Last active
June 9, 2022 16:05
-
-
Save brand-it/ad081c6741713302a9e57b9113351e94 to your computer and use it in GitHub Desktop.
This build tinderbox ssl certs for local development. Can be used for other things but. Also designed to add it to Mac credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'fileutils' | |
require 'tempfile' | |
# cn = '*.tb.local.vhost' | |
# server_name = 'dev.tb.local.vhost' | |
# admin_server_name = 'admin.tb.local.vhost' | |
# cn = '*.lareaus.com' | |
cnames = ['*.tb.local.vhost'] | |
server_name = 'dev.tb.local.vhost' | |
admin_server_name = 'admin.tb.local.vhost' | |
unless Process.uid.zero? | |
puts 'Please run this script with sudo:' | |
exit 1 | |
end | |
openssl = File.read('/System/Library/OpenSSL/openssl.cnf') | |
tempfile = Tempfile.new | |
tempfile.write(openssl) | |
tempfile.write("[SAN]\nsubjectAltName = @alt_names\n") | |
tempfile.write("[ alt_names ]\n") | |
cnames.each_with_index do |name, index| | |
tempfile.write("DNS.#{index + 1} = #{name}\n") | |
end | |
tempfile.close | |
# Kernel.system('launchctl unload -w /System/Library/LaunchDaemons/org.apache.http') | |
# Kernel.system('/usr/sbin/apachectl stop') | |
if File.exist?('/usr/local/etc/httpd/ssl/localhost.key') && File.exist?('/usr/local/etc/httpd/ssl/localhost.crt') | |
puts 'cert already present. Delete if you want to recreate /usr/local/etc/httpd/ssl/localhost.key' | |
else | |
FileUtils.mkdir_p('/usr/local/etc/httpd/ssl') | |
unless Kernel.system("cd /usr/local/etc/httpd/ssl; openssl req -newkey rsa:2048 -x509 -nodes -keyout localhost.key -new -out localhost.crt -subj /CN='#{cnames[0]}' -reqexts SAN -extensions SAN -config #{tempfile.path} -sha256 -days 3650") | |
exit 1 | |
end | |
end | |
tempfile.unlink # delete tempfile | |
puts "Uncomment | |
LoadModule ssl_module lib/httpd/modules/mod_ssl.so | |
Include /usr/local/etc/httpd/extra/httpd-ssl.conf | |
LoadModule proxy_module lib/httpd/modules/mod_proxy.so | |
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so | |
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so | |
Replace | |
\"Listen 8080\" change to \"Listen 80\" | |
SSLCertificateKeyFile \"/usr/local/etc/httpd/ssl/localhost.key\" | |
SSLCertificateFile \"/usr/local/etc/httpd/ssl/localhost.crt\" | |
ServerName #{server_name} # line 223-ish | |
" | |
Kernel.system('vi /usr/local/bin/code /usr/local/etc/httpd/httpd.conf') | |
puts "Change the Listen port from 8080 and 8443 to 80 and 443 | |
Listen 8443 | |
Listen 443 | |
" | |
Kernel.system('vi /usr/local/etc/httpd/extra/httpd-ssl.conf') | |
vhost = " | |
<VirtualHost *:80> | |
ServerName #{server_name} | |
ProxyRequests Off | |
ProxyPreserveHost On | |
ProxyTimeout 18000 | |
# Intercept /static/ to serve vendor.js/frontend.js from ember server | |
ProxyPass /static/ https://localhost:4200/assets/ | |
ProxyPassReverse /static/ https://localhost:4200/assets/ | |
# Proxy other routes to `rails server` | |
ProxyPass / http://localhost:3000/ | |
ProxyPassReverse / http://localhost:3000/ | |
# Ignore cert issues when proxying http to https | |
SSLProxyEngine on | |
SSLProxyVerify none | |
SSLProxyCheckPeerCN off | |
SSLProxyCheckPeerName off | |
SSLProxyCheckPeerExpire off | |
</VirtualHost> | |
<VirtualHost *:443> | |
ServerName #{server_name} | |
# We add aliases for *.ngrok.io and anything else we need to access here | |
ServerAlias #{cnames.join(' ')} #{server_name} #{admin_server_name} *.ngrok.io | |
# Proxy local requests to `rails server` | |
ProxyPass / http://localhost:3000/ | |
ProxyPassReverse / http://localhost:3000/ | |
ProxyPreserveHost On | |
ProxyTimeout 18000· | |
RequestHeader set X_FORWARDED_PROTO 'https' | |
SSLProxyEngine on | |
SSLEngine on | |
SSLCertificateFile /usr/local/etc/httpd/ssl/localhost.crt | |
SSLCertificateKeyFile /usr/local/etc/httpd/ssl/localhost.key | |
</VirtualHost>" | |
data = File.read('/usr/local/etc/httpd/httpd.conf') | |
if data.include?(vhost) | |
puts 'Already have the vhost data' | |
else | |
File.open('/usr/local/etc/httpd/httpd.conf', 'a') do |file| | |
file.write vhost | |
end | |
end | |
data = File.read('/etc/hosts') | |
host = "127.0.0.1 #{server_name} #{admin_server_name}" | |
if data.include?(host) | |
puts 'already have host information' | |
else | |
File.open('/etc/hosts', 'a') do |file| | |
file.write vhost | |
end | |
end | |
Kernel.system('apachectl configtest') | |
Kernel.system('apachectl restart') | |
Kernel.system('open /usr/local/etc/httpd/ssl/localhost.crt') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TODO: Need to make this except args to the script. would really help make this more flexible.
https://gist.github.com/newdark/ad081c6741713302a9e57b9113351e94#file-create_ssl-sh-L12