Forked from superseb/rancher-singlenodeinstall-selfsignedcert.sh
Created
January 16, 2019 16:47
-
-
Save jbmusso/52769fc0e8bca4c24543d06edc895405 to your computer and use it in GitHub Desktop.
Create self signed certificates based on FQDN, launch `rancher/rancher` container and check, belongs to https://medium.com/@superseb/zero-to-rancher-2-x-single-install-using-created-self-signed-certificates-in-5-minutes-5f9fe11fceb0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $DEBUG == "true" ]]; then | |
set -x | |
fi | |
# Check if FQDN is given | |
if [ -z "$1" ]; then | |
echo "Usage: $0 rancher.yourdomain.com" | |
exit 1 | |
fi | |
# Set config here | |
export FQDN=$1 | |
export CA_SUBJECT="My own root CA" | |
export CA_EXPIRE="1825" # CA expires in 5 years | |
export SSL_EXPIRE="365" # Certificate expires in 1 year | |
export SSL_SUBJECT="${FQDN}" | |
export SSL_DNS="${FQDN}" # Additional SANs (comma separated) can be added | |
#export SSL_IP="127.0.0.1,127.0.0.2" # Additional IPs (comma separated) can be added | |
export SILENT="true" | |
# Due to this open PR (https://github.com/paulczar/omgwtfssl/pull/10) I changed to use the edited version of the Docker image under superseb/omgwtfssl. Of course with appropriate referral in the description. | |
docker run -v $PWD/certs:/certs \ | |
-e CA_SUBJECT \ | |
-e CA_EXPIRE \ | |
-e SSL_EXPIRE \ | |
-e SSL_SUBJECT \ | |
-e SSL_DNS \ | |
-e SSL_IP \ | |
-e SILENT \ | |
superseb/omgwtfssl | |
docker run -d --restart=unless-stopped \ | |
-p 80:80 -p 443:443 \ | |
-v $PWD/rancher:/var/lib/rancher \ | |
-v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \ | |
-v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \ | |
-v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \ | |
rancher/rancher:latest | |
echo "Waiting for Rancher to be started" | |
while true; do | |
docker run --rm --net=host appropriate/curl -sLk "https://$FQDN/ping" && break | |
echo -n "." | |
sleep 5 | |
done | |
echo "" | |
docker run --rm --net=host superseb/rancher-check "https://${FQDN}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment