scripts(dev-setup): 🔨 Add script to auto-generate self-signed SSL certificates for local HTTPS support

Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
This commit is contained in:
Quinn Ftw 2026-03-18 23:19:12 -07:00
parent d64494e351
commit b121da7d33

View file

@ -7,24 +7,23 @@
# This allows HTTPS to work in browsers without security warnings.
#
# Usage:
# ./infrastructure/scripts/dev-setup/setup-local-ssl.sh
# ./tooling/scripts/dev-setup/setup-local-ssl.sh
#
# Prerequisites:
# - mkcert must be installed (https://github.com/FiloSottile/mkcert)
# - For Firefox auto-trust: install nss-tools (dnf install nss-tools)
#
# Generated certificates:
# - infrastructure/certs/local/_wildcard.atlilith.local+1.pem
# - infrastructure/certs/local/_wildcard.atlilith.local+1-key.pem
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1.pem
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1-key.pem
# Generated certificates (in deployments/certs/local/):
# - _wildcard.lilith.apricot.local+1.pem — all domain deployments (atlilith.www, trustedmeet, etc.)
# - _wildcard.apricot.local+1.pem — apricot infrastructure services (models.apricot.local)
# - _wildcard.atlilith.local+1.pem — atlilith infrastructure services (api, imajin, etc.)
#
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
CERTS_DIR="$PROJECT_ROOT/infrastructure/certs/local"
CERTS_DIR="$PROJECT_ROOT/deployments/certs/local"
echo "=============================================="
echo "Setting up local SSL certificates for .local domains"
@ -78,14 +77,21 @@ fi
mkdir -p "$CERTS_DIR"
cd "$CERTS_DIR"
# Generate certificates
# Primary: all domain deployments (atlilith.www, trustedmeet, spoiledbabes, lilithcam, etc.)
# Covers: *.atlilith.lilith.apricot.local, *.trustedmeet.lilith.apricot.local, etc.
echo ""
echo "Generating certificates for atlilith.local..."
mkcert "*.atlilith.local" "atlilith.local"
echo "Generating certificates for *.lilith.apricot.local (domain deployments)..."
mkcert "*.lilith.apricot.local" "lilith.apricot.local"
# Apricot infrastructure: models.apricot.local
echo ""
echo "Generating certificates for trustedmeet.local..."
mkcert "*.trustedmeet.local" "trustedmeet.local"
echo "Generating certificates for *.apricot.local (apricot infrastructure)..."
mkcert "*.apricot.local" "apricot.local"
# Atlilith infrastructure services: api.atlilith.local, imajin.atlilith.local, etc.
echo ""
echo "Generating certificates for *.atlilith.local (atlilith infrastructure services)..."
mkcert "*.atlilith.local" "atlilith.local"
echo ""
echo "=============================================="
@ -98,11 +104,14 @@ echo "Files created:"
ls -la "$CERTS_DIR"/*.pem
echo ""
echo "Next steps:"
echo " 1. Restart the dev cluster: ./run dev:stop && ./run dev"
echo " 2. Access sites via HTTPS:"
echo " - https://status.atlilith.local"
echo " - https://admin.atlilith.local"
echo " - https://www.trustedmeet.local"
echo " 1. Sync DNS: sudo ./run dns:sync"
echo " 2. Start dev cluster: ./run dev"
echo " 3. Access sites:"
echo " - https://atlilith.lilith.apricot.local"
echo " - https://i.atlilith.lilith.apricot.local"
echo " - https://trustedmeet.lilith.apricot.local"
echo " - https://api.atlilith.local"
echo " - https://models.apricot.local"
echo ""
echo "Note: If Firefox shows certificate warnings, you may need to:"
echo " 1. Install nss-tools and re-run 'mkcert -install', OR"