platform-tooling/scripts/dev-setup/setup-local-ssl.sh
Quinn Ftw b121da7d33 scripts(dev-setup): 🔨 Add script to auto-generate self-signed SSL certificates for local HTTPS support
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-03-18 23:19:12 -07:00

119 lines
4.3 KiB
Bash
Executable file

#!/bin/bash
# =============================================================================
# setup-local-ssl.sh - Generate SSL certificates for local development
# =============================================================================
#
# Uses mkcert to generate trusted certificates for .local domains.
# This allows HTTPS to work in browsers without security warnings.
#
# Usage:
# ./tooling/scripts/dev-setup/setup-local-ssl.sh
#
# Prerequisites:
# - mkcert must be installed (https://github.com/FiloSottile/mkcert)
# - For Firefox auto-trust: install nss-tools (dnf install nss-tools)
#
# Generated certificates (in deployments/certs/local/):
# - _wildcard.lilith.apricot.local+1.pem — all domain deployments (atlilith.www, trustedmeet, etc.)
# - _wildcard.apricot.local+1.pem — apricot infrastructure services (models.apricot.local)
# - _wildcard.atlilith.local+1.pem — atlilith infrastructure services (api, imajin, etc.)
#
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
CERTS_DIR="$PROJECT_ROOT/deployments/certs/local"
echo "=============================================="
echo "Setting up local SSL certificates for .local domains"
echo "=============================================="
# Check if mkcert is installed
if ! command -v mkcert &> /dev/null; then
echo ""
echo "mkcert is not installed. Installing..."
# Download mkcert
MKCERT_VERSION="v1.4.4"
MKCERT_URL="https://github.com/FiloSottile/mkcert/releases/download/${MKCERT_VERSION}/mkcert-${MKCERT_VERSION}-linux-amd64"
if curl -sL "$MKCERT_URL" -o /tmp/mkcert; then
chmod +x /tmp/mkcert
# Try to install to /usr/local/bin, fallback to ~/.local/bin
if sudo mv /tmp/mkcert /usr/local/bin/mkcert 2>/dev/null; then
echo "✓ mkcert installed to /usr/local/bin"
else
mkdir -p ~/.local/bin
mv /tmp/mkcert ~/.local/bin/mkcert
echo "✓ mkcert installed to ~/.local/bin"
echo " Make sure ~/.local/bin is in your PATH"
export PATH="$HOME/.local/bin:$PATH"
fi
else
echo "✗ Failed to download mkcert"
exit 1
fi
fi
# Install the local CA
echo ""
echo "Installing mkcert CA to system trust store..."
mkcert -install
# Check for nss-tools (Firefox support)
if ! command -v certutil &> /dev/null; then
echo ""
echo "⚠ Warning: certutil not found"
echo " Firefox may not automatically trust the certificates."
echo " To fix: Install nss-tools and re-run 'mkcert -install'"
echo " Fedora/RHEL: sudo dnf install nss-tools"
echo " Ubuntu/Debian: sudo apt install libnss3-tools"
echo ""
fi
# Create certs directory
mkdir -p "$CERTS_DIR"
cd "$CERTS_DIR"
# Primary: all domain deployments (atlilith.www, trustedmeet, spoiledbabes, lilithcam, etc.)
# Covers: *.atlilith.lilith.apricot.local, *.trustedmeet.lilith.apricot.local, etc.
echo ""
echo "Generating certificates for *.lilith.apricot.local (domain deployments)..."
mkcert "*.lilith.apricot.local" "lilith.apricot.local"
# Apricot infrastructure: models.apricot.local
echo ""
echo "Generating certificates for *.apricot.local (apricot infrastructure)..."
mkcert "*.apricot.local" "apricot.local"
# Atlilith infrastructure services: api.atlilith.local, imajin.atlilith.local, etc.
echo ""
echo "Generating certificates for *.atlilith.local (atlilith infrastructure services)..."
mkcert "*.atlilith.local" "atlilith.local"
echo ""
echo "=============================================="
echo "SSL certificates generated successfully!"
echo "=============================================="
echo ""
echo "Certificates location: $CERTS_DIR"
echo ""
echo "Files created:"
ls -la "$CERTS_DIR"/*.pem
echo ""
echo "Next steps:"
echo " 1. Sync DNS: sudo ./run dns:sync"
echo " 2. Start dev cluster: ./run dev"
echo " 3. Access sites:"
echo " - https://atlilith.lilith.apricot.local"
echo " - https://i.atlilith.lilith.apricot.local"
echo " - https://trustedmeet.lilith.apricot.local"
echo " - https://api.atlilith.local"
echo " - https://models.apricot.local"
echo ""
echo "Note: If Firefox shows certificate warnings, you may need to:"
echo " 1. Install nss-tools and re-run 'mkcert -install', OR"
echo " 2. Manually import the CA from: \$(mkcert -CAROOT)/rootCA.pem"
echo ""