Create self signed certificates based on FQDN, launch `rancher/rancher` container and check, belongs to https://medium.com/@superseb/zero-to-rancher-2-x-single-install-using-created-self-signed-certificates-in-5-minutes-5f9fe11fceb0
| #!/bin/bash | |
| if [[ $DEBUG == "true" ]]; then | |
| set -x | |
| fi | |
| # Check if FQDN is given | |
| if [ -z "$1" ]; then | |
| echo "Usage: $0 rancher.yourdomain.com" | |
| exit 1 | |
| fi | |
| # Set config here | |
| export FQDN=$1 | |
| export CA_SUBJECT="My own root CA" | |
| export CA_EXPIRE="1825" # CA expires in 5 years | |
| export SSL_EXPIRE="365" # Certificate expires in 1 year | |
| export SSL_SUBJECT="${FQDN}" | |
| export SSL_DNS="${FQDN}" # Additional SANs (comma separated) can be added | |
| #export SSL_IP="127.0.0.1,127.0.0.2" # Additional IPs (comma separated) can be added | |
| export SILENT="true" | |
| # Due to this open PR (https://github.com/paulczar/omgwtfssl/pull/10) I changed to use the edited version of the Docker image under superseb/omgwtfssl. Of course with appropriate referral in the description. | |
| docker run -v $PWD/certs:/certs \ | |
| -e CA_SUBJECT \ | |
| -e CA_EXPIRE \ | |
| -e SSL_EXPIRE \ | |
| -e SSL_SUBJECT \ | |
| -e SSL_DNS \ | |
| -e SSL_IP \ | |
| -e SILENT \ | |
| superseb/omgwtfssl | |
| docker run -d --restart=unless-stopped \ | |
| -p 80:80 -p 443:443 \ | |
| -v $PWD/rancher:/var/lib/rancher \ | |
| -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \ | |
| -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \ | |
| -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \ | |
| rancher/rancher:latest | |
| echo "Waiting for Rancher to be started" | |
| while true; do | |
| docker run --rm --net=host appropriate/curl -sLk "https://$FQDN/ping" && break | |
| echo -n "." | |
| sleep 5 | |
| done | |
| echo "" | |
| docker run --rm --net=host superseb/rancher-check "https://${FQDN}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment