CallMarl/0_initial_install.sh

## 0_initial_install.sh
apt-get install easy-rsa

### Create the tool for the publique key infrastructure center.
#
# Required to generate the certifate request to the CA.
#
# Notice : All the stuff can be done with only one instance of
# easy RSA but it's easier to understand from this way.
mkdir -p /usr/local/src/easyrsa-pki
cp /usr/share/easy-rsa/easyrsa /usr/local/src/easyrsa-pki/

echo '
set_var EASYRSA_PKI             "/etc/pki"

set_var EASYRSA_REQ_COUNTRY     "FR"
set_var EASYRSA_REQ_PROVINCE    "Ile de France"
set_var EASYRSA_REQ_CITY        "Paris"
set_var EASYRSA_REQ_ORG         "Company Name"
set_var EASYRSA_REQ_EMAIL       "email@company-name.com"
set_var EASYRSA_REQ_OU          "Company Name"
' > /usr/local/src/easyrsa-pki/vars

### Create the tool for the certificate authority center
#
mkdir -p /usr/local/src/easyrsa-ca
cp /usr/share/easy-rsa/easyrsa /usr/local/src/easyrsa-ca/

echo '
set_var EASYRSA_PKI             "/etc/ca"
' > /usr/local/src/easyrsa-ca/vars

## 1_build_install.sh
alias easyrsa-pki=/usr/local/src/easyrsa-pki/easyrsa
alias easyrsa-ca=/usr/local/src/easyrsa-ca/easyrsa

### Build the PKI working folder
#
easyrsa-pki init-pki
cp /usr/share/easy-rsa/openssl-easyrsa.cnf /etc/pki/

### Build the CA working folder
#
easyrsa-ca init-pki
cp /usr/share/easy-rsa/openssl-easyrsa.cnf /etc/ca/
easyrsa-ca build-ca nopass
cp -r /usr/share/easy-rsa/x509-types /etc/ca/x509-types

## 2_generate_key_cert.sh
alias easyrsa-pki=/usr/local/src/easyrsa-pki/easyrsa
alias easyrsa-ca=/usr/local/src/easyrsa-ca/easyrsa

export EASYRSA_KEYNAME=company-name

easyrsa-pki gen-req $EASYRSA_KEYNAME nopass
easyrsa-ca import-req /etc/pki/reqs/$EASYRSA_KEYNAME.req $EASYRSA_KEYNAME
easyrsa-ca sign-req server $EASYRSA_KEYNAME

cp -f /etc/ca/issued/$EASYRSA_KEYNAME.crt /etc/pki/$EASYRSA_KEYNAME.crt
cp -f /etc/ca/ca.crt /etc/pki/ca.crt

## 3_install_into_linux.sh
export EASYRSA_KEYNAME=company-name

cp -f /etc/pki/ca.crt /etc/ssl/local-certs/ca.crt
cp -f /etc/pki/$EASYRSA_KEYNAME.crt /etc/ssl/local-certs/$EASYRSA_KEYNAME.crt
cp -f /etc/pki/private/$EASYRSA_KEYNAME.key /etc/ssl/private/$EASYRSA_KEYNAME.key

## 4_nginx_example.ini
upstream company-name.com {
        ### The SAPI server to serve (php-fpm, uwsgi...)
        #
        server 127.0.0.1:5000;
}

server {
        listen 80;
        listen [::]:80;

        ### Redirect all request to https
        #
        server_name    www.company-name.com company-name.com;
        return         301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name www.company-name.com company-name.com;

        ### The ssl certs and key
        #
        ssl_certificate           /etc/ssl/local-certs/company-name.crt;
        ssl_certificate_key       /etc/ssl/private/company-name.key;
        ssl_trusted_certificate   /etc/ssl/local-certs/ca.crt;

        location / {
                uwsgi_pass  company-name.com;

                ### The SAPI server params
                #
                include     /etc/nginx/uwsgi_params;
        }
}
	apt-get install easy-rsa

	### Create the tool for the publique key infrastructure center.
	#
	# Required to generate the certifate request to the CA.
	#
	# Notice : All the stuff can be done with only one instance of
	# easy RSA but it's easier to understand from this way.
	mkdir -p /usr/local/src/easyrsa-pki
	cp /usr/share/easy-rsa/easyrsa /usr/local/src/easyrsa-pki/

	echo '
	set_var EASYRSA_PKI "/etc/pki"

	set_var EASYRSA_REQ_COUNTRY "FR"
	set_var EASYRSA_REQ_PROVINCE "Ile de France"
	set_var EASYRSA_REQ_CITY "Paris"
	set_var EASYRSA_REQ_ORG "Company Name"
	set_var EASYRSA_REQ_EMAIL "email@company-name.com"
	set_var EASYRSA_REQ_OU "Company Name"
	' > /usr/local/src/easyrsa-pki/vars

	### Create the tool for the certificate authority center
	#
	mkdir -p /usr/local/src/easyrsa-ca
	cp /usr/share/easy-rsa/easyrsa /usr/local/src/easyrsa-ca/

	echo '
	set_var EASYRSA_PKI "/etc/ca"
	' > /usr/local/src/easyrsa-ca/vars
	alias easyrsa-pki=/usr/local/src/easyrsa-pki/easyrsa
	alias easyrsa-ca=/usr/local/src/easyrsa-ca/easyrsa

	### Build the PKI working folder
	#
	easyrsa-pki init-pki
	cp /usr/share/easy-rsa/openssl-easyrsa.cnf /etc/pki/

	### Build the CA working folder
	#
	easyrsa-ca init-pki
	cp /usr/share/easy-rsa/openssl-easyrsa.cnf /etc/ca/
	easyrsa-ca build-ca nopass
	cp -r /usr/share/easy-rsa/x509-types /etc/ca/x509-types
	alias easyrsa-pki=/usr/local/src/easyrsa-pki/easyrsa
	alias easyrsa-ca=/usr/local/src/easyrsa-ca/easyrsa

	export EASYRSA_KEYNAME=company-name

	easyrsa-pki gen-req $EASYRSA_KEYNAME nopass
	easyrsa-ca import-req /etc/pki/reqs/$EASYRSA_KEYNAME.req $EASYRSA_KEYNAME
	easyrsa-ca sign-req server $EASYRSA_KEYNAME

	cp -f /etc/ca/issued/$EASYRSA_KEYNAME.crt /etc/pki/$EASYRSA_KEYNAME.crt
	cp -f /etc/ca/ca.crt /etc/pki/ca.crt
	export EASYRSA_KEYNAME=company-name

	cp -f /etc/pki/ca.crt /etc/ssl/local-certs/ca.crt
	cp -f /etc/pki/$EASYRSA_KEYNAME.crt /etc/ssl/local-certs/$EASYRSA_KEYNAME.crt
	cp -f /etc/pki/private/$EASYRSA_KEYNAME.key /etc/ssl/private/$EASYRSA_KEYNAME.key
	upstream company-name.com {
	### The SAPI server to serve (php-fpm, uwsgi...)
	#
	server 127.0.0.1:5000;
	}

	server {
	listen 80;
	listen [::]:80;

	### Redirect all request to https
	#
	server_name www.company-name.com company-name.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name www.company-name.com company-name.com;

	### The ssl certs and key
	#
	ssl_certificate /etc/ssl/local-certs/company-name.crt;
	ssl_certificate_key /etc/ssl/private/company-name.key;
	ssl_trusted_certificate /etc/ssl/local-certs/ca.crt;

	location / {
	uwsgi_pass company-name.com;

	### The SAPI server params
	#
	include /etc/nginx/uwsgi_params;
	}
	}