feat(server): allow to use ssl on server (#8722)
This commit is contained in:
Antoine Moreaux
74
packages/twenty-server/scripts/ssl-generation/README.md
Normal file
74
packages/twenty-server/scripts/ssl-generation/README.md
Normal file
@ -0,0 +1,74 @@
|
||||
# Local SSL Certificate Generation Script
|
||||
|
||||
This Bash script helps generate self-signed SSL certificates for local development. It uses OpenSSL to create a root certificate authority, a domain certificate, and configures them for local usage.
|
||||
|
||||
## Features
|
||||
- Generates a private key and root certificate.
|
||||
- Creates a signed certificate for a specified domain.
|
||||
- Adds the root certificate to the macOS keychain for trusted usage (macOS only).
|
||||
- Customizable with default values for easier use.
|
||||
|
||||
## Requirements
|
||||
- OpenSSL
|
||||
|
||||
## Usage
|
||||
|
||||
### Running the Script
|
||||
|
||||
To generate certificates using the default values:
|
||||
|
||||
```sh
|
||||
./script.sh
|
||||
```
|
||||
|
||||
### Specifying Custom Values
|
||||
|
||||
1. **Domain Name**: Specify the domain name for the certificate. Default is `localhost.com`.
|
||||
2. **Root Certificate Name**: Specify a name for the root certificate. Default is `myRootCertificate`.
|
||||
3. **Validity Days**: Specify the number of days the certificate is valid for. Default is `398` days.
|
||||
|
||||
#### Examples:
|
||||
|
||||
1. **Using Default Values**:
|
||||
```sh
|
||||
./script.sh
|
||||
```
|
||||
|
||||
2. **Custom Domain Name**:
|
||||
```sh
|
||||
./script.sh example.com
|
||||
```
|
||||
|
||||
3. **Custom Domain Name and Root Certificate Name**:
|
||||
```sh
|
||||
./script.sh example.com customRootCertificate
|
||||
```
|
||||
|
||||
4. **Custom Domain Name, Root Certificate Name, and Validity Days**:
|
||||
```sh
|
||||
./script.sh example.com customRootCertificate 398
|
||||
```
|
||||
|
||||
## Script Details
|
||||
|
||||
1. **Check if OpenSSL is Installed**: Ensures OpenSSL is installed before executing.
|
||||
2. **Create Directory for Certificates**: Uses `~/certs/{domain}`.
|
||||
3. **Generate Root Certificate**: Creates a root private key and certificate.
|
||||
4. **Add Root Certificate to macOS Keychain**: Adds root certificate to macOS trusted store (requires admin privileges).
|
||||
5. **Generate Domain Key**: Produces a private key for the domain.
|
||||
6. **Create CSR**: Generates a Certificate Signing Request for the domain.
|
||||
7. **Generate Signed Certificate**: Signs the domain certificate with the root certificate.
|
||||
|
||||
## Output Files
|
||||
|
||||
The generated files are stored in `~/certs/{domain}`:
|
||||
|
||||
- **Root certificate key**: `{root_cert_name}.key`
|
||||
- **Root certificate**: `{root_cert_name}.pem`
|
||||
- **Domain private key**: `{domain}.key`
|
||||
- **Signed certificate**: `{domain}.crt`
|
||||
|
||||
## Notes
|
||||
|
||||
- If running on non-macOS systems, you'll need to manually add the root certificate to your trusted certificate store.
|
||||
- Ensure that OpenSSL is installed and available in your PATH.
|
||||
62
packages/twenty-server/scripts/ssl-generation/script.sh
Executable file
62
packages/twenty-server/scripts/ssl-generation/script.sh
Executable file
@ -0,0 +1,62 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Check if OpenSSL is installed
|
||||
if ! command -v openssl &> /dev/null
|
||||
then
|
||||
echo "OpenSSL is not installed. Please install it before running this script."
|
||||
exit
|
||||
fi
|
||||
|
||||
# Default values
|
||||
DOMAIN=${1:-localhost.com}
|
||||
ROOT_CERT_NAME=${2:-myRootCertificate}
|
||||
VALIDITY_DAYS=${3:-398} # Default is 825 days
|
||||
|
||||
CERTS_DIR=~/certs/$DOMAIN
|
||||
|
||||
# Create a directory to store the certificates
|
||||
mkdir -p $CERTS_DIR
|
||||
cd $CERTS_DIR
|
||||
|
||||
# Generate the private key for the Certificate Authority (CA)
|
||||
openssl genrsa -aes256 -out ${ROOT_CERT_NAME}.key 2048
|
||||
|
||||
# Generate the root certificate for the CA
|
||||
openssl req -x509 -new -nodes -key ${ROOT_CERT_NAME}.key -sha256 -days $VALIDITY_DAYS -out ${ROOT_CERT_NAME}.pem \
|
||||
-subj "/C=US/ST=State/L=City/O=MyOrg/OU=MyUnit/CN=MyLocalCA"
|
||||
|
||||
# Add the root certificate to the macOS keychain (requires admin password)
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" ${ROOT_CERT_NAME}.pem
|
||||
fi
|
||||
|
||||
# Generate the private key for the provided domain
|
||||
openssl genrsa -out $DOMAIN.key 2048
|
||||
|
||||
# Create a Certificate Signing Request (CSR) for the provided domain
|
||||
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr \
|
||||
-subj "/C=US/ST=State/L=City/O=MyOrg/OU=MyUnit/CN=*.$DOMAIN"
|
||||
|
||||
# Create a configuration file for certificate extensions
|
||||
cat > $DOMAIN.ext << EOF
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = $DOMAIN
|
||||
DNS.2 = *.$DOMAIN
|
||||
EOF
|
||||
|
||||
# Sign the certificate with the CA
|
||||
openssl x509 -req -in $DOMAIN.csr -CA ${ROOT_CERT_NAME}.pem -CAkey ${ROOT_CERT_NAME}.key -CAcreateserial \
|
||||
-out $DOMAIN.crt -days $VALIDITY_DAYS -sha256 -extfile $DOMAIN.ext
|
||||
|
||||
echo "Certificates generated in the directory $CERTS_DIR:"
|
||||
echo "- Root certificate: ${ROOT_CERT_NAME}.pem"
|
||||
echo "- Domain private key: $DOMAIN.key"
|
||||
echo "- Signed certificate: $DOMAIN.crt"
|
||||
|
||||
# Tips for usage
|
||||
echo "To use these certificates with a local server, configure your server to use $DOMAIN.crt and $DOMAIN.key."
|
||||
Reference in New Issue
Block a user