Преглед на файлове

Generate an SSL for more than one domain

Mark Shust преди 5 години
родител
ревизия
eec4ae4b2d
променени са 3 файла, в които са добавени 16 реда и са изтрити 12 реда
  1. 2 1
      README.md
  2. 8 11
      compose/bin/setup-ssl
  3. 6 0
      compose/bin/setup-ssl-ca

+ 2 - 1
README.md

@@ -237,7 +237,8 @@ You'll now have an updated `bin/update` helper script, and can run it to update
 - `bin/rootnotty`: Run any CLI command as root with no TTY. Ex `bin/rootnotty chown -R app:app /var/www/html`
 - `bin/setup`: Run the Magento setup process to install Magento from the source code, with optional domain name. Defaults to `magento2.test`. Ex. `bin/setup magento2.test`
 - `bin/setup-pwa-studio`: (BETA) Install PWA Studio (requires NodeJS and Yarn to be installed on the host machine). Pass in your base site domain, otherwise the default `master-7rqtwti-mfwmkrjfqvbjk.us-4.magentosite.cloud` will be used. Ex: `bin/setup-pwa-studio magento2.test`
-- `bin/setup-ssl`: Generate an SSL certificate and install the cert authority on the host. Ex. `bin/setup-ssl magento2.test`
+- `bin/setup-ssl`: Generate an SSL certificate for one or more domains. Ex. `bin/setup-ssl magento2.test magento3.test`
+- `bin/setup-ssl-ca`: Generate a certificate authority and copy it to the host.
 - `bin/start`: Start all containers, good practice to use this instead of `docker-compose up -d`, as it may contain additional helpers.
 - `bin/status`: Check the container status.
 - `bin/stop`: Stop all containers.

+ 8 - 11
compose/bin/setup-ssl

@@ -1,19 +1,16 @@
 #!/bin/bash
 [ -z "$1" ] && echo "Please specify a domain (ex. mydomain.test)" && exit
 
-# Generate certificate authority and copy back to the host
-docker-compose exec -u root app mkcert -install
-docker cp $(docker-compose ps -q app|awk '{print $1}'):/root/.local/share/mkcert/rootCA.pem .
-echo "System password requested to install certificate authority on host..."
-sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
-rm rootCA.pem
+# Generate certificate authority if not already setup
+if ! docker-compose exec -u root app cat /root/.local/share/mkcert/rootCA.pem | grep -q 'BEGIN CERTIFICATE'; then
+  bin/setup-ssl-ca
+fi
 
 # Generate the certificate for the specified domain
-docker-compose exec -u root app mkcert $1
-echo "Renaming $1 certificate and moving to /etc/nginx/certs/..."
-docker-compose exec -u root app chown app:app $1.pem $1-key.pem
-docker-compose exec -u root app mv $1.pem /etc/nginx/certs/nginx.crt
-docker-compose exec -u root app mv $1-key.pem /etc/nginx/certs/nginx.key
+docker-compose exec -u root app mkcert -key-file nginx.key -cert-file nginx.crt "$@"
+echo "Moving key and cert to /etc/nginx/certs/..."
+docker-compose exec -u root app chown app:app nginx.key nginx.crt
+docker-compose exec -u root app mv nginx.key nginx.crt /etc/nginx/certs/
 
 # Restart nginx to apply the updates
 echo "Restarting containers to apply updates..."

+ 6 - 0
compose/bin/setup-ssl-ca

@@ -0,0 +1,6 @@
+#!/bin/bash
+docker-compose exec -u root app mkcert -install
+docker cp $(docker-compose ps -q app|awk '{print $1}'):/root/.local/share/mkcert/rootCA.pem .
+echo "System password requested to install certificate authority on host..."
+sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
+rm rootCA.pem