26 lines
674 B
Bash
26 lines
674 B
Bash
#!/bin/sh
|
|
# Generates a self-signed TLS certificate on first container start so the
|
|
# frontend can be served over HTTPS out of the box.
|
|
set -e
|
|
|
|
CERT_DIR=/etc/nginx/certs
|
|
CERT_FILE="$CERT_DIR/cert.pem"
|
|
KEY_FILE="$CERT_DIR/key.pem"
|
|
|
|
mkdir -p "$CERT_DIR"
|
|
|
|
if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then
|
|
echo "[ssl] existing certificate found, skipping generation"
|
|
exit 0
|
|
fi
|
|
|
|
echo "[ssl] generating self-signed certificate for localhost"
|
|
openssl req -x509 -nodes -newkey rsa:2048 \
|
|
-days 3650 \
|
|
-keyout "$KEY_FILE" \
|
|
-out "$CERT_FILE" \
|
|
-subj "/CN=localhost" \
|
|
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
|
|
|
|
echo "[ssl] certificate written to $CERT_DIR"
|