outsourced the openssl certificate generation into the generate.sh

DockerExec

@@ -456,35 +456,8 @@ elif [[ "do" == "$ENVIRONMENT" ]]; then
         RSA_ORGUNIT_NAME=`match_answer_or_default "Organizational Unit Name (a section) [Docker Proxy Stack]: " "Docker Proxy Stack"`
         RSA_EMAIL=`match_answer_or_default "E-Mail Address []: " ""`
 
-        # create complex variables
-        DOMAIN_ALT_NAMES="DNS:docker.test,DNS:*.docker.test,DNS:localhost,DNS:127.0.0.1,DNS:0:0:0:0:0:0:0:1"
-        CERT_SUBJECT="/C=$RSA_COUNTRY_NAME/ST=$RSA_STATE_NAME/L=$RSA_LOCALITY_NAME/O=$RSA_ORG_NAME/OU=$RSA_ORGUNIT_NAME/emailAddress=$RSA_EMAIL/CN=docker.test"
-
-        # create a root key and rootCA for docker.test
-        openssl genrsa -out "$CERTS_PATH/rootCA.key" $RSA_KEY_LENGTH
-        openssl req -x509 -new -nodes -sha256 \
-            -key "$CERTS_PATH/rootCA.key" \
-            -subj "$CERT_SUBJECT" \
-            -days $RSA_VALID_DAYS \
-            -out "$CERTS_PATH/rootCA.crt"
-
-        # create a certificate for docker.test
-        openssl genrsa -out "$CERTS_PATH/docker.test.key" $RSA_KEY_LENGTH
-        openssl req -new -sha256 \
-            -key "$CERTS_PATH/docker.test.key" \
-            -subj "$CERT_SUBJECT" \
-            -reqexts SAN \
-            -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$DOMAIN_ALT_NAMES")) \
-            -out "$CERTS_PATH/docker.test.csr"
-
-        # last step: sign the domain certificate with the rootCA
-        openssl x509 -req -sha256 -CAcreateserial \
-            -in "$CERTS_PATH/docker.test.csr" \
-            -CA "$CERTS_PATH/rootCA.crt" \
-            -CAkey "$CERTS_PATH/rootCA.key" \
-            -out "$CERTS_PATH/docker.test.crt" \
-            -days $RSA_VALID_DAYS \
-            -extfile <(printf "subjectAltName=$DOMAIN_ALT_NAMES")
+        generate_openssl_certs "$CERTS_PATH" "$RSA_KEY_LENGTH" "$RSA_VALID_DAYS" "$RSA_COUNTRY_NAME" "$RSA_STATE_NAME" \
+                               "$RSA_LOCALITY_NAME" "$RSA_ORG_NAME" "$RSA_ORGUNIT_NAME" "$RSA_EMAIL"
 
         print_info "Done creating rootCA and certificates in $CERTS_PATH."
         print_info "Now register the rootCA.crt in your browser." 1

src/generate.sh

@@ -1,5 +1,60 @@
 #!/usr/bin/env bash
 
+# does the openssl certificate generation for the proxy to work with SSL
+function generate_openssl_certs() {
+    local RSA_COMMAND=openssl
+    local CERTS_PATH=$1
+    local RSA_KEY_LENGTH=$2
+    local RSA_VALID_DAYS=$3
+    local RSA_COUNTRY_NAME=$4
+    local RSA_STATE_NAME=$5
+    local RSA_LOCALITY_NAME=$6
+    local RSA_ORG_NAME=$7
+    local RSA_ORGUNIT_NAME=$8
+    local RSA_EMAIL=$9
+
+    # create complex variables
+    local DOMAIN_ALT_NAMES="DNS:docker.test,DNS:*.docker.test,DNS:localhost,DNS:127.0.0.1,DNS:0:0:0:0:0:0:0:1"
+    local CERT_SUBJECT="/C=$RSA_COUNTRY_NAME/ST=$RSA_STATE_NAME/L=$RSA_LOCALITY_NAME/O=$RSA_ORG_NAME/OU=$RSA_ORGUNIT_NAME/emailAddress=$RSA_EMAIL/CN=docker.test"
+
+    local SYSTEM_HAS_OPENSSL=`command -v openssl`
+    if [[ "1" == "$?" ]]; then
+        print_warning "Openssl seems not to be installed on this machine. But it is necessary to generate keys..." 1
+        exit 1
+
+        #print_warning "Openssl seems not to be installed on this machine. Trying to install with docker."
+        #RSA_COMMAND=docker\ run\ --user\ "$(id -u):$(id -g)"\ -i\ -v\ "${CERTS_PATH}:/export"\ "${OPENSSL_IMAGE}"\ openssl
+        #CERTS_PATH=/export
+    fi
+
+    # create a root key and rootCA for docker.test
+    ${RSA_COMMAND} genrsa -out "$CERTS_PATH/rootCA.key" $RSA_KEY_LENGTH
+    ${RSA_COMMAND} req -x509 -new -nodes -sha256 \
+        -key "$CERTS_PATH/rootCA.key" \
+        -subj "$CERT_SUBJECT" \
+        -days $RSA_VALID_DAYS \
+        -out "$CERTS_PATH/rootCA.crt"
+
+    # create a certificate for docker.test
+    openssl genrsa -out "$CERTS_PATH/docker.test.key" $RSA_KEY_LENGTH
+    openssl req -new -sha256 \
+        -key "$CERTS_PATH/docker.test.key" \
+        -subj "$CERT_SUBJECT" \
+        -reqexts SAN \
+        -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$DOMAIN_ALT_NAMES")) \
+        -out "$CERTS_PATH/docker.test.csr"
+
+    # last step: sign the domain certificate with the rootCA
+    ${RSA_COMMAND} x509 -req -sha256 -CAcreateserial \
+        -in "$CERTS_PATH/docker.test.csr" \
+        -CA "$CERTS_PATH/rootCA.crt" \
+        -CAkey "$CERTS_PATH/rootCA.key" \
+        -out "$CERTS_PATH/docker.test.crt" \
+        -days $RSA_VALID_DAYS \
+        -extfile <(printf "subjectAltName=$DOMAIN_ALT_NAMES")
+}
+
+# creates a docker-compose.proxy.yaml with some default configuration for php + nginx
 function generate_docker_compose_project() {
     local FILE_PATH=$1
     local DOMAIN_PREFIX=$2