library/haproxy/1.8-alpine/bin/generate-default-crt.sh
crusader 1f98fc734c ing
2018-10-27 12:58:37 +09:00

29 lines
953 B
Bash

#!/bin/sh
set -e
generate_default_certificate() {
local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt
local DEFAULT_CRT_KEY_PATH=/tmp/default_key.pem
local DEFAULT_CRT_CA_PATH=/tmp/default_ca.pem
local DEFAULT_CRT_CERT_PATH=/etc/haproxy/ssl/default-cert.pem
if [[ ! -f ${DEFAULT_CRT_CERT_PATH} ]]; then
openssl req -x509 -newkey rsa:2048 -keyout ${DEFAULT_CRT_KEY_PATH} -out ${DEFAULT_CRT_CA_PATH} -days 90 -nodes -subj '/CN=*/O=Temp SSL Cert/C=US'
cat ${DEFAULT_CRT_KEY_PATH} ${DEFAULT_CRT_CA_PATH} > ${DEFAULT_CRT_CERT_PATH}
rm ${DEFAULT_CRT_KEY_PATH} ${DEFAULT_CRT_CA_PATH}
echo "Default certification is generated in ${DEFAULT_CRT_CERT_PATH}"
fi
mkdir -p /etc/haproxy/ssl
if [[ ! -f ${CRT_LIST_PATH} ]]; then
touch ${CRT_LIST_PATH}
echo -e "$DEFAULT_CRT_CERT_PATH www.example.com" > ${CRT_LIST_PATH}
echo "Certification list file is generated in ${CRT_LIST_PATH}"
fi
}
generate_default_certificate