push certificates + README OK
parent
c3c5684b56
commit
33cb713a6f
@ -1,5 +0,0 @@
|
|||||||
CA_SUBJECT="/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA"
|
|
||||||
SERVER_SUBJECT="/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.lokiserver.com"
|
|
||||||
SERVER_DNS="DNS:lokiserver.com,DNS:www.lokiserver.com"
|
|
||||||
CLIENT_SUBJECT="/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.promtailclient.com"
|
|
||||||
CLIENT_DNS="DNS:promtailclient.com,DNS:www.promtailclient.com"
|
|
@ -1,29 +1,31 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Load .env
|
if [ "$(id -u)" -ne 0 ]
|
||||||
if [ -f .env ]; then
|
then
|
||||||
export $(grep -v '^#' .env | xargs -0)
|
echo "Ce script doit être exécuté en tant qu'utilisateur root"
|
||||||
else
|
|
||||||
echo "Error: .env file not found."
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CERT_DIR="loki/cert"
|
generate_certificates() {
|
||||||
mkdir -p "$CERT_DIR"
|
domain=$1
|
||||||
|
key_file="${domain}.key"
|
||||||
|
csr_file="${domain}.csr"
|
||||||
|
crt_file="${domain}.crt"
|
||||||
|
|
||||||
# Root CA certificate
|
openssl req -newkey rsa:4096 -nodes -keyout "${key_file}" -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=${domain}" -out "${csr_file}"
|
||||||
openssl req -newkey rsa:4096 -nodes -keyout ca.key -subj "$CA_SUBJECT" -out ca.csr
|
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${domain},DNS:www.${domain}") -days 1365 -in "${csr_file}" -CA ca.crt -CAkey ca.key -CAcreateserial -out "${crt_file}"
|
||||||
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out "$CERT_DIR/ca.crt"
|
|
||||||
|
|
||||||
# Server certificate
|
mv "${crt_file}" "${key_file}" "${2}/cert/"
|
||||||
openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/server.key" -subj "$SERVER_SUBJECT" -out "$CERT_DIR/server.csr"
|
}
|
||||||
openssl x509 -req -extfile <(printf "subjectAltName=$SERVER_DNS") -days 1365 -in "$CERT_DIR/server.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/server.crt"
|
|
||||||
|
|
||||||
# Client certificate
|
openssl genrsa -out ca.key 4096
|
||||||
openssl req -newkey rsa:4096 -nodes -keyout "$CERT_DIR/client.key" -subj "$CLIENT_SUBJECT" -out "$CERT_DIR/client.csr"
|
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
|
||||||
openssl x509 -req -extfile <(printf "subjectAltName=$CLIENT_DNS") -days 1365 -in "$CERT_DIR/client.csr" -CA "$CERT_DIR/ca.crt" -CAkey ca.key -CAcreateserial -out "$CERT_DIR/client.crt"
|
|
||||||
|
|
||||||
# Clean up!
|
mkdir -p loki/cert
|
||||||
rm -f ca.csr "$CERT_DIR/server.csr" "$CERT_DIR/client.csr" ca.srl
|
mkdir -p promtail/cert
|
||||||
|
|
||||||
echo "Certificate generation completed successfully. Certificates are stored in the '$CERT_DIR' directory."
|
generate_certificates "lokiserver.com" "loki"
|
||||||
|
generate_certificates "promtailclient.com" "promtail"
|
||||||
|
|
||||||
|
cp ca.crt loki/cert/
|
||||||
|
cp ca.crt promtail/cert/
|
||||||
|
@ -0,0 +1,21 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDhzCCAm+gAwIBAgIUWEzDZNqMbKoBCs/UHfEPZeeF838wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjETMBEG
|
||||||
|
A1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwMQWNtZSBSb290IENBMB4XDTI0MDIw
|
||||||
|
OTEwMDE1MFoXDTI1MDIwODEwMDE1MFowUzELMAkGA1UEBhMCQ04xCzAJBgNVBAgM
|
||||||
|
AkdEMQswCQYDVQQHDAJTWjETMBEGA1UECgwKQWNtZSwgSW5jLjEVMBMGA1UEAwwM
|
||||||
|
QWNtZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYlH
|
||||||
|
CvN9x6GUrXo568xazEfhy5MBXe21YT8fpBP4vmb9Xyl2VF6s+zVzJqoQHnKUxGVU
|
||||||
|
WquU7yHqepABrggxwd1zgKnjjPzzBFLbvdKKVOUtfDO0IVQEGLicHrU5dE1tgI6G
|
||||||
|
+zyi9qmmoqZ3WXdOvhZAbyoE14jaO3dkI9tMBHRBPo+bbKq0B4V8Tga5TI4yEZHg
|
||||||
|
w+k4i83E/WJ9E+Wz9HE5fGmfXnCKgJuS5KqeDWWpX65Jcg3RJuOjY387nMyKdcT6
|
||||||
|
FXX0//hoUftgO4zycWWRzh0CLxuOjVarouSx+mZ66OXAxDxkM2zNK0eN0S+j9Wwn
|
||||||
|
NUwqexkQzrP3OVdcmQIDAQABo1MwUTAdBgNVHQ4EFgQUhvfSgqCngM7SaNvBRUVE
|
||||||
|
yxKJlVEwHwYDVR0jBBgwFoAUhvfSgqCngM7SaNvBRUVEyxKJlVEwDwYDVR0TAQH/
|
||||||
|
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAG/JKJ0usuXO7+gB+mmFnnuctvaqd
|
||||||
|
UtCQgdwRv+EzPUyfgq7YHW3RfHowFwsRxjJDuOOWwDlKDjRKGPABXbqWG/c+BFvR
|
||||||
|
HqWxUcbcXbfaBnNmVFBECdBNgr8yPeOBuEqdeqLQsEeIumxonDO5MQIZE7NyOEVr
|
||||||
|
lnTzqlbi+YwMPCr6CCXI75eqbht7z2L6JCvaWdQfqKTGiJVFCqQJmj3X1Vs1ibRN
|
||||||
|
l+/6oWriDvjucP7B7YDKPNFJp4MjHWGB9PbW+kVeQAnQDl1s4IkLDl0aaNVAI8Jf
|
||||||
|
gHlqGGQjk3Lba7FrQqZ3cU8zIHj4s3cwvlWFLmPRg8DHaFIf+/9OKzQkUw==
|
||||||
|
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue