sthope/sthope-examples
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update 'docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh'

Browse Source
This commit is contained in:
sthope 2021-09-03 02:17:00 +02:00
parent 2b0948ffce
commit 32cb326ad7
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docker_portainer_stacks/portainer/setup-dockerapi-master-withtls → docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh
View File

@ -4,8 +4,9 @@
################################### ###################################
#### USAGE #### USAGE
# bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)" # clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)"
# #
mkdir -p /opt/certs
findRandomTcpPort(){ findRandomTcpPort(){
port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
@ -22,23 +23,23 @@ p=$(findRandomTcpPort)
MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n') MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
function openssl_genrsa_pass { function openssl_genrsa_pass {
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > remember2delete LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > /opt/certs/remember2delete
} }
$(openssl_genrsa_pass);cat remember2delete $(openssl_genrsa_pass);cat /opt/certs/remember2delete
openssl genrsa -aes256 -passout file:remember2delete -out ca-key.pem 4096 openssl genrsa -aes256 -passout file:/opt/certs/remember2delete -out /opt/certs/ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem -passin file:remember2delete \ openssl req -new -x509 -days 365 -key /opt/certs/ca-key.pem -sha256 -out /opt/certs/ca.pem -passin file:/opt/certs/remember2delete \
-subj "/C=US/CN=$MY_IP" -subj "/C=US/CN=$MY_IP"
openssl genrsa -out server-key.pem 4096 openssl genrsa -out /opt/certs/server-key.pem 4096
echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> /opt/certs/extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf echo extendedKeyUsage = serverAuth >> /opt/certs/extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ openssl x509 -req -days 365 -sha256 -in /opt/certs/server.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf -CAcreateserial -out /opt/certs/server-cert.pem -extfile /opt/certs/extfile.cnf
clear clear
echo "##########################################################" echo "##########################################################"