Skip to content

Instantly share code, notes, and snippets.

@Raynes
Forked from erik/generate_nginx_conf.py
Last active March 7, 2016 06:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Raynes/90e11216466cdd1dc38d to your computer and use it in GitHub Desktop.
Save Raynes/90e11216466cdd1dc38d to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
# flake8: noqa
"""All the steps in building a webservice for alexa suck."""
import os
import os.path
CERT_CONF_TEMPLATE = """
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = NY
L = Who cares
O = Who cares
CN = Who cares
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @subject_alternate_names
[subject_alternate_names]
DNS.1 = {domain_name}
"""
NGINX_TEMPLATE = """
server {{
listen 443;
ssl on;
ssl_certificate /etc/ssl/alexa/server.crt;
ssl_certificate_key /etc/ssl/alexa/key.pem;
server_name {hostname};
location /alexa {{
proxy_pass http://localhost:8080;
}}
}}
"""
def generate_certificate(out_dir):
"""Generate the TLS private key and certificate, as well
as a simple nginx configuration for users to begin with.
At the end we print some instructions on where to put
various generated files.
"""
# Python 2.7 compatibility.
try:
hostname = raw_input('DNS Hostname: ')
except:
hostname = input('DNS Hostname: ')
print('>> generating private key')
os.system("openssl genrsa -out key.pem 2048")
with open('cert.conf', 'w') as fp:
fp.write(CERT_CONF_TEMPLATE.format(domain_name=hostname))
print('>> creating certificate')
os.system("openssl req -new -x509 -key key.pem "
"-config cert.conf -out server.crt")
print('>> writing nginx template')
with open('nginx.conf', 'w') as fp:
fp.write(NGINX_TEMPLATE.format(hostname=hostname))
print('''
It's up to you now depending on your setup. We've generated
a self signed certificate for you as well as a sample nginx
configuration file. If you're using nginx, you can start by
doing something like this:
cd {out_dir}
sudo mv nginx.conf /etc/nginx/sites-enabled/alexa.conf
# If you haven't yet removed nginx's default config, run
# the following:
sudo rm -f /etc/nginx/sites-enabled/default
Now move our generated SSL files into place:
sudo mkdir -p /etc/ssl/alexa
sudo mv cert.conf server.crt key.pem /etc/ssl/alexa/
sudo service nginx restart
'''.format(out_dir=out_dir))
if __name__ == '__main__':
# Python 2.7 compatibility.
print('''
Alright partner, we got a couple questions for ya in order
to generate some basic sample configurations to get you up
and running. Two things we need to know.
''')
try:
out_dir = raw_input('Output directory: ')
except:
out_dir = input('Output directory: ')
print('')
if not os.path.exists(out_dir):
os.mkdir(out_dir)
os.chdir(out_dir)
generate_certificate(out_dir)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment