init

2026-05-26 12:27:23 +02:00
parent 39e23546e8
commit ffd8b3e5c9
26 changed files with 1514 additions and 1 deletions
@@ -0,0 +1,25 @@
+#!/bin/sh
+# Generates a self-signed TLS certificate on first container start so the
+# frontend can be served over HTTPS out of the box.
+set -e
+
+CERT_DIR=/etc/nginx/certs
+CERT_FILE="$CERT_DIR/cert.pem"
+KEY_FILE="$CERT_DIR/key.pem"
+
+mkdir -p "$CERT_DIR"
+
+if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then
+  echo "[ssl] existing certificate found, skipping generation"
+  exit 0
+fi
+
+echo "[ssl] generating self-signed certificate for localhost"
+openssl req -x509 -nodes -newkey rsa:2048 \
+  -days 3650 \
+  -keyout "$KEY_FILE" \
+  -out "$CERT_FILE" \
+  -subj "/CN=localhost" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
+echo "[ssl] certificate written to $CERT_DIR"