2022-01-26 10:31:58 +08:00
#!/bin/bash
2022-03-09 22:19:22 +08:00
#
2024-02-29 21:35:12 +08:00
# Copyright (c) 2019 Of Him Code Technology Studio
2024-02-29 14:10:24 +08:00
# Jpom is licensed under Mulan PSL v2.
# You can use this software according to the terms and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
# http://license.coscl.org.cn/MulanPSL2
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
2022-03-09 22:19:22 +08:00
#
2022-01-26 10:31:58 +08:00
#
# -------------------------------------------------------------
# 自动创建 Docker TLS 证书
2023-01-05 08:49:42 +08:00
# wget https://gitee.com/dromara/Jpom/raw/master/script/docker-tls.sh
2022-02-13 19:51:08 +08:00
# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
# systemctl daemon-reload && systemctl restart docker
2022-01-26 10:31:58 +08:00
# -------------------------------------------------------------
# 以下是配置信息
# --[BEGIN]------------------------------
2023-01-05 08:49:42 +08:00
NOW_PATH = $(
cd " $( dirname " $0 " ) " || exit
pwd
) "/"
2022-02-12 20:04:55 +08:00
echo " 当前目录: ${ NOW_PATH } 证书文件将保存在此文件夹下 "
2022-02-12 21:50:16 +08:00
read -p "请输入证书使用的 IP 地址或者 HOST: " HOST
2022-02-12 20:04:55 +08:00
#
echo " 您输入的是: ${ HOST } 证书只能在这个 IP 或者 HOST 下使用,证书密码和输入的一致 "
2022-02-12 21:50:16 +08:00
# --[INIT PARAMETER]------------------------------
2022-02-12 20:04:55 +08:00
PASSWORD = " $HOST "
2022-01-26 10:31:58 +08:00
COUNTRY = "CN"
2022-02-12 20:04:55 +08:00
STATE = " $HOST "
CITY = " $HOST "
ORGANIZATION = " $HOST "
2022-01-26 10:31:58 +08:00
ORGANIZATIONAL_UNIT = "Dev"
2022-02-12 20:04:55 +08:00
COMMON_NAME = " $HOST "
EMAIL = " $HOST @docker-tls.com "
2022-01-26 10:31:58 +08:00
# --[END]--
# Generate CA key
openssl genrsa -aes256 -passout " pass: $PASSWORD " -out "ca-key.pem" 4096
# Generate CA
openssl req -new -x509 -days 365 -key "ca-key.pem" -sha256 -out "ca.pem" -passin " pass: $PASSWORD " -subj " /C= $COUNTRY /ST= $STATE /L= $CITY /O= $ORGANIZATION /OU= $ORGANIZATIONAL_UNIT /CN= $COMMON_NAME /emailAddress= $EMAIL "
# Generate Server key
openssl genrsa -out "server-key.pem" 4096
# Generate Server Certs.
openssl req -subj " /CN= $COMMON_NAME " -sha256 -new -key "server-key.pem" -out server.csr
2022-02-12 20:04:55 +08:00
rm -f extfile.cnf
2023-01-05 08:49:42 +08:00
echo " subjectAltName = DNS.1: $HOST ,IP.1:127.0.0.1,IP.2: $HOST " >>extfile.cnf
echo "extendedKeyUsage = serverAuth" >>extfile.cnf
2022-01-26 10:31:58 +08:00
openssl x509 -req -days 365 -sha256 -in server.csr -passin " pass: $PASSWORD " -CA "ca.pem" -CAkey "ca-key.pem" -CAcreateserial -out "server-cert.pem" -extfile extfile.cnf
# Generate Client Certs.
rm -f extfile.cnf
openssl genrsa -out "key.pem" 4096
openssl req -subj '/CN=client' -new -key "key.pem" -out client.csr
2023-01-05 08:49:42 +08:00
echo "extendedKeyUsage = clientAuth" >>extfile.cnf
2022-01-26 10:31:58 +08:00
openssl x509 -req -days 365 -sha256 -in client.csr -passin " pass: $PASSWORD " -CA "ca.pem" -CAkey "ca-key.pem" -CAcreateserial -out "cert.pem" -extfile extfile.cnf
2022-02-12 20:04:55 +08:00
rm -f client.csr server.csr ca.srl extfile.cnf
2022-02-12 21:50:16 +08:00
# check
2022-02-12 20:04:55 +08:00
if [ -f " ${ NOW_PATH } key.pem " -a -f " ${ NOW_PATH } ca.pem " -a -f " ${ NOW_PATH } ca-key.pem " -a -f " ${ NOW_PATH } server-cert.pem " -a -f " ${ NOW_PATH } server-key.pem " ] ; then
echo "证书生成完成"
echo "客户端使用文件: key.pem ca.pem cert.pem"
echo "Docker 端使用文件: ca.pem server-cert.pem server-key.pem"
echo " Docker 推荐配置内容:-H tcp://0.0.0.0:2375 --tlsverify --tlscacert= ${ NOW_PATH } ca.pem --tlscert= ${ NOW_PATH } server-cert.pem --tlskey= ${ NOW_PATH } server-key.pem "
else
echo "证书生成不完成,请检查配置和根据错误日志排查"
fi