/generate_nginx_conf.py Secret
Last active
March 7, 2016 06:10
-
-
Save Raynes/90e11216466cdd1dc38d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# flake8: noqa | |
"""All the steps in building a webservice for alexa suck.""" | |
import os | |
import os.path | |
CERT_CONF_TEMPLATE = """ | |
[req] | |
distinguished_name = req_distinguished_name | |
x509_extensions = v3_req | |
prompt = no | |
[req_distinguished_name] | |
C = US | |
ST = NY | |
L = Who cares | |
O = Who cares | |
CN = Who cares | |
[v3_req] | |
keyUsage = keyEncipherment, dataEncipherment | |
extendedKeyUsage = serverAuth | |
subjectAltName = @subject_alternate_names | |
[subject_alternate_names] | |
DNS.1 = {domain_name} | |
""" | |
NGINX_TEMPLATE = """ | |
server {{ | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/ssl/alexa/server.crt; | |
ssl_certificate_key /etc/ssl/alexa/key.pem; | |
server_name {hostname}; | |
location /alexa {{ | |
proxy_pass http://localhost:8080; | |
}} | |
}} | |
""" | |
def generate_certificate(out_dir): | |
"""Generate the TLS private key and certificate, as well | |
as a simple nginx configuration for users to begin with. | |
At the end we print some instructions on where to put | |
various generated files. | |
""" | |
# Python 2.7 compatibility. | |
try: | |
hostname = raw_input('DNS Hostname: ') | |
except: | |
hostname = input('DNS Hostname: ') | |
print('>> generating private key') | |
os.system("openssl genrsa -out key.pem 2048") | |
with open('cert.conf', 'w') as fp: | |
fp.write(CERT_CONF_TEMPLATE.format(domain_name=hostname)) | |
print('>> creating certificate') | |
os.system("openssl req -new -x509 -key key.pem " | |
"-config cert.conf -out server.crt") | |
print('>> writing nginx template') | |
with open('nginx.conf', 'w') as fp: | |
fp.write(NGINX_TEMPLATE.format(hostname=hostname)) | |
print(''' | |
It's up to you now depending on your setup. We've generated | |
a self signed certificate for you as well as a sample nginx | |
configuration file. If you're using nginx, you can start by | |
doing something like this: | |
cd {out_dir} | |
sudo mv nginx.conf /etc/nginx/sites-enabled/alexa.conf | |
# If you haven't yet removed nginx's default config, run | |
# the following: | |
sudo rm -f /etc/nginx/sites-enabled/default | |
Now move our generated SSL files into place: | |
sudo mkdir -p /etc/ssl/alexa | |
sudo mv cert.conf server.crt key.pem /etc/ssl/alexa/ | |
sudo service nginx restart | |
'''.format(out_dir=out_dir)) | |
if __name__ == '__main__': | |
# Python 2.7 compatibility. | |
print(''' | |
Alright partner, we got a couple questions for ya in order | |
to generate some basic sample configurations to get you up | |
and running. Two things we need to know. | |
''') | |
try: | |
out_dir = raw_input('Output directory: ') | |
except: | |
out_dir = input('Output directory: ') | |
print('') | |
if not os.path.exists(out_dir): | |
os.mkdir(out_dir) | |
os.chdir(out_dir) | |
generate_certificate(out_dir) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment