }; do
		domain="$( echo "${domain}" | xargs )" # trim

		# First domain goes into CN
		if [ -z "${cn}" ]; then
			cn="${domain}"
		fi
		# Create space separated list
		alt_names=" ${alt_names} ${domain}"
	done
	alt_names="$( echo "${alt_names}" | xargs )" # tim

	run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' -d ${def_days} ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}"
}