Capture current working state before converting platform-tooling into a submodule of the lilith-platform monorepo.
110 lines
3.7 KiB
Bash
Executable file
110 lines
3.7 KiB
Bash
Executable file
#!/bin/bash
|
|
# =============================================================================
|
|
# setup-local-ssl.sh - Generate SSL certificates for local development
|
|
# =============================================================================
|
|
#
|
|
# Uses mkcert to generate trusted certificates for .local domains.
|
|
# This allows HTTPS to work in browsers without security warnings.
|
|
#
|
|
# Usage:
|
|
# ./infrastructure/scripts/dev-setup/setup-local-ssl.sh
|
|
#
|
|
# Prerequisites:
|
|
# - mkcert must be installed (https://github.com/FiloSottile/mkcert)
|
|
# - For Firefox auto-trust: install nss-tools (dnf install nss-tools)
|
|
#
|
|
# Generated certificates:
|
|
# - infrastructure/certs/local/_wildcard.atlilith.local+1.pem
|
|
# - infrastructure/certs/local/_wildcard.atlilith.local+1-key.pem
|
|
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1.pem
|
|
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1-key.pem
|
|
#
|
|
|
|
set -e
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
|
|
CERTS_DIR="$PROJECT_ROOT/infrastructure/certs/local"
|
|
|
|
echo "=============================================="
|
|
echo "Setting up local SSL certificates for .local domains"
|
|
echo "=============================================="
|
|
|
|
# Check if mkcert is installed
|
|
if ! command -v mkcert &> /dev/null; then
|
|
echo ""
|
|
echo "mkcert is not installed. Installing..."
|
|
|
|
# Download mkcert
|
|
MKCERT_VERSION="v1.4.4"
|
|
MKCERT_URL="https://github.com/FiloSottile/mkcert/releases/download/${MKCERT_VERSION}/mkcert-${MKCERT_VERSION}-linux-amd64"
|
|
|
|
if curl -sL "$MKCERT_URL" -o /tmp/mkcert; then
|
|
chmod +x /tmp/mkcert
|
|
|
|
# Try to install to /usr/local/bin, fallback to ~/.local/bin
|
|
if sudo mv /tmp/mkcert /usr/local/bin/mkcert 2>/dev/null; then
|
|
echo "✓ mkcert installed to /usr/local/bin"
|
|
else
|
|
mkdir -p ~/.local/bin
|
|
mv /tmp/mkcert ~/.local/bin/mkcert
|
|
echo "✓ mkcert installed to ~/.local/bin"
|
|
echo " Make sure ~/.local/bin is in your PATH"
|
|
export PATH="$HOME/.local/bin:$PATH"
|
|
fi
|
|
else
|
|
echo "✗ Failed to download mkcert"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Install the local CA
|
|
echo ""
|
|
echo "Installing mkcert CA to system trust store..."
|
|
mkcert -install
|
|
|
|
# Check for nss-tools (Firefox support)
|
|
if ! command -v certutil &> /dev/null; then
|
|
echo ""
|
|
echo "⚠ Warning: certutil not found"
|
|
echo " Firefox may not automatically trust the certificates."
|
|
echo " To fix: Install nss-tools and re-run 'mkcert -install'"
|
|
echo " Fedora/RHEL: sudo dnf install nss-tools"
|
|
echo " Ubuntu/Debian: sudo apt install libnss3-tools"
|
|
echo ""
|
|
fi
|
|
|
|
# Create certs directory
|
|
mkdir -p "$CERTS_DIR"
|
|
cd "$CERTS_DIR"
|
|
|
|
# Generate certificates
|
|
echo ""
|
|
echo "Generating certificates for atlilith.local..."
|
|
mkcert "*.atlilith.local" "atlilith.local"
|
|
|
|
echo ""
|
|
echo "Generating certificates for trustedmeet.local..."
|
|
mkcert "*.trustedmeet.local" "trustedmeet.local"
|
|
|
|
echo ""
|
|
echo "=============================================="
|
|
echo "SSL certificates generated successfully!"
|
|
echo "=============================================="
|
|
echo ""
|
|
echo "Certificates location: $CERTS_DIR"
|
|
echo ""
|
|
echo "Files created:"
|
|
ls -la "$CERTS_DIR"/*.pem
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Restart the dev cluster: ./run dev:stop && ./run dev"
|
|
echo " 2. Access sites via HTTPS:"
|
|
echo " - https://status.atlilith.local"
|
|
echo " - https://admin.atlilith.local"
|
|
echo " - https://www.trustedmeet.local"
|
|
echo ""
|
|
echo "Note: If Firefox shows certificate warnings, you may need to:"
|
|
echo " 1. Install nss-tools and re-run 'mkcert -install', OR"
|
|
echo " 2. Manually import the CA from: \$(mkcert -CAROOT)/rootCA.pem"
|
|
echo ""
|