From 3e396b778a530d8366a98d78e796afb4dcd7d6e0 Mon Sep 17 00:00:00 2001 From: Brooke Date: Fri, 1 Jul 2022 10:50:05 -0700 Subject: [PATCH 1/3] PROD-2194 #comment improve SSL serving locally #time 30m --- README.md | 10 +++++++++- ssl/cert.pem | 24 ------------------------ ssl/key.pem | 30 ------------------------------ ssl/server.cert | 20 ++++++++++++++++++++ ssl/server.key | 28 ++++++++++++++++++++++++++++ start-ssl-bsouza.sh | 5 +---- start-ssl.sh | 5 ++++- 7 files changed, 62 insertions(+), 60 deletions(-) delete mode 100644 ssl/cert.pem delete mode 100644 ssl/key.pem create mode 100644 ssl/server.cert create mode 100644 ssl/server.key diff --git a/README.md b/README.md index 91c4de5a4..890e79498 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,15 @@ You will need to add the following line to your hosts file. The hosts file is no 3. Go to https://local.topcoder-dev.com:3000/ -**NOTE:** SSL is required for authentication, so you must accept the invalid cert. +### Local SSL + +SSL is required for authentication to work properly. + +The `yarn start` command serves the site using the cert and key in the /ssl directory. + +For easier development, it is recommended that you add this certificate to your trusted root authorities and as a trused cert in your browser. + +Otherwise, you will need to override the exception each time you load the site. Firefox users may need to user an incognito browser in order to override the exception. ### Personal Config diff --git a/ssl/cert.pem b/ssl/cert.pem deleted file mode 100644 index 124e877b7..000000000 --- a/ssl/cert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID+zCCAuOgAwIBAgIUIkolD9JJAYhQy6lyk8Du8WVso6cwDQYJKoZIhvcNAQEL -BQAwgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCTEExETAP -BgNVBAoMCFRvcGNvZGVyMRAwDgYDVQQLDAdQcm9kdWN0MRkwFwYDVQQDDBB0b3Bj -b2Rlci1kZXYuY29tMSMwIQYJKoZIhvcNAQkBFhRmdW5AdG9wY29kZXItZGV2LmNv -bTAeFw0yMjAyMjUxOTMwNDNaFw0yMzAyMjUxOTMwNDNaMIGMMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAkxBMREwDwYDVQQKDAhUb3Bjb2RlcjEQ -MA4GA1UECwwHUHJvZHVjdDEZMBcGA1UEAwwQdG9wY29kZXItZGV2LmNvbTEjMCEG -CSqGSIb3DQEJARYUZnVuQHRvcGNvZGVyLWRldi5jb20wggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQC+NXCDkwl+D+BcdgGxu9eJDFf7zUyO+zc5S7cQS6mz -aUbtCDifF9FJN0ga3PvzRb7TWOHGESQxyTcueK7ZpcrU+ozQmVudVVdw/lgmwtzz -Gu4OCYggtwXv+uDfcpHmeWoI/zKvlPr7IJVgCmLviBNd5O/AtFlsF2M5t7+4pihb -u9nMmDxDm6w0z6nCGaWBlz24lxoH7sSU1EL5ePYP43HssRG9W6BQL/uwRYd3Z6pN -sUmyvFuXAg7gA11/plWHwrIHRtEkbT5HIobHDwdR9Li9KanK5GXcl4J5ho/Snq6B -axBra8IzXPNSwuu1VGXtXgpC48SDNQ2dsG+dmThTpHKDAgMBAAGjUzBRMB0GA1Ud -DgQWBBSjY9umzPyQHvG5Lm0aV2uqJn59LjAfBgNVHSMEGDAWgBSjY9umzPyQHvG5 -Lm0aV2uqJn59LjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAZ -KU3cI+ZWJ2dOK7vGE2JH6hN+YA8XjVI7XRvw6q0d4TYSrVmg6YA5E1hK817yX0Jv -GbmK+TOrwdJAwsXN26XDZrId9+EA118ZT4A6+H9Hxg3gMKcpxew+X5tBpM7gRn8b -tNAo+NjeZI1c26ld5bBUzoB/gNOQsPqzrEbzSiUU9SdgmHDIOmuY2dEtVDzmAHF/ -TKT9Bm0B01qbNATRIUTNUkp8+DXNrGUPocrr+zgq+09HdLtFaivB53ttsdc1l1tJ -4g2qTcOx72jwEEiktvFl1ncLgtu0fQ+hbajtgx0srcP/uCZWmm7MCVLaCFFb1JFn -UAKnq9UPpl6r1wSmassp ------END CERTIFICATE----- diff --git a/ssl/key.pem b/ssl/key.pem deleted file mode 100644 index 1505815e2..000000000 --- a/ssl/key.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsGt6pxhpySYCAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHlvbp2BT5EgBIIEyF+kCIiUtwg9 -CpQxw2nQX85RLFgBzdxswx05SWSJ7YAojO+ALd/VAecjwSzBzRsft316V9dXgwAl -7urU0zTRiAS3EJyULrYqP5yFL+pWmH2SiOcyFAtgw3C2UvQXNwCvLZ3quWv+a74F -QgmCntlCiyDtOh/MFSC/yS3etj7PWXiHK58UtjMvWqLFtHA/RcyLZ6poRVGRGRIw -IV+OrEvbH9mtiPyIxq3A3KMCFh126yQrGtApNrJ8OOdeFRoG5XT8QMYdLUFlMiKo -Sh+jbelF49lWFGJNZOcTa2NZyu8PIjr67QTfqC9Biu4kHsv+m8MyA3QDwNdQQXsC -TUNyVYJ9FFOle7Wow3s6Q9aPePKcd/OOrzUZdWTrFGzdblqDccR+MLp2kH4PnAXV -j4ncSUrJdN37yf27gJup9vrTPoIGPikmCzgYAJICBJG2IH7CSYhMHsVkpcYOUGK4 -q87Sc9wrSvR9T4J3ZG2UsEVyY8C5zC/LPatAaplCtld+317Fl7nrL/BR7JvV0thK -d5ask9pTkpiGx0v9a47WxeRmWEAmhDRR9l9hT0rYywID4fy2Qxa7z+29cC2sKduh -KS2dTMvEz86iXUcADgbTMedncn3dJ/5Yba1BMMbu4sJIvseAyoxcnet7vkLHw8A9 -JBRXqYeTIlggfnxVjm1JUv+t6n9YeizEEOiw6Af54Zq1D4NoylkXEIsEGgoHk8Gb -jT/EiZc4grWc4zmZcSdzDTnkuZhUS0vLaWYE5Y9Q6Khd/wibJV+6y+yiUUuAoaLH -8enrti4Qta8+MDLTp0nnyuWz1zdGJg024BU0h7kYK9C2M4GR0z1gvUD0axVXcigi -42Bb02T6neaYqkkoAJklxpGFFdbIKEztsCoX+K/Dw/4u2aeYSxZbxXiz/q960Y0X -CwD/Dg7K5CGy3Tjc+P8Z0629jLrd21Wmhy0IbGgGUbtMETempLGmrJaeZzD/0A07 -9uVhPkXcmUgrdZFBVNNFU1gjB62seCM8Gnu+BpJQnegAO5EtdQxn+yp74lgv9gPR -CVc9qBpJUK7ZbmFrT2eusMHilLOnvkLBsUs7PEohqXEOsrwbpIOIKaNOzpmPCp4A -q4wq9bt7PyeZPn0nqdSH/NxOUJ+qe/P62cJ2Bbm0If05gPUqYu7jLAfsFqW9h5xD -fTQMdlgTlcWi1RpSnbEYdr0Dxvhg56TzAKVDsiYrwSamd6CrFNmfctQSMa5dT7Xi -zkz9FxM6jEsJZhr5WwL971lmrfyUTdeOfhzf1DyTbwo8tO4kgwI+SssLuJn1FkBB -sm5uxzZUv5SQqw85fiSgtJzyxq6KdMrf4CDF1h+XyvbZL58FpuQQTDAcEYNLxW7V -OjmUgS5Jsyx0661BdF3jMXcZWbzeMtvxgwgeLMan9Ns6A7yQ/XymL9gMtf00IKMq -9zughoh9O4iC75WwLZBHwLzxI3jOTqmpP8FImBMQ73uKayChTG4I71ccMvtZxqmO -pvI+/WiXe+QqTck/owd9n1QCYJr14pj2P9nUVvbgR5K5EaTsP1HyMT/9LeiHBIJd -k3lUMvaibBmqZUSjdXtH4cfsNE3E0FPihDTNy4KuyDl/jkrYF43jsqEPIDLjgplS -JH70kUM6IcRlhhGGji8HLw== ------END ENCRYPTED PRIVATE KEY----- diff --git a/ssl/server.cert b/ssl/server.cert new file mode 100644 index 000000000..16d0506b6 --- /dev/null +++ b/ssl/server.cert @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWjCCAkICCQD6eL8GshOMiTANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC0xvcyBBbmdlbGVzMREwDwYDVQQKDAhU +b3Bjb2RlcjEPMA0GA1UECwwGTWVtYmVyMRkwFwYDVQQDDBB0b3Bjb2Rlci1kZXYu +Y29tMB4XDTIyMDcwMTE3MTcyNFoXDTIyMDczMTE3MTcyNFowbzELMAkGA1UEBhMC +VVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtMb3MgQW5nZWxlczERMA8GA1UECgwI +VG9wY29kZXIxDzANBgNVBAsMBk1lbWJlcjEZMBcGA1UEAwwQdG9wY29kZXItZGV2 +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6CVXm1EdrDg2DE +NlJ84sETPFIoKIHb8QuBpH/PYnLt1QoIdMEYB0ERJRL8dma2iorqUu0xwmxoHxXJ +ULRTK/0wtRLwTp7ajHh9USFAqN03VS6IyXWQeWndeBGt2e7aAChhr/5qeeQusXog +9ZXjKrPk9hVWanonqdRp4Av3icklFIHzXDVyVuNddUjOhNout5t7MsHWYaUla8YY +LgU0SMg4SXKj6aRCmUR4VIPGmIyH+gN5e9YTah+U75q8nNrslf4oN7EJH0Cgc6Y8 +tM6AVNsla4468vd/upTccBIL5qs7H6Px4mXFRj+Nwsn3W/0vNaa9lqgLFC6z/9h3 +DcW30w0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAumEHPbgEqgqWHzYkj9T2OavJ +3xgZ2GTe7lNPNJcORyHHnqmtIN0KqKcUKZgItsYNCqpXGXMWQ5BrhvmI2QyHbEWV +QfRE6XBRkV3zT2hht1zyVzgQxA0fsCFN3ztC7EGq8roK4mRku6PwRdNeRN3WHhRU +58mbOOYP9ctsvbdMTq2gY1+VNdzv1jlLF0rrxaq9qw4D6W5366rXEqKarij03M91 +vwq78mxLBiNWe6OuUJwSB21IU3hSCDOugjYX4j+1CJZPrUOPGfIW1RchB6wfUoWx +aVLbiWoE+ht33DvPTv49PIjLGikh4IBuikU1TUvpknk/ZbLhD2DCWAzUU1XYew== +-----END CERTIFICATE----- diff --git a/ssl/server.key b/ssl/server.key new file mode 100644 index 000000000..156309c88 --- /dev/null +++ b/ssl/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeglV5tRHaw4Ng +xDZSfOLBEzxSKCiB2/ELgaR/z2Jy7dUKCHTBGAdBESUS/HZmtoqK6lLtMcJsaB8V +yVC0Uyv9MLUS8E6e2ox4fVEhQKjdN1UuiMl1kHlp3XgRrdnu2gAoYa/+annkLrF6 +IPWV4yqz5PYVVmp6J6nUaeAL94nJJRSB81w1clbjXXVIzoTaLrebezLB1mGlJWvG +GC4FNEjIOElyo+mkQplEeFSDxpiMh/oDeXvWE2oflO+avJza7JX+KDexCR9AoHOm +PLTOgFTbJWuOOvL3f7qU3HASC+arOx+j8eJlxUY/jcLJ91v9LzWmvZaoCxQus//Y +dw3Ft9MNAgMBAAECggEAD2ybfj9WCIMrFUckuN0dXuL1eIB+JlpXwENxYsa+fVcN +QI/LgCMpRZJproI/tukKe4y4yOZ9IsSo+vqklIt7bia1NqXf3VUrDaMqP5La4dLX +Hc2voW2tbPBERX12sP79qc7zw0AgSPgPp3anb4d6y1Og12PRJ7yeIjJgrJOxQncl +eLiXuoekblkB+3vm+hJjwOfQnSZ9m1aLD8GaONkTl1X8/c4IotfzKwuHPKyc4yfw +iyvXeIP6JUrczjTXMxM0AJnKcxrjd1NXTXBt4rb201NTF06P+TGt8xR7HcXNr/VV +5VisjHROF0aZfhFyq2eVyivRGTCVf+Pg/U0POuhhxQKBgQDwZCqH4zrG2Jx0KJOc +T1ipPGXnHvSlj4KPrSQR47PCGncLEf9EuwXXVtYYWBSksBiGuUjWxCpGLWZPd3WG +EXVvYD+vd+vVrmuul874wnWKuO8XOm64U5/cjX6ZC1H9ZBgMWPbdHEGCk4eAynJz +/EfTFLlhZQSSVduM/sRj+PLTJwKBgQDs9O1DRKwKjGQ7pXLzecw0ZC3VwMxHZHZD +mKmdp7ZCeLJK17XOZFR6+70KvW0BHc/FKSWey4D3shx5pYYCcwBNrcEj7NpscKHU +K7CMQPayyco5zprZrL21+igDpDrthIBX8hV0dZbHskv58dRRnM+mivA+rAYvxiwU +VzADV7H4qwKBgAPkSz/58MipVxcWVRVxv2i1/pxYRvOrOBzlW7Eic5WP4h9+whg1 +wulykXLBckwcQblkpIY9lMWgFIjy0SdDfxg3gbBwi5PhCANCl+o1E7wUNGK24nX/ +fJYQgF0v7rrgdPc2NYDs5S6c/tOZ83JnQi5rpniqLwHDfBNzSHCp5hx/AoGBAJ5T +8Yz2/7V0pSytmidRhL6lCXNABb7WQ6dbBEqRW1kC6K7Vf2dO5pveRSw98e3DC6cD +nV2DQMNAwYIOtYJBcTx2Ew18H15By//GyYqNhclkx7jkcddscr57Te1Q+QbneBJL +cUaFo5//ZIC3s1Rs4Nq5D1nw+5lEYwOcVjqFiCdNAoGAdGLPu40FKz8gCG3MAy8T +kcv33tzqPtbDKfxuMKMFSNTSfCZOHquuic5rELcupFq99TcNzeXn2P56wrav+FWy +KNyj6V97RUAcpKdJb4i5Hc914zVICnW6Cg+er4vHh8WP0RitGka1Cz5ptI+zGHoQ +nGFfqfPeuyv6gjxi01nrUNM= +-----END PRIVATE KEY----- diff --git a/start-ssl-bsouza.sh b/start-ssl-bsouza.sh index 5f50ef89c..4d0091e80 100644 --- a/start-ssl-bsouza.sh +++ b/start-ssl-bsouza.sh @@ -1,5 +1,2 @@ -export HTTPS=true&&SSL_CRT_FILE=ssl/cert.pem&&SSL_KEY_FILE=ssl/key.pem -export HOST=local.topcoder-dev.com export REACT_APP_HOST_ENV=bsouza -nvm use -yarn react-app-rewired start +sh ./start-ssl.sh diff --git a/start-ssl.sh b/start-ssl.sh index 0dc771ce2..fdbc5ff07 100644 --- a/start-ssl.sh +++ b/start-ssl.sh @@ -1,5 +1,8 @@ -export HTTPS=true&&SSL_CRT_FILE=ssl/cert.pem&&SSL_KEY_FILE=ssl/key.pem +export HTTPS=true +export SSL_CRT_FILE=ssl/server.cert +export SSL_KEY_FILE=ssl/server.key export HOST=local.topcoder-dev.com +export PORT=3003 export REACT_APP_HOST_ENV=default nvm use yarn react-app-rewired start From 56ad2f7de0c2030e1c33e67dec7823a01046f72a Mon Sep 17 00:00:00 2001 From: Brooke Date: Fri, 1 Jul 2022 11:05:15 -0700 Subject: [PATCH 2/3] PROD-2194 clean up #time 5m --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 890e79498..0eaa1da33 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ You will need to add the following line to your hosts file. The hosts file is no >% yarn start -3. Go to https://local.topcoder-dev.com:3000/ +3. Go to https://local.topcoder-dev.com:3003/ ### Local SSL From e10728b19e0f6790eecb25b848289d42f8ca0802 Mon Sep 17 00:00:00 2001 From: Brooke Date: Fri, 1 Jul 2022 11:05:41 -0700 Subject: [PATCH 3/3] PROD-2194 clean up #time 5m --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0eaa1da33..44b167472 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ SSL is required for authentication to work properly. The `yarn start` command serves the site using the cert and key in the /ssl directory. -For easier development, it is recommended that you add this certificate to your trusted root authorities and as a trused cert in your browser. +For easier development, it is recommended that you add this certificate to your trusted root authorities and as a trused cert in your browser. Google your browser and OS for more info. Otherwise, you will need to override the exception each time you load the site. Firefox users may need to user an incognito browser in order to override the exception.