57 lines
1.4 KiB
Bash
Executable File
57 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
image="rsnow/nginx"
|
|
docker pull $image
|
|
ID=$(docker run -d -ti $image)
|
|
|
|
echo $ID
|
|
|
|
[[ -z "$ID" ]] && echo "container couldn't be retrieved" >&2 && exit 1
|
|
|
|
docker exec -ti $ID nginx -V
|
|
docker exec -ti $ID mkdir /etc/nginx/ssl
|
|
HN=$(docker exec -ti $ID hostname| tr -d '\n' | tr -d '\r')
|
|
|
|
cd /tmp
|
|
cat >$ID.conf << EOF
|
|
|
|
server {
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
server_name _;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_early_data on;
|
|
#
|
|
ssl_certificate /etc/nginx/ssl/$HN.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/$HN.key;
|
|
|
|
location / {
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
}
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
docker cp $ID.conf $ID:/etc/nginx/conf.d/443.conf
|
|
|
|
C_ST_etc="C=DE/ST=Gotham/L=Nowhere/CN=${HN}"
|
|
openssl req -subj "/${C_ST_etc}/CN=${HN}" -newkey rsa:4096 -keyout "$HN.key" -nodes -sha256 -out "$HN.req"
|
|
openssl x509 -days 365 -in "$HN.req" -req -signkey "$HN.key" -out "$HN.crt"
|
|
docker cp $HN.key $ID:/etc/nginx/ssl
|
|
docker cp $HN.crt $ID:/etc/nginx/ssl
|
|
|
|
docker exec -ti $ID nginx -s reload
|
|
# docker start $ID
|
|
|
|
echo
|
|
echo "You may now run \"testssl.sh $(docker inspect $ID --format '{{.NetworkSettings.IPAddress}}')\""
|
|
|
|
exit 0
|
|
|
|
# vim:ts=5:sw=5:expandtab
|