188 lines
8.5 KiB
Bash
Executable File
188 lines
8.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
export DEPLOY_DIR="./deploy"
|
|
export CERTS_DIR="${DEPLOY_DIR}/certs/"
|
|
|
|
export GATEWAY_CN="egommerce.io,gateway.egommerce.local,api-gatway"
|
|
export GATEWAY_SAN="DNS:egommerce.io,DNS:gateway.egommerce.local,DNS:api-gateway,IP:127.0.0.1"
|
|
export EVENTBUS_CN="esb.egommerce.local,api-eventbus"
|
|
export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,IP:127.0.0.1"
|
|
export CACHE_CN="cache.egommerce.local,api-cache"
|
|
export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,IP:127.0.0.1"
|
|
export LOGGER_CN="logger.egommerce.local,api-logger"
|
|
export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,IP:127.0.0.1"
|
|
# export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus"
|
|
# export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,IP:127.0.0.1"
|
|
# export GRAFANA_CN="grafana.egommerce.local,api-grafana"
|
|
# export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,IP:127.0.0.1"
|
|
export POSTGRES_CN="db-postgres.egommerce.local,db-postgres"
|
|
export POSTGRES_SAN="DNS:db-postgres.egommerce.local,DNS:db-postgres,IP:127.0.0.1"
|
|
# export MONGO_CN="mongo.db.egommerce.local,db-mongo"
|
|
# export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,IP:127.0.0.1"
|
|
export IDENTITY_CN="identity-svc.egommerce.local"
|
|
export IDENTITY_SAN="DNS:identity-svc.egommerce.local,IP:127.0.0.1"
|
|
export CATALOG_CN="catalog-svc.egommerce.local,catalog-svc"
|
|
export CATALOG_SAN="DNS:catalog-svc.egommerce.local,DNS:catalog-svc,IP:127.0.0.1"
|
|
export BASKET_CN="basket-svc.egommerce.local,basket-svc"
|
|
export BASKET_SAN="DNS:basket-svc.egommerce.local,DNS:basket-svc,IP:127.0.0.1"
|
|
export ORDER_CN="order-svc.egommerce.local,order-svc"
|
|
export ORDER_SAN="DNS:order-svc.egommerce.local,DNS:order-svc,IP:127.0.0.1"
|
|
export PRICING_CN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc"
|
|
export PRICING_SAN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc,IP:127.0.0.1"
|
|
|
|
# Create required directories
|
|
mkdir -p \
|
|
${CERTS_DIR} \
|
|
${CERTS_DIR}ca-root \
|
|
${CERTS_DIR}api-gateway \
|
|
${CERTS_DIR}api-eventbus \
|
|
${CERTS_DIR}api-cache \
|
|
${CERTS_DIR}api-logger \
|
|
${CERTS_DIR}db-postgres \
|
|
${CERTS_DIR}identity-svc \
|
|
${CERTS_DIR}basket-svc \
|
|
${CERTS_DIR}catalog-svc \
|
|
${CERTS_DIR}order-svc \
|
|
${CERTS_DIR}pricing-svc
|
|
|
|
# Generate Root CA cert
|
|
openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
|
|
-keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
|
|
|
|
# Create fullchain pem file
|
|
cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem
|
|
|
|
|
|
# Generate Gateway cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GATEWAY_CN" \
|
|
-keyout ${CERTS_DIR}api-gateway/api-gateway.key \
|
|
-out ${CERTS_DIR}api-gateway/api-gateway.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
|
|
-out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null
|
|
|
|
# Create fullchain pem file
|
|
cat ${CERTS_DIR}api-gateway/api-gateway.key ${CERTS_DIR}api-gateway/api-gateway.crt > ${CERTS_DIR}api-gateway/api-gateway.pem
|
|
|
|
|
|
# Generate Eventbus cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \
|
|
-keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \
|
|
-out ${CERTS_DIR}api-eventbus/api-eventbus.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
|
|
-out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null
|
|
|
|
|
|
# Generate Cache cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \
|
|
-keyout ${CERTS_DIR}api-cache/api-cache.key \
|
|
-out ${CERTS_DIR}api-cache/api-cache.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
|
|
-out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null
|
|
|
|
|
|
# Generate Logger cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \
|
|
-keyout ${CERTS_DIR}api-logger/api-logger.key \
|
|
-out ${CERTS_DIR}api-logger/api-logger.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
|
|
-out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null
|
|
|
|
|
|
# Generate Postgres cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
|
|
-keyout ${CERTS_DIR}db-postgres/db-postgres.key \
|
|
-out ${CERTS_DIR}db-postgres/db-postgres.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
|
|
-out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null
|
|
|
|
|
|
# Generate Identity cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \
|
|
-keyout ${CERTS_DIR}identity-svc/identity-svc.key \
|
|
-out ${CERTS_DIR}identity-svc/identity-svc.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
|
|
-out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null
|
|
|
|
|
|
# Generate Basket cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \
|
|
-keyout ${CERTS_DIR}basket-svc/basket-svc.key \
|
|
-out ${CERTS_DIR}basket-svc/basket-svc.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
|
|
-out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null
|
|
|
|
|
|
# Generate Catalog cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \
|
|
-keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \
|
|
-out ${CERTS_DIR}catalog-svc/catalog-svc.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
|
|
-out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null
|
|
|
|
|
|
# Generate Order cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \
|
|
-keyout ${CERTS_DIR}order-svc/order-svc.key \
|
|
-out ${CERTS_DIR}order-svc/order-svc.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
|
|
-out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null
|
|
|
|
|
|
# Generate Pricing cert
|
|
openssl req -newkey rsa:2048 -nodes \
|
|
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \
|
|
-keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \
|
|
-out ${CERTS_DIR}pricing-svc/pricing-svc.csr >/dev/null
|
|
|
|
openssl x509 -req -days 365 \
|
|
-in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
|
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
|
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
|
|
-out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null
|