78 lines
2.8 KiB
TypeScript
78 lines
2.8 KiB
TypeScript
|
import { $ } from "bun";
|
||
|
import fs from "node:fs";
|
||
|
import execute from "../(utils)/execute";
|
||
|
|
||
|
export default async function setupSSL() {
|
||
|
console.log("Generating SSL Files ...");
|
||
|
|
||
|
const CA_CERT_FILE = "/ssl/ca-cert.pem";
|
||
|
const CA_KEY_FILE = "/ssl/ca-key.pem";
|
||
|
const SERVER_CERT_FILE = "/ssl/server-cert.pem";
|
||
|
const SERVER_KEY_FILE = "/ssl/server-key.pem";
|
||
|
|
||
|
if (!fs.existsSync("/app/ssl")) {
|
||
|
fs.mkdirSync("/app/ssl", { recursive: true });
|
||
|
}
|
||
|
|
||
|
if (!fs.existsSync("/app/public/documents/ssl/")) {
|
||
|
fs.mkdirSync("/app/public/documents/ssl/", { recursive: true });
|
||
|
}
|
||
|
|
||
|
$.cwd("/ssl");
|
||
|
|
||
|
if (!fs.existsSync(CA_CERT_FILE) || !fs.existsSync(CA_KEY_FILE)) {
|
||
|
console.log("Generating SSL Files ...");
|
||
|
|
||
|
execute(`rm -Rf /ssl/*`);
|
||
|
execute(`openssl genrsa 2048 >ca-key.pem`, { cwd: "/ssl" });
|
||
|
execute(
|
||
|
`openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem -subj "/C=/ST=/L=/O=/CN=MariaDB admin"`,
|
||
|
{ cwd: "/ssl" }
|
||
|
);
|
||
|
execute(
|
||
|
`openssl req -newkey rsa:2048 -days 365000 -nodes -keyout server-key.pem -out server-req.pem -subj "/C=/ST=/L=/O=/CN=MariaDB server"`,
|
||
|
{ cwd: "/ssl" }
|
||
|
);
|
||
|
execute(`openssl rsa -in server-key.pem -out server-key.pem`, {
|
||
|
cwd: "/ssl",
|
||
|
});
|
||
|
execute(
|
||
|
`openssl x509 -req -in server-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem`,
|
||
|
{ cwd: "/ssl" }
|
||
|
);
|
||
|
execute(
|
||
|
`openssl req -newkey rsa:2048 -days 365000 -nodes -keyout client-key.pem -out client-req.pem -subj "/C=/ST=/L=/O=/CN=MariaDB user"`,
|
||
|
{ cwd: "/ssl" }
|
||
|
);
|
||
|
execute(`openssl rsa -in client-key.pem -out client-key.pem`, {
|
||
|
cwd: "/ssl",
|
||
|
});
|
||
|
execute(
|
||
|
`openssl x509 -req -in client-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem`,
|
||
|
{ cwd: "/ssl" }
|
||
|
);
|
||
|
}
|
||
|
|
||
|
execute(`chmod 755 /ssl`);
|
||
|
execute(`chmod 644 /ssl/\*.pem`);
|
||
|
|
||
|
execute(`rm -Rf /app/ssl/\*`);
|
||
|
execute(`rm -Rf /app/public/documents/ssl/\*`);
|
||
|
|
||
|
execute(`cp /ssl/ca-cert.pem /app/ssl/`);
|
||
|
// execute(`cp /ssl/client-key.pem /app/ssl/`);
|
||
|
// execute(`cp /ssl/client-cert.pem /app/ssl/`);
|
||
|
execute(`cp /ssl/ca-cert.pem /app/public/documents/ssl/`);
|
||
|
// execute(`cp /ssl/client-key.pem /app/public/documents/ssl/`);
|
||
|
// execute(`cp /ssl/client-cert.pem /app/public/documents/ssl/`);
|
||
|
|
||
|
const LOCAL_CONFIG_DIR = "/app/jsonData/dbSchemas/users";
|
||
|
|
||
|
if (!fs.existsSync(LOCAL_CONFIG_DIR)) {
|
||
|
console.log("Creating Local Config Directory ...");
|
||
|
fs.mkdirSync(LOCAL_CONFIG_DIR, { recursive: true });
|
||
|
}
|
||
|
|
||
|
console.log("SSL Files Setup Complete!");
|
||
|
}
|