kopia lustrzana https://github.com/c9/core
add https support to allow using service worker
nightwing
rodzic
9fcbaf5a35
commit
8d5b2881f8
|
|
@ -107,13 +107,23 @@ module.exports = function(config, optimist) {
|
|||
console.log("or use -a username:password to setup HTTP authentication\n");
|
||||
}
|
||||
|
||||
if (argv.secure) {
|
||||
var certPath = path.isAbsolute(argv.secure) ? argv.secure : path.join(__dirname, "..", argv.secure);
|
||||
var key = require("fs").readFileSync(certPath , "utf8");
|
||||
config.secure = {
|
||||
key: key.match(/^(-+BEGIN RSA PRIVATE KEY[\s\S]*END RSA PRIVATE KEY-+)/m)[0],
|
||||
cert: key.match(/^(-+BEGIN CERTIFICATE[\s\S]*END CERTIFICATE-+)/m)[0],
|
||||
};
|
||||
}
|
||||
|
||||
var plugins = [
|
||||
{
|
||||
packagePath: "connect-architect/connect",
|
||||
port: port,
|
||||
host: host,
|
||||
websocket: true,
|
||||
showRealIP: !config.mode
|
||||
showRealIP: !config.mode,
|
||||
secure: config.secure,
|
||||
},
|
||||
{
|
||||
packagePath: "connect-architect/connect.basicauth",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,78 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# http://apetec.com/support/GenerateSAN-CSR.htm
|
||||
# http://chschneider.eu/linux/server/openssl.shtml
|
||||
|
||||
DOMAIN=$1
|
||||
IP=$2
|
||||
if [ -z "$DOMAIN" ]; then DOMAIN=c9.dev; fi
|
||||
if [ -z "$IP" ]; then IP=127.0.0.1; fi
|
||||
|
||||
if [[ "$DOMAIN" =~ [/[:space:]] ]]; then echo "Invalid domain name $DOMAIN"; exit 1; fi
|
||||
|
||||
FQDN="
|
||||
IP.1 = $IP
|
||||
DNS.1 = $DOMAIN
|
||||
DNS.2 = *.$DOMAIN
|
||||
"
|
||||
|
||||
CRT_NAME=$DOMAIN
|
||||
|
||||
echo creating certificates for $FQDN at CRT_NAME
|
||||
|
||||
mkdir -p tmp
|
||||
pushd tmp
|
||||
echo '
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
|
||||
[req_distinguished_name]
|
||||
commonName = Internet Widgits Ltd
|
||||
commonName_max = 64
|
||||
|
||||
[ v3_req ]
|
||||
# Extensions to add to a certificate request
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
'"$FQDN" > openssl.cnf
|
||||
|
||||
# Generate a private key
|
||||
openssl genrsa -out $CRT_NAME.key 2048
|
||||
# Create the CSR file
|
||||
openssl req -new -out $CRT_NAME.csr -key $CRT_NAME.key -config openssl.cnf \
|
||||
-subj "/C=NL/ST=Noord-Holland/L=Amsterdam/OU=ACME Self Signed CA"
|
||||
|
||||
# check
|
||||
# openssl req -text -noout -in $CRT_NAME.csr
|
||||
|
||||
# Self-sign and create the certificate:
|
||||
openssl x509 -req -days 3650 -in $CRT_NAME.csr -signkey $CRT_NAME.key\
|
||||
-out $CRT_NAME.crt -extensions v3_req -extfile openssl.cnf
|
||||
|
||||
cat $CRT_NAME.crt > $CRT_NAME.pem
|
||||
cat $CRT_NAME.key >> $CRT_NAME.pem
|
||||
|
||||
mv $CRT_NAME.pem ../$CRT_NAME.pem
|
||||
mv $CRT_NAME.crt ../$CRT_NAME.crt
|
||||
popd
|
||||
rm -r tmp
|
||||
|
||||
echo '
|
||||
To add the custom cerificate:
|
||||
On Windows run
|
||||
cmd.exe /c "certmgr.msc" # to see installed certificates
|
||||
certutil -addstore "Root" '"$CRT_NAME"'.crt # to add certificate to root
|
||||
On Mac
|
||||
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain '"$CRT_NAME"'.crt
|
||||
On Linux
|
||||
TODO
|
||||
|
||||
For older versions of firefox set
|
||||
pref("security.enterprise_roots.enabled", true);
|
||||
'
|
||||
Ładowanie…
Reference in New Issue