platform-tooling/scripts/dev-setup/setup-local-ssl.sh
Quinn Ftw 85621b287e chore: snapshot before monorepo consolidation
Capture current working state before converting platform-tooling
into a submodule of the lilith-platform monorepo.
2026-01-29 07:04:39 -08:00

110 lines
3.7 KiB
Bash
Executable file

#!/bin/bash
# =============================================================================
# setup-local-ssl.sh - Generate SSL certificates for local development
# =============================================================================
#
# Uses mkcert to generate trusted certificates for .local domains.
# This allows HTTPS to work in browsers without security warnings.
#
# Usage:
# ./infrastructure/scripts/dev-setup/setup-local-ssl.sh
#
# Prerequisites:
# - mkcert must be installed (https://github.com/FiloSottile/mkcert)
# - For Firefox auto-trust: install nss-tools (dnf install nss-tools)
#
# Generated certificates:
# - infrastructure/certs/local/_wildcard.atlilith.local+1.pem
# - infrastructure/certs/local/_wildcard.atlilith.local+1-key.pem
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1.pem
# - infrastructure/certs/local/_wildcard.trustedmeet.local+1-key.pem
#
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
CERTS_DIR="$PROJECT_ROOT/infrastructure/certs/local"
echo "=============================================="
echo "Setting up local SSL certificates for .local domains"
echo "=============================================="
# Check if mkcert is installed
if ! command -v mkcert &> /dev/null; then
echo ""
echo "mkcert is not installed. Installing..."
# Download mkcert
MKCERT_VERSION="v1.4.4"
MKCERT_URL="https://github.com/FiloSottile/mkcert/releases/download/${MKCERT_VERSION}/mkcert-${MKCERT_VERSION}-linux-amd64"
if curl -sL "$MKCERT_URL" -o /tmp/mkcert; then
chmod +x /tmp/mkcert
# Try to install to /usr/local/bin, fallback to ~/.local/bin
if sudo mv /tmp/mkcert /usr/local/bin/mkcert 2>/dev/null; then
echo "✓ mkcert installed to /usr/local/bin"
else
mkdir -p ~/.local/bin
mv /tmp/mkcert ~/.local/bin/mkcert
echo "✓ mkcert installed to ~/.local/bin"
echo " Make sure ~/.local/bin is in your PATH"
export PATH="$HOME/.local/bin:$PATH"
fi
else
echo "✗ Failed to download mkcert"
exit 1
fi
fi
# Install the local CA
echo ""
echo "Installing mkcert CA to system trust store..."
mkcert -install
# Check for nss-tools (Firefox support)
if ! command -v certutil &> /dev/null; then
echo ""
echo "⚠ Warning: certutil not found"
echo " Firefox may not automatically trust the certificates."
echo " To fix: Install nss-tools and re-run 'mkcert -install'"
echo " Fedora/RHEL: sudo dnf install nss-tools"
echo " Ubuntu/Debian: sudo apt install libnss3-tools"
echo ""
fi
# Create certs directory
mkdir -p "$CERTS_DIR"
cd "$CERTS_DIR"
# Generate certificates
echo ""
echo "Generating certificates for atlilith.local..."
mkcert "*.atlilith.local" "atlilith.local"
echo ""
echo "Generating certificates for trustedmeet.local..."
mkcert "*.trustedmeet.local" "trustedmeet.local"
echo ""
echo "=============================================="
echo "SSL certificates generated successfully!"
echo "=============================================="
echo ""
echo "Certificates location: $CERTS_DIR"
echo ""
echo "Files created:"
ls -la "$CERTS_DIR"/*.pem
echo ""
echo "Next steps:"
echo " 1. Restart the dev cluster: ./run dev:stop && ./run dev"
echo " 2. Access sites via HTTPS:"
echo " - https://status.atlilith.local"
echo " - https://admin.atlilith.local"
echo " - https://www.trustedmeet.local"
echo ""
echo "Note: If Firefox shows certificate warnings, you may need to:"
echo " 1. Install nss-tools and re-run 'mkcert -install', OR"
echo " 2. Manually import the CA from: \$(mkcert -CAROOT)/rootCA.pem"
echo ""