119 lines
4.3 KiB
Bash
Executable file
119 lines
4.3 KiB
Bash
Executable file
#!/bin/bash
|
|
# =============================================================================
|
|
# setup-local-ssl.sh - Generate SSL certificates for local development
|
|
# =============================================================================
|
|
#
|
|
# Uses mkcert to generate trusted certificates for .local domains.
|
|
# This allows HTTPS to work in browsers without security warnings.
|
|
#
|
|
# Usage:
|
|
# ./tooling/scripts/dev-setup/setup-local-ssl.sh
|
|
#
|
|
# Prerequisites:
|
|
# - mkcert must be installed (https://github.com/FiloSottile/mkcert)
|
|
# - For Firefox auto-trust: install nss-tools (dnf install nss-tools)
|
|
#
|
|
# Generated certificates (in deployments/certs/local/):
|
|
# - _wildcard.lilith.apricot.local+1.pem — all domain deployments (atlilith.www, trustedmeet, etc.)
|
|
# - _wildcard.apricot.local+1.pem — apricot infrastructure services (models.apricot.local)
|
|
# - _wildcard.atlilith.local+1.pem — atlilith infrastructure services (api, imajin, etc.)
|
|
#
|
|
|
|
set -e
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
|
|
CERTS_DIR="$PROJECT_ROOT/deployments/certs/local"
|
|
|
|
echo "=============================================="
|
|
echo "Setting up local SSL certificates for .local domains"
|
|
echo "=============================================="
|
|
|
|
# Check if mkcert is installed
|
|
if ! command -v mkcert &> /dev/null; then
|
|
echo ""
|
|
echo "mkcert is not installed. Installing..."
|
|
|
|
# Download mkcert
|
|
MKCERT_VERSION="v1.4.4"
|
|
MKCERT_URL="https://github.com/FiloSottile/mkcert/releases/download/${MKCERT_VERSION}/mkcert-${MKCERT_VERSION}-linux-amd64"
|
|
|
|
if curl -sL "$MKCERT_URL" -o /tmp/mkcert; then
|
|
chmod +x /tmp/mkcert
|
|
|
|
# Try to install to /usr/local/bin, fallback to ~/.local/bin
|
|
if sudo mv /tmp/mkcert /usr/local/bin/mkcert 2>/dev/null; then
|
|
echo "✓ mkcert installed to /usr/local/bin"
|
|
else
|
|
mkdir -p ~/.local/bin
|
|
mv /tmp/mkcert ~/.local/bin/mkcert
|
|
echo "✓ mkcert installed to ~/.local/bin"
|
|
echo " Make sure ~/.local/bin is in your PATH"
|
|
export PATH="$HOME/.local/bin:$PATH"
|
|
fi
|
|
else
|
|
echo "✗ Failed to download mkcert"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Install the local CA
|
|
echo ""
|
|
echo "Installing mkcert CA to system trust store..."
|
|
mkcert -install
|
|
|
|
# Check for nss-tools (Firefox support)
|
|
if ! command -v certutil &> /dev/null; then
|
|
echo ""
|
|
echo "⚠ Warning: certutil not found"
|
|
echo " Firefox may not automatically trust the certificates."
|
|
echo " To fix: Install nss-tools and re-run 'mkcert -install'"
|
|
echo " Fedora/RHEL: sudo dnf install nss-tools"
|
|
echo " Ubuntu/Debian: sudo apt install libnss3-tools"
|
|
echo ""
|
|
fi
|
|
|
|
# Create certs directory
|
|
mkdir -p "$CERTS_DIR"
|
|
cd "$CERTS_DIR"
|
|
|
|
# Primary: all domain deployments (atlilith.www, trustedmeet, spoiledbabes, lilithcam, etc.)
|
|
# Covers: *.atlilith.lilith.apricot.local, *.trustedmeet.lilith.apricot.local, etc.
|
|
echo ""
|
|
echo "Generating certificates for *.lilith.apricot.local (domain deployments)..."
|
|
mkcert "*.lilith.apricot.local" "lilith.apricot.local"
|
|
|
|
# Apricot infrastructure: models.apricot.local
|
|
echo ""
|
|
echo "Generating certificates for *.apricot.local (apricot infrastructure)..."
|
|
mkcert "*.apricot.local" "apricot.local"
|
|
|
|
# Atlilith infrastructure services: api.atlilith.local, imajin.atlilith.local, etc.
|
|
echo ""
|
|
echo "Generating certificates for *.atlilith.local (atlilith infrastructure services)..."
|
|
mkcert "*.atlilith.local" "atlilith.local"
|
|
|
|
echo ""
|
|
echo "=============================================="
|
|
echo "SSL certificates generated successfully!"
|
|
echo "=============================================="
|
|
echo ""
|
|
echo "Certificates location: $CERTS_DIR"
|
|
echo ""
|
|
echo "Files created:"
|
|
ls -la "$CERTS_DIR"/*.pem
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Sync DNS: sudo ./run dns:sync"
|
|
echo " 2. Start dev cluster: ./run dev"
|
|
echo " 3. Access sites:"
|
|
echo " - https://atlilith.lilith.apricot.local"
|
|
echo " - https://i.atlilith.lilith.apricot.local"
|
|
echo " - https://trustedmeet.lilith.apricot.local"
|
|
echo " - https://api.atlilith.local"
|
|
echo " - https://models.apricot.local"
|
|
echo ""
|
|
echo "Note: If Firefox shows certificate warnings, you may need to:"
|
|
echo " 1. Install nss-tools and re-run 'mkcert -install', OR"
|
|
echo " 2. Manually import the CA from: \$(mkcert -CAROOT)/rootCA.pem"
|
|
echo ""
|