#!/bin/bash
###################################
############ by Sthope ############
###################################

#### USAGE
# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)"
#
mkdir -p /opt/certs

findRandomTcpPort(){
	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
	while :
	do
		(echo >/dev/tcp/localhost/$port) &>/dev/null &&  port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) || break
	done
	echo "$port"
}
p=$(findRandomTcpPort)

# MY_HOSTNAME=$(getent hosts $(hostname) | awk '{print $2}')
# MY_HOSTNAME=$(getent hosts $(hostname) | awk '{print $1}')
MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')

function openssl_genrsa_pass {
    LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > /opt/certs/remember2delete
}

$(openssl_genrsa_pass);cat /opt/certs/remember2delete

openssl genrsa -aes256  -passout file:/opt/certs/remember2delete -out /opt/certs/ca-key.pem 4096

openssl req -new -x509 -days 365 -key /opt/certs/ca-key.pem -sha256 -out /opt/certs/ca.pem -passin file:/opt/certs/remember2delete \
 -subj "/C=US/CN=$MY_IP"

openssl genrsa -out /opt/certs/server-key.pem 4096

echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> /opt/certs/extfile.cnf
echo extendedKeyUsage = serverAuth >> /opt/certs/extfile.cnf

openssl x509 -req -days 365 -sha256 -in /opt/certs/server.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
  -CAcreateserial -out /opt/certs/server-cert.pem -extfile /opt/certs/extfile.cnf

clear
echo "##########################################################"
echo "Save this password and delete the file: ";cat remember2delete; echo "                  "
echo "##########################################################"
echo "############################# by Sthope ##################"
echo "##########################################################"
rm ./.bash_history