mirror of
https://github.com/absmach/supermq.git
synced 2026-06-23 06:40:19 +00:00
NOISSUE - Fix mTLS setup (#3029)
Continuous Delivery / Build and Push (push) Has been cancelled
Check the consistency of generated files / check-generated-files (push) Has been cancelled
Check License Header / check-license (push) Has been cancelled
Deploy GitHub Pages / swagger-ui (push) Has been cancelled
Continuous Delivery / Build and Push (push) Has been cancelled
Check the consistency of generated files / check-generated-files (push) Has been cancelled
Check License Header / check-license (push) Has been cancelled
Deploy GitHub Pages / swagger-ui (push) Has been cancelled
Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
This commit is contained in:
b1ackd0t
GitHub
+4
-1
@@ -3,7 +3,7 @@
|
||||
# Docker: Environment variables in Compose
|
||||
|
||||
## Enable GRPC SSL
|
||||
## If enabled run ./scripts/generate-grpc-certs.sh to generate the GRPC certs
|
||||
## If enabled run make all inside docker/ssl directory to generate the GRPC certs
|
||||
GRPC_MTLS=
|
||||
|
||||
## NginX
|
||||
@@ -162,6 +162,9 @@ SMQ_DOMAINS_HTTP_SERVER_KEY=
|
||||
SMQ_DOMAINS_HTTP_SERVER_CERT=
|
||||
SMQ_DOMAINS_GRPC_HOST=domains
|
||||
SMQ_DOMAINS_GRPC_PORT=7003
|
||||
SMQ_DOMAINS_GRPC_SERVER_CERT=${GRPC_MTLS:+./ssl/certs/domains-grpc-server.crt}${GRPC_TLS:+./ssl/certs/domains-grpc-server.crt}
|
||||
SMQ_DOMAINS_GRPC_SERVER_KEY=${GRPC_MTLS:+./ssl/certs/domains-grpc-server.key}${GRPC_TLS:+./ssl/certs/domains-grpc-server.key}
|
||||
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS=${GRPC_MTLS:+./ssl/certs/ca.crt}${GRPC_TLS:+./ssl/certs/ca.crt}
|
||||
SMQ_DOMAINS_DB_HOST=domains-db
|
||||
SMQ_DOMAINS_DB_PORT=5432
|
||||
SMQ_DOMAINS_DB_NAME=domains
|
||||
|
||||
+210
-51
@@ -235,10 +235,10 @@ services:
|
||||
## Compose supports parameter expansion in environment,
|
||||
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
||||
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
||||
SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/auth-grpc-server.crt}
|
||||
SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/auth-grpc-server.key}
|
||||
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
||||
SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt}
|
||||
SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/domains-grpc-server.crt}
|
||||
SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/domains-grpc-server.key}
|
||||
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
||||
SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/domains-grpc-client-ca.crt}
|
||||
SMQ_DOMAINS_DB_HOST: ${SMQ_DOMAINS_DB_HOST}
|
||||
SMQ_DOMAINS_DB_PORT: ${SMQ_DOMAINS_DB_PORT}
|
||||
SMQ_DOMAINS_DB_USER: ${SMQ_DOMAINS_DB_USER}
|
||||
@@ -272,7 +272,7 @@ services:
|
||||
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
||||
SMQ_CLIENTS_GRPC_R_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
||||
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
||||
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
||||
@@ -294,24 +294,25 @@ services:
|
||||
# Auth gRPC mTLS server certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
||||
target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_CERT:+.crt}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_SERVER_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_KEY:+.key}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_SERVER_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
||||
target: /auth-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
target: /domains-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
||||
target: /auth-grpc-client-ca${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
target: /domains-grpc-client-ca${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
||||
@@ -327,6 +328,54 @@ services:
|
||||
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Groups gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Channels gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Clients gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /clients-grpc-client${SMQ_CLIENTS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /clients-grpc-client${SMQ_CLIENTS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /clients-grpc-server-ca${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
nginx:
|
||||
image: nginx:1.25.4-alpine
|
||||
@@ -415,8 +464,8 @@ services:
|
||||
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
||||
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
||||
SMQ_CLIENTS_GRPC_SERVER_CERT: ${SMQ_CLIENTS_GRPC_SERVER_CERT:+/clients-grpc-server.crt}
|
||||
SMQ_CLIENTS_GRPC_R_KEY: ${SMQ_CLIENTS_GRPC_SERVER_KEY:+/clients-grpc-server.key}
|
||||
SMQ_CLIENTS_GRPC_R_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_CLIENTS_GRPC_SERVER_KEY: ${SMQ_CLIENTS_GRPC_SERVER_KEY:+/clients-grpc-server.key}
|
||||
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_CA_CERTS: ${SMQ_CLIENTS_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt}
|
||||
SMQ_ES_URL: ${SMQ_ES_URL}
|
||||
SMQ_CLIENTS_CACHE_URL: ${SMQ_CLIENTS_CACHE_URL}
|
||||
@@ -538,8 +587,24 @@ services:
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt}
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Domain gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /domains-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -647,6 +712,27 @@ services:
|
||||
- supermq-base-net
|
||||
volumes:
|
||||
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
||||
# Channels gRPC server certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
||||
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
||||
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
||||
target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
@@ -663,6 +749,7 @@ services:
|
||||
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Clients gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /clients-grpc-client${SMQ_CLIENTS_GRPC_CLIENT_CERT:+.crt}
|
||||
@@ -674,10 +761,11 @@ services:
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
||||
target: /clients-grpc-server-ca${SMQ_CLIENTS_GRPC_SERVER_CERT:+.crt}
|
||||
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /clients-grpc-server-ca${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Groups gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt}
|
||||
@@ -689,38 +777,24 @@ services:
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt}
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Domains gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
||||
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca}
|
||||
target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /domains-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
@@ -829,6 +903,22 @@ services:
|
||||
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Domains gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /domains-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
groups-db:
|
||||
image: postgres:16.2-alpine
|
||||
@@ -923,6 +1013,27 @@ services:
|
||||
- supermq-base-net
|
||||
volumes:
|
||||
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
||||
# Groups gRPC server certificates
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
||||
target: /groups-grpc-server${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
||||
target: /groups-grpc-server${SMQ_GROUPS_GRPC_SERVER_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
||||
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
||||
target: /groups-grpc-client-ca${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Auth gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
@@ -939,6 +1050,54 @@ services:
|
||||
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Clients gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /clients-grpc-client${SMQ_CLIENTS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /clients-grpc-client${SMQ_CLIENTS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /clients-grpc-server-ca${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Channels gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
# Domains gRPC client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
||||
target: /domains-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
|
||||
jaeger:
|
||||
image: jaegertracing/all-in-one:1.66.0
|
||||
@@ -983,7 +1142,7 @@ services:
|
||||
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
||||
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_T_KEY:+/clients-grpc-client.key}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
||||
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
||||
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
||||
@@ -1037,12 +1196,12 @@ services:
|
||||
# Domains gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
@@ -1070,7 +1229,7 @@ services:
|
||||
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
||||
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
||||
SMQ_CLIENTS_GRPC_T_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
||||
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
||||
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
||||
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
||||
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
||||
@@ -1149,12 +1308,12 @@ services:
|
||||
# Domains gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
@@ -1250,12 +1409,12 @@ services:
|
||||
# Domains gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
@@ -1362,12 +1521,12 @@ services:
|
||||
# Domains gRPC mTLS client certificates
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
||||
target: /domains-grpc-server${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
target: /domains-grpc-client${SMQ_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
||||
bind:
|
||||
create_host_path: true
|
||||
- type: bind
|
||||
|
||||
+61
-79
@@ -10,18 +10,36 @@ CN_CA = SuperMQ_Self_Signed_CA
|
||||
CN_SRV = localhost
|
||||
CLIENT_SECRET = <CLIENTS_SECRET> # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d
|
||||
CRT_FILE_NAME = client
|
||||
CLIENTS_GRPC_SERVER_CONF_FILE_NAME=client-grpc-server.conf
|
||||
CLIENTS_GRPC_CLIENT_CONF_FILE_NAME=client-grpc-client.conf
|
||||
CLIENTS_GRPC_SERVER_CN=clients
|
||||
CLIENTS_GRPC_CLIENT_CN=clients-client
|
||||
CLIENTS_GRPC_SERVER_CRT_FILE_NAME=clients-grpc-server
|
||||
CLIENTS_GRPC_CLIENT_CRT_FILE_NAME=clients-grpc-client
|
||||
AUTH_GRPC_SERVER_CONF_FILE_NAME=auth-grpc-server.conf
|
||||
AUTH_GRPC_CLIENT_CONF_FILE_NAME=auth-grpc-client.conf
|
||||
AUTH_GRPC_SERVER_CN=auth
|
||||
AUTH_GRPC_CLIENT_CN=auth-client
|
||||
AUTH_GRPC_SERVER_CRT_FILE_NAME=auth-grpc-server
|
||||
AUTH_GRPC_CLIENT_CRT_FILE_NAME=auth-grpc-client
|
||||
DOMAINS_GRPC_SERVER_CONF_FILE_NAME=domains-grpc-server.conf
|
||||
DOMAINS_GRPC_CLIENT_CONF_FILE_NAME=domains-grpc-client.conf
|
||||
DOMAINS_GRPC_SERVER_CN=domains
|
||||
DOMAINS_GRPC_CLIENT_CN=domains-client
|
||||
DOMAINS_GRPC_SERVER_CRT_FILE_NAME=domains-grpc-server
|
||||
DOMAINS_GRPC_CLIENT_CRT_FILE_NAME=domains-grpc-client
|
||||
GROUPS_GRPC_SERVER_CONF_FILE_NAME=groups-grpc-server.conf
|
||||
GROUPS_GRPC_CLIENT_CONF_FILE_NAME=groups-grpc-client.conf
|
||||
GROUPS_GRPC_SERVER_CN=groups
|
||||
GROUPS_GRPC_CLIENT_CN=groups-client
|
||||
GROUPS_GRPC_SERVER_CRT_FILE_NAME=groups-grpc-server
|
||||
GROUPS_GRPC_CLIENT_CRT_FILE_NAME=groups-grpc-client
|
||||
CLIENTS_GRPC_SERVER_CONF_FILE_NAME=clients-grpc-server.conf
|
||||
CLIENTS_GRPC_CLIENT_CONF_FILE_NAME=clients-grpc-client.conf
|
||||
CLIENTS_GRPC_SERVER_CN=clients
|
||||
CLIENTS_GRPC_CLIENT_CN=clients-client
|
||||
CLIENTS_GRPC_SERVER_CRT_FILE_NAME=clients-grpc-server
|
||||
CLIENTS_GRPC_CLIENT_CRT_FILE_NAME=clients-grpc-client
|
||||
CHANNELS_GRPC_SERVER_CONF_FILE_NAME=channels-grpc-server.conf
|
||||
CHANNELS_GRPC_CLIENT_CONF_FILE_NAME=channels-grpc-client.conf
|
||||
CHANNELS_GRPC_SERVER_CN=channels
|
||||
CHANNELS_GRPC_CLIENT_CN=channels-client
|
||||
CHANNELS_GRPC_SERVER_CRT_FILE_NAME=channels-grpc-server
|
||||
CHANNELS_GRPC_CLIENT_CRT_FILE_NAME=channels-grpc-client
|
||||
|
||||
define GRPC_CERT_CONFIG
|
||||
[req]
|
||||
@@ -51,7 +69,7 @@ It can be downloaded from $(DOWNLOAD_URL).
|
||||
|
||||
etc, etc.
|
||||
endef
|
||||
all: clean_certs ca server_cert clients_grpc_certs auth_grpc_certs
|
||||
all: clean_certs ca server_cert auth_grpc_certs domains_grpc_certs groups_grpc_certs clients_grpc_certs channels_grpc_certs
|
||||
|
||||
# CA name and key is "ca".
|
||||
ca:
|
||||
@@ -81,89 +99,53 @@ client_cert:
|
||||
# Remove CSR.
|
||||
rm $(CRT_LOCATION)/$(CRT_FILE_NAME).csr
|
||||
|
||||
clients_grpc_certs:
|
||||
# Clients server grpc certificates
|
||||
$(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(CLIENTS_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME).conf
|
||||
# Clients client grpc certificates
|
||||
$(file > $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(CLIENTS_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) )
|
||||
# Function to generate gRPC certificates (server or client)
|
||||
# Usage: $(call gen_grpc_cert,cert_file_name,common_name)
|
||||
define gen_grpc_cert
|
||||
$(file > $(CRT_LOCATION)/$(1).conf,$(subst <<SERVICE_NAME>>,$(2),$(GRPC_CERT_CONFIG)))
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
-keyout $(CRT_LOCATION)/$(1).key \
|
||||
-out $(CRT_LOCATION)/$(1).csr \
|
||||
-config $(CRT_LOCATION)/$(1).conf \
|
||||
-extensions v3_req
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
-in $(CRT_LOCATION)/$(1).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(1).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(1).conf \
|
||||
-extensions v3_req
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME).conf
|
||||
rm -rf $(CRT_LOCATION)/$(1).csr $(CRT_LOCATION)/$(1).conf
|
||||
endef
|
||||
|
||||
# Alternative: Single function that generates both server and client certs
|
||||
# Usage: $(call gen_grpc_cert_pair,server_cert_name,server_cn,client_cert_name,client_cn)
|
||||
define gen_grpc_cert_pair
|
||||
# Server certificate
|
||||
$(call gen_grpc_cert,$(1),$(2))
|
||||
# Client certificate
|
||||
$(call gen_grpc_cert,$(3),$(4))
|
||||
endef
|
||||
|
||||
auth_grpc_certs:
|
||||
# Auth gRPC server certificate
|
||||
$(file > $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(AUTH_GRPC_SERVER_CN),$(GRPC_CERT_CONFIG)) )
|
||||
$(call gen_grpc_cert_pair,$(AUTH_GRPC_SERVER_CRT_FILE_NAME),$(AUTH_GRPC_SERVER_CN),$(AUTH_GRPC_CLIENT_CRT_FILE_NAME),$(AUTH_GRPC_CLIENT_CN))
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
domains_grpc_certs:
|
||||
$(call gen_grpc_cert_pair,$(DOMAINS_GRPC_SERVER_CRT_FILE_NAME),$(DOMAINS_GRPC_SERVER_CN),$(DOMAINS_GRPC_CLIENT_CRT_FILE_NAME),$(DOMAINS_GRPC_CLIENT_CN))
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
groups_grpc_certs:
|
||||
$(call gen_grpc_cert_pair,$(GROUPS_GRPC_SERVER_CRT_FILE_NAME),$(GROUPS_GRPC_SERVER_CN),$(GROUPS_GRPC_CLIENT_CRT_FILE_NAME),$(GROUPS_GRPC_CLIENT_CN))
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_SERVER_CRT_FILE_NAME).conf
|
||||
# Auth gRPC client certificate
|
||||
$(file > $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf,$(subst <<SERVICE_NAME>>,$(AUTH_GRPC_CLIENT_CN),$(GRPC_CERT_CONFIG)) )
|
||||
clients_grpc_certs:
|
||||
$(call gen_grpc_cert_pair,$(CLIENTS_GRPC_SERVER_CRT_FILE_NAME),$(CLIENTS_GRPC_SERVER_CN),$(CLIENTS_GRPC_CLIENT_CRT_FILE_NAME),$(CLIENTS_GRPC_CLIENT_CN))
|
||||
|
||||
openssl req -new -sha256 -newkey rsa:4096 -nodes \
|
||||
-keyout $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).key \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-config $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
openssl x509 -req -sha256 \
|
||||
-in $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr \
|
||||
-CA $(CRT_LOCATION)/ca.crt \
|
||||
-CAkey $(CRT_LOCATION)/ca.key \
|
||||
-CAcreateserial \
|
||||
-out $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).crt \
|
||||
-days 365 \
|
||||
-extfile $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf \
|
||||
-extensions v3_req
|
||||
|
||||
rm -rf $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).csr $(CRT_LOCATION)/$(AUTH_GRPC_CLIENT_CRT_FILE_NAME).conf
|
||||
channels_grpc_certs:
|
||||
$(call gen_grpc_cert_pair,$(CHANNELS_GRPC_SERVER_CRT_FILE_NAME),$(CHANNELS_GRPC_SERVER_CN),$(CHANNELS_GRPC_CLIENT_CRT_FILE_NAME),$(CHANNELS_GRPC_CLIENT_CN))
|
||||
|
||||
clean_certs:
|
||||
rm -r $(CRT_LOCATION)/*.crt
|
||||
|
||||
+20
-21
@@ -1,23 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDyzCCArOgAwIBAgIUDIJg63dQVzoD9nmWi9YPscQwTgIwDQYJKoZIhvcNAQEN
|
||||
BQAwdTEiMCAGA1UEAwwZTWFnaXN0cmFsYV9TZWxmX1NpZ25lZF9DQTETMBEGA1UE
|
||||
CgwKTWFnaXN0cmFsYTEWMBQGA1UECwwNbWFnaXN0cmFsYV9jYTEiMCAGCSqGSIb3
|
||||
DQEJARYTaW5mb0BtYWdpc3RyYWxhLmNvbTAeFw0yMzEwMzAwODE5MDFaFw0yNjEw
|
||||
MjkwODE5MDFaMHUxIjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0Ex
|
||||
EzARBgNVBAoMCk1hZ2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAg
|
||||
BgkqhkiG9w0BCQEWE2luZm9AbWFnaXN0cmFsYS5jb20wggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQCWNIeGfo/SePOvviJE6UHJhBzWcPfNVbzSF6A42WgB
|
||||
DEgI3KFr+/rgWMEaCOD4QzCl3Lqa89EgCA7xCgxcqFwEo33SyhAivwoHL2pRVHXn
|
||||
oee3z9U757T63YLE0qrXQY2cbyChX/OU99rZxyd5l5jUGN7MCu+RYurfTIiYN+Uv
|
||||
NZdl8a3X84g7fa70EOYas7cTunWUt9x64/jYDoYmn+XPXET1yEU1dQTnKY4cRjhv
|
||||
HS1u2QsadHKi1hgeILyLbB4u1T5N+WfxFknhFHTu8PVPxfowrVv/xzmxOe0zSZFd
|
||||
SbhtrmwT4S1wJ4PfUa3+tYZVtjEKKbyObsAW91WzOLS9AgMBAAGjUzBRMB0GA1Ud
|
||||
DgQWBBQkE4koZctEZpTz9pq6a6s6xg+myTAfBgNVHSMEGDAWgBQkE4koZctEZpTz
|
||||
9pq6a6s6xg+myTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQA7
|
||||
w/oh5U9loJsigf3X3T3jQM8PVmhsUfNMJ3kc1Yumr72S4sGKjdWwuU0vk+B3eQzh
|
||||
zXAj65BHhs1pXcukeoLR7YcHABEsEMg6lar/E4A+MgAZfZFVSvPpsByIK8I5ARk+
|
||||
K1V/lWso+GJJM/lImPPnpvUWBdbntqC5WtjoMMGL9uyV3kVS6yT/kJ2ercnPzhPh
|
||||
uBkL1ZH3ivDn/0JDY+T8Sfeq08vNWaTcoC7qpPwqXhuT0ytY7oaBS5wmPcvvzpZg
|
||||
6zZYPZfhjhdEFYY1hDrrPYNYO72jncUnwQVp3X0DQpSvbxp681hVkcEtwHB2B8l0
|
||||
tBGhgoH+TqZs0AUjoXM0
|
||||
MIIDszCCApugAwIBAgIUBgtQC4/Ush4nrvs/4Jkand4QPLQwDQYJKoZIhvcNAQEN
|
||||
BQAwaTEfMB0GA1UEAwwWU3VwZXJNUV9TZWxmX1NpZ25lZF9DQTEQMA4GA1UECgwH
|
||||
U3VwZXJNUTETMBEGA1UECwwKc3VwZXJtcV9jYTEfMB0GCSqGSIb3DQEJARYQaW5m
|
||||
b0BzdXBlcm1xLmNvbTAeFw0yNTA3MjMwNzEzMDBaFw0yODA3MjIwNzEzMDBaMGkx
|
||||
HzAdBgNVBAMMFlN1cGVyTVFfU2VsZl9TaWduZWRfQ0ExEDAOBgNVBAoMB1N1cGVy
|
||||
TVExEzARBgNVBAsMCnN1cGVybXFfY2ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ac3Vw
|
||||
ZXJtcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRmfs6V8a
|
||||
1Mz4DUlwi6Mrt9xnj+KgyheRQSjjruHIEb89zOfsCGZ/sjQt8kK90jmKdLNoqndV
|
||||
m1lfViAJXJbp9uBmShPy2/FT4U8Vi9t4fRcHxtG7m/gPD6B/BX4FdiLqDv9Xof7V
|
||||
zLigEb0z2db9Ak/2z0FmDBrGw2tG9Y6iP/zAsu8oUpyoW7uQlCYM+Ew2a/kyfqsr
|
||||
Z4sRb6muzFr3o7rETdJwLpZRcq0n1GHhvDB8u7pgrXA4OvZlRVRf8PYWK+YUhfw/
|
||||
bsqTeF4oPWOLhvR1woqOTjhG48g0kUlnVFPOzxWzvTFKD84iFSFeWRXS6jK+XD+O
|
||||
x+SOea5MhObrAgMBAAGjUzBRMB0GA1UdDgQWBBTeDyUKASdanSgVVUWY2JIMrhCP
|
||||
uzAfBgNVHSMEGDAWgBTeDyUKASdanSgVVUWY2JIMrhCPuzAPBgNVHRMBAf8EBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBDQUAA4IBAQBH/wz4Md3OFzPgZpYdfXL+xy54diaQGRiR
|
||||
/xPdqMJyRmO861Ir0h8xtAkagIncHw3IC/Ug8ifO52c2fPiY3XRoDPCAvMR/3squ
|
||||
GBYa4dZGqKOulHBx+dxJTbJxRQohEbu/CueE0kKEyqAR4lXKZqax7QNAfu+e3hW4
|
||||
fvj2lwLo17Ya5xu82BBqBNcQduwY5RtzXKHbgZvW5HcTA3sbxQtuTb2lEyT3gRvu
|
||||
dcOEP2jLPLT+OG6SWBWtTi5fCS+19HZ2Q1e0Uk0+vStVV99MbeR6XARTNbX4EUM0
|
||||
0nEAJ6wr+ACPtSMKjIUiQbNeb2+OL52DHY9EU2TxLo7UbkFvaofk
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
+26
-26
@@ -1,28 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCWNIeGfo/SePOv
|
||||
viJE6UHJhBzWcPfNVbzSF6A42WgBDEgI3KFr+/rgWMEaCOD4QzCl3Lqa89EgCA7x
|
||||
CgxcqFwEo33SyhAivwoHL2pRVHXnoee3z9U757T63YLE0qrXQY2cbyChX/OU99rZ
|
||||
xyd5l5jUGN7MCu+RYurfTIiYN+UvNZdl8a3X84g7fa70EOYas7cTunWUt9x64/jY
|
||||
DoYmn+XPXET1yEU1dQTnKY4cRjhvHS1u2QsadHKi1hgeILyLbB4u1T5N+WfxFknh
|
||||
FHTu8PVPxfowrVv/xzmxOe0zSZFdSbhtrmwT4S1wJ4PfUa3+tYZVtjEKKbyObsAW
|
||||
91WzOLS9AgMBAAECggEAEOxEq6jFO/WgIPgHROPR42ok1J1AMgx7nGEIjnciImIX
|
||||
mJYBAtlOM+oUAYKoFBh/2eQTSyN2t4jo5AvZhjP6wBQKeE4HQN7supADRrwBF7KU
|
||||
WI+MKvZpW81KrzG8CUoLsikMEFpu52UAbYJkZmznzVeq/GqsAKGYLEXjauD7S5Tu
|
||||
GeGVKO4novus6t3AHnBvfalIQ1JUuJFvcd5ZDhPljlzPbbWdM4WpRPaFZIKmfXft
|
||||
G7Izt58yPCYwhxohjrunRudyX3oKvmCBUOBXC8HdHzND/dLxwlrVu7OjmXprmC6P
|
||||
8ggNpjAPeO8Y6+EKGne1fETNsKgODY/lXGOwECY4eQKBgQDSGi3WuoT/+DecVeSF
|
||||
GfmavdGCQKOD0kdl7qCeQYAL+SPVz4157AtxZs3idapvlbrc7wvw4Ev1XT7ZmWUj
|
||||
Lc4/UAITR8EkkFRVbxt2PvV86AiQtmXFguTNEX5vTszRwZ2+eqijZga5niBkqyAi
|
||||
SRuTwR8WrDZau4mRNnF8bUl8dQKBgQC3BKYifRp4hHqBycHe9rSMZ8Xz+ZOy+IFA
|
||||
vYap1Az+e8KuqlmD9Kfpp2Mjba1+HL5WKeTJGpFE7bhvb/xMPJgbMgtQ/cw4uDJ/
|
||||
fwv4m6arf76ebOhaZtkT1vD4NyiyB+z6xP0TRgQRr2Or98XBSvGAYDXIn5vL7fUg
|
||||
KrDF0ePuKQKBgDfaOcFRiDW7uJzYwI0ZoJ8gQufLYyyR4+UXEJ/BbdbA/mPCbyuw
|
||||
MkKNP8Ip4YsUVL6S1avNFKQ/i4uxGY/Gh4ORM1wIwTGFJMYpaTV/+yafUFeYBWoC
|
||||
J+zT77aLTiucuuB+HwKBBtylSps4WqyCntAikK8oTLLGFAYEYRrgup5ZAoGAbQ8j
|
||||
JNghxwFCs0aT9ZZTfnt0NW9auUJmWzrVHSxUVe1P1J+EWiKXUJ/DbuAzizv7nAK4
|
||||
57GiMU3rItS7pn5RMZt/rNKgOIhi5yDA9HNkPTwRTfyd9QjmgHEMBQ1xfa1FZSWv
|
||||
nSWS1SsLnPU37XgIMzShuByMTVhOQs3NqwPo7AkCgYAf8AzQNjFCoTwU3SJezJ4H
|
||||
9j1jvMO232hAl8UDNtqvJ1APn87tOtnfX48OMoRrP9kKI0oygE3pq7rFxu1qmTns
|
||||
Zir0+KLeWGg58fSZkUEAp6kbO5CKwoeVAY9EMgd7BYBqlXLqUNfdH0L+KUOFKHha
|
||||
7e82VxpgBeskzAqN1e7YRA==
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMRmfs6V8a1Mz4
|
||||
DUlwi6Mrt9xnj+KgyheRQSjjruHIEb89zOfsCGZ/sjQt8kK90jmKdLNoqndVm1lf
|
||||
ViAJXJbp9uBmShPy2/FT4U8Vi9t4fRcHxtG7m/gPD6B/BX4FdiLqDv9Xof7VzLig
|
||||
Eb0z2db9Ak/2z0FmDBrGw2tG9Y6iP/zAsu8oUpyoW7uQlCYM+Ew2a/kyfqsrZ4sR
|
||||
b6muzFr3o7rETdJwLpZRcq0n1GHhvDB8u7pgrXA4OvZlRVRf8PYWK+YUhfw/bsqT
|
||||
eF4oPWOLhvR1woqOTjhG48g0kUlnVFPOzxWzvTFKD84iFSFeWRXS6jK+XD+Ox+SO
|
||||
ea5MhObrAgMBAAECggEAFbxqI4njjknVc5GKXnjlSGocgEKNtVk7r7+Ut8Fskerd
|
||||
hBhxFyr/qRfPuJHeKy+a4tIvIvR8lTXeCShzaTuabVPRJeE9BSsFH01KqnrCxCvf
|
||||
TvsHZySd/RBHHiz571/WMDyfS/ZXVO2fOZ0ZmlJUL4DW/GaqSU8BbGPv3tGTN01S
|
||||
Dqa0XqFByldjg+Yles1kymhf1aaDY/K08BLf/d8fZSYngBq2wCfY0DAU7NjE8yLx
|
||||
UJDqkyF0LWPE/LOJfTalioE4LRVq2+9sVFzfnVjCkmBp6oeoOu/PxiOA6cDJz8Tq
|
||||
i4l2WFapUxTQH+wl/2sxmMdb1ovPD9rMYajANm/ZRQKBgQDnlmaKJnUINoBDd6GF
|
||||
UDfu0aR1vX59IEIHjwu78YQPxFG+PjqwVo5wh+5mqm0O/mQ9zphBp9fCKlFF4Ssn
|
||||
ZAarfjWqpyAuP1yt3q8WfgTeQVHz7DfvcHOZjptxbDZ9n+AQaC6f8shYuIk7z5A9
|
||||
Errld8qEPNOqPx/fKD1rId1jHwKBgQDhzvQM2nPIjTMxo75uHZRrRwmxhxYOyTq8
|
||||
jAigo3PSj2NdAe2Cpzt9I2fuRwKPqmQsoJV9KYjaIYSmDfxSu0Ng0PH3k0w4OixG
|
||||
5PFeWAfh4whxepj8omU2X1K1MT9MK/DF//dEHDffiNavOR+z1c6lY8VL3l5mJpBt
|
||||
DYBiG0nutQKBgQCMy9+jdiYIzDnGyuCkUFTxGPvHqWFRaV87gTg9F2SWwWCBLQw5
|
||||
USZgPAQw3sRXLUp8WTIwGH8QSPIIbhDybdmwQZcXHWxvMY6DFrOUFSGYjlXo2mBX
|
||||
biKZ5R2UI5otXhm3X9+Y1t3/MpIcjuC+gLin8eBp7SEyjBYwciKFE52pOQKBgFsM
|
||||
MDlSh+bwkBjO1kTeJm8PCKiNOGaj2swVhpEG9veKm1zwHw1UUtdFRG2+MhktchDQ
|
||||
exYpfiW96BdwgjH1kdhix3205cGyKxI209/fjOYWvdvLvA35iOfgjZ/DiKs0+HNN
|
||||
nyzWV+0I5s9mMBM5/YWQcggCVHvJxuhBzmdAa5IVAoGAJZLLNUpPhTp9iccxwiPZ
|
||||
SI0wkLz1u9O9uWj5+fFlgICxFpXMShQBxQvsmAM2YZ8EWrUsp0jmFxmP1ci8/iP/
|
||||
qeCUjPHkkwcq8K8mor4FkRAsauQAVNT/GpIPhE52qe1lVPEIWNg9JSwu340jS6k8
|
||||
bm/OZptHULi5lzIhKq6zYzk=
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
@@ -1,26 +1,27 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYjCCA0oCFGXr7rfGAynaa4KMTG1+23EEF0lYMA0GCSqGSIb3DQEBCwUAMHUx
|
||||
IjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0ExEzARBgNVBAoMCk1h
|
||||
Z2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAgBgkqhkiG9w0BCQEW
|
||||
E2luZm9AbWFnaXN0cmFsYS5jb20wHhcNMjMxMDMwMDgxOTA4WhcNMjYwNzI2MDgx
|
||||
OTA4WjBmMRIwEAYDVQQDDAlsb2NhbGhvc3QxEzARBgNVBAoMCk1hZ2lzdHJhbGEx
|
||||
FzAVBgNVBAsMDm1hZ2lzdHJhbGFfY3J0MSIwIAYJKoZIhvcNAQkBFhNpbmZvQG1h
|
||||
Z2lzdHJhbGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAojas
|
||||
t6M294uS5q8oFmYM6DULVQ1lY3K659VusJshjGvn8bi50vhKo8PpxL6ygVpjWcHG
|
||||
+/gclQnTaYZumC1TUohibpBnrFx1PZUvGiryAPudFY2nC5af5BQnYGi845FcVWx5
|
||||
FNLq+IsedgSZf7FuGcZruXiukBCWVyWJRJh+8FDakc65BPeG9FpCxbeLZ1nrDpnQ
|
||||
bhHbwEQrwwHk0FHZ/3cuVFJAjwqJSivJ9598eU0YWAsqsLM3uYyvOMd8alMs5vCZ
|
||||
9tMCpO2v6xTdJ6kr68SwQQAiefRy6gsD5J5A4ySyCz7KX9fHCrqx1kdcDJ/CXZmh
|
||||
mXxrCFKSjqjuSn2qtm+gxvAc26Zbt5z5eihpdISDUKrjW11+yapNZLATGBX8ktek
|
||||
gW467V9DQYOsbA3fNkWgd5UcV5HIViUpqFMFvi1NpWc2INi/PTDWuAIBLUiVNk0W
|
||||
qMtG7/HqFRPn6MrNGpvFpglgxXGNfjsggkK/3INtFnAou2rN9+ieeuzO7Zjrtwsq
|
||||
sP64GVw/vLv3tgT6TIZmDnCDCqtEGEVutt7ldu3M0/fLm4qOUsZqFGrIOO1cfI4x
|
||||
7FRnHwaTsTB1Og+I7lEujb4efHV+uRjKyrGh6L6hDt94IkGm6ZEj5z/iEmq16jRX
|
||||
dUbYsu4f1KlfTYdHWGHp+6kAmDn0jGCwz2BBrnsCAwEAATANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAKyg5kvDk+TQ6ZDCK7qxKY+uN9setYvvsLfde+Uy51a3zj8RIHRgkOT2C
|
||||
LuuTtTYKu3XmfCKId0oTXynGuP+yDAIuVwuZz3S0VmA8ijoZ87LJXzsLjjTjQSzZ
|
||||
ar6RmlRDH+8Bm4AOrT4TDupqifag4J0msHkNPo0jVK6fnuniqJoSlhIbbHrJTHhv
|
||||
jKNXrThjr/irgg1MZ7slojieOS0QoZHRE9eunIR5enDJwB5pWUJSmZWlisI7+Ibi
|
||||
06+j8wZegU0nqeWp4wFSZxKnrzz5B5Qu9SrALwlHWirzBpyr0gAcF2v7nzbWviZ/
|
||||
0VMyY4FGEbkp6trMxwJs5hGYhAiyXg==
|
||||
MIIEljCCA36gAwIBAgIUGuMVJ6ZX3bZuW4ohQRIbMewMWQ4wDQYJKoZIhvcNAQEL
|
||||
BQAwaTEfMB0GA1UEAwwWU3VwZXJNUV9TZWxmX1NpZ25lZF9DQTEQMA4GA1UECgwH
|
||||
U3VwZXJNUTETMBEGA1UECwwKc3VwZXJtcV9jYTEfMB0GCSqGSIb3DQEJARYQaW5m
|
||||
b0BzdXBlcm1xLmNvbTAeFw0yNTA3MjMwNzEzMDBaFw0yODA0MTgwNzEzMDBaMF0x
|
||||
EjAQBgNVBAMMCWxvY2FsaG9zdDEQMA4GA1UECgwHU3VwZXJNUTEUMBIGA1UECwwL
|
||||
c3VwZXJtcV9jcnQxHzAdBgkqhkiG9w0BCQEWEGluZm9Ac3VwZXJtcS5jb20wggIi
|
||||
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCLCEiNS02IQRmzjfwESy4WmvFc
|
||||
vLl54/5L4/I5ftLNtorng4VZj9KPNPdntosp60uzoghqSi6T1cdGjUxJZkNGBVag
|
||||
nAOBVDoC3QtwYoahpBkSE1BybZub0o1YXeEI+e7RIsB+qQUXFzyMcBhcwAFvVKOL
|
||||
E61whCNXVFBC00XJkJWCEbd+XomkPouyHN4tnhPp7anuEL3r2WL07wgRgrgvqx0V
|
||||
U3SqDFm2oXFq610m7Da9MYQ3oVyIHeNoXWoRXZOrOkwwSAIcQTaJ07pkCWXSDK/P
|
||||
osi1+7BGVVEImckyulHCwGvg863pIkK2xA28E5pea1NaY1qdxHrpYKgFUOgWk/q8
|
||||
MM4IL2fhUrWEqmM7a7C8zxwA0d2yUIV6OGk1y7SCu4Eo7d31qupjSuCiEpEnYdN0
|
||||
7TIbvsi1wYWRN4bB6rDm7M/aD5nJG8Xb4VgkYO/kMnRX/vTZvi/ncDEAUmMw58To
|
||||
hl2geTXJBcMxlTu62VQHrixi/ABBKvvaYPW4FQvXQJ5ojtb1thB0gWen8FedGvIs
|
||||
fbyzOdThev1vcHHGCPDO0N0lkgFK8H1KW53mLrCydCEtRVkvkhGHQlCs4OgC02fv
|
||||
bIYOzKzgKwaqVSE9HeN2kuk7g6fJV++6ambYhthG38K6FzvG5O2KNMo8x3UaOQVk
|
||||
bXhK5eM+rqV7j4uuHwIDAQABo0IwQDAdBgNVHQ4EFgQUfK2l0ApU2KGqElQb5HIE
|
||||
UDFdMPwwHwYDVR0jBBgwFoAU3g8lCgEnWp0oFVVFmNiSDK4Qj7swDQYJKoZIhvcN
|
||||
AQELBQADggEBAMjOq2HsTaBesO4ZXRKrq4Zgt0Em6Q2t3Klaxn/jSkOLART1t5CR
|
||||
tdq6tlVJVqTqpJEo01W/EZsza4H7jSUUw6zcY74y1CaWpu2IDYXLdzbv6Ricfcec
|
||||
x7dOdwPgSGi98FaspdrR2ubhTvnwMTH34dYdhjd2zLuV13XsXK54SmtFAkTPQX3J
|
||||
6nWvhg8Qgx70eapMbRa6Kw5DkLw9KICZRgDNcHzagCcbDEkq1Tc4Y1umPK+ASJHN
|
||||
04xpAX/E4plHANTHzJG8icncYJbC0EIwbDSDzagjd+brjELsRkKPxALMzlts1VhH
|
||||
jyug1dLfavK3qngPeGe8xss1l2LjmzsnISk=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -1,52 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiNqy3ozb3i5Lm
|
||||
rygWZgzoNQtVDWVjcrrn1W6wmyGMa+fxuLnS+Eqjw+nEvrKBWmNZwcb7+ByVCdNp
|
||||
hm6YLVNSiGJukGesXHU9lS8aKvIA+50VjacLlp/kFCdgaLzjkVxVbHkU0ur4ix52
|
||||
BJl/sW4Zxmu5eK6QEJZXJYlEmH7wUNqRzrkE94b0WkLFt4tnWesOmdBuEdvARCvD
|
||||
AeTQUdn/dy5UUkCPColKK8n3n3x5TRhYCyqwsze5jK84x3xqUyzm8Jn20wKk7a/r
|
||||
FN0nqSvrxLBBACJ59HLqCwPknkDjJLILPspf18cKurHWR1wMn8JdmaGZfGsIUpKO
|
||||
qO5Kfaq2b6DG8Bzbplu3nPl6KGl0hINQquNbXX7Jqk1ksBMYFfyS16SBbjrtX0NB
|
||||
g6xsDd82RaB3lRxXkchWJSmoUwW+LU2lZzYg2L89MNa4AgEtSJU2TRaoy0bv8eoV
|
||||
E+foys0am8WmCWDFcY1+OyCCQr/cg20WcCi7as336J567M7tmOu3Cyqw/rgZXD+8
|
||||
u/e2BPpMhmYOcIMKq0QYRW623uV27czT98ubio5SxmoUasg47Vx8jjHsVGcfBpOx
|
||||
MHU6D4juUS6Nvh58dX65GMrKsaHovqEO33giQabpkSPnP+ISarXqNFd1Rtiy7h/U
|
||||
qV9Nh0dYYen7qQCYOfSMYLDPYEGuewIDAQABAoICACvgzTyJTkOMwipbQ+U3KpOf
|
||||
UZbqnjvV23/9iEkGVX9V6vJETSOnnQ0KYBAjo0aBLDGpzIj41sZr13+KaR0J2amQ
|
||||
EcwljJ2fjukfExQpfLfOV/HuFLr6Pfrkhrg57KpD9i13P5Nl8EBV5WH4IYtcc9NO
|
||||
DHKpldKLYhdlpGllNKUNwenB+ONCj4NGbRxtZyyIMqCK88nqU76A0jOYLgw5r9W+
|
||||
J86QRz1KFNP231V3kyR+ubCLKLuOZuruhrE9qMZcBF/dwk/1SRhS4QyeYqopRSOr
|
||||
2x9iCXFisbjkTOPI+PVYRj7rd7OQOxuIX7V+LQSPLHTEK2XItW0VZOZpBLgqoQP1
|
||||
Eu19LOOs77DI5FBia1qhSpjjVGOE6koQmCki8KSFZM+CzuflTPkWNVvTNzjKrhUj
|
||||
Rbezx40VVFt+q38bsTjWJbimMSo1jChianwjtotGnGpC6pD0KnHsBmfceWaL7+eC
|
||||
n9KtSeAbnXlFN/rHdK7ZeP/PTSjHa+6i1awGZxhwdVsERJy/2xwZzh3uMLS2ZhXM
|
||||
Tuh1D5GzlUlkMP8K23rfaXnaOXkwYxHFGi23NmxHGSqzA3TVVreWLqRSZJd/Ar67
|
||||
9Pl4S9p9f+Xkvq8tQANfoaTbjc//dpK8rjCKnwdWA3cL7eekq9sm4+lTmik9Bn2v
|
||||
Bo+3/89Fr1FvlkuQvktJAoIBAQDNuc2r/9sthHZg1hOCFd5XmnMX/mXNPs+SDPRW
|
||||
/VZBHjxGApz+CoZS7qk0q7f/vzYFTB6N3778f7RsgwrZYSD4I4jumvSFNFsxsHCY
|
||||
K3O4kkd2YaFaZPwUYbbAcBr6nVnW/9b1aagEfWIMQ18FHLaQ6u2OfUOcNDGZEqwj
|
||||
YqJmZr8plhWLeKP2c673j6g/ztnL0w77y3LnIuLjFGex17l1lQzbUgOPSKyoQj03
|
||||
d5eRoJv2aQTaOXaBzGrDtBDDd3BpXrriJEMqSZbZFRLM28jD+VuHjfHOZRUMy1hw
|
||||
vZCifRrBYA6Frko7ZweRxIkcOwQsQjV/tkzVkg9FHrVhMKQTAoIBAQDJ2r+lR73d
|
||||
va1JjWoXKe5qAWtprRyI8DpJM/G2/V/V3+RVOGgBeRlu6WDiMpMd9hFB6bAmX+1y
|
||||
S17svw1f4DQskkTKi9EWBsWRnh2Pnd4q91TjKFsBuci8/EtAXb7C0KV5nEtasEUJ
|
||||
klMmO1evAXMhn7VzmE3Ic/ttcQHxQZ+TC4G5dGsYcideJ5zOeEIATtFypDNG/0Bw
|
||||
rvmBbIIylY2KwUAx3UexRgH1hRSecTzkokT39WJbefUg952h7yZXrrhb71AfWLTC
|
||||
A5MJeArqPK6z/RMxDyvnk7xW326dtBBgqYyTOIHCANRB1kAG0xEyia/WI94uyNfH
|
||||
YfIHglDFGIj5AoIBAEVVNEqeXPi3Jso1+7cgtaFijR1uAFMusvfu474ZfSNPFFMn
|
||||
+E7pryFuC5qTsNxBTex1HesEmDIyu9TCSTq/sEPQfgqkMHpgDcfuRdQS+NogenMc
|
||||
Livv0sDvuY6beYwy0Z9S89gbtqNkulGVtwVbCvBGLK+T6eBP+tMy5s66JC9Mu2pB
|
||||
iZtKmj+p9zK5uKNgjChURj138I6TRFHxg4z9PiSxifa0ajy06nN+d3ElHfDXZxih
|
||||
hiAhs53FDcpM+kVWEI2CfotOW1B6IpugrYhbHgtmE4HYxcCgcnqwYWsFiCQq84Ru
|
||||
YhaNibkBXRy0Vt0rypk76xnSj4x+wCS0V76cjP8CggEAHXdoaJlLdzY8OLODHDSL
|
||||
0D+6zWdu9fKTn6IMlBjyx4byjxo33JcwBkfdU8fsQABuzn9trnxsbjXgepD9Q9S3
|
||||
6RXFIwg8EooUh0hcql1yVDVc1/hJKLxVOHlgBtpogYnxzgnp2ihHO7l3l+orx6lf
|
||||
hDYLR/+gwzVjK7vGe9CHmfChFFCRXbU0WANSWbWmdOMMoj6kGaYjYw+37pPHgdjh
|
||||
G7NQSrcxwwgkOxIdS2/eYsXpaYURwabRCOn8wenmYABqe0k5GgpaAMSCz2wNs9n9
|
||||
6tpz1cKQNzMS2F+vhygFCAdYNRmXn5l9YssC97wSE52T5J/BzHSXQ0ziBwSYA92s
|
||||
CQKCAQAFPujh1HhOBtn3FOT3I2jNSTv9OJsmAeiFrhVfIw+Ij8XzzUf0aV04Et/R
|
||||
/EetirP6WjNQuJ5/YYVUFWj07vSl20YP7NtDGFUlvWugJUvQByidHt5DkmehBWax
|
||||
cfp5LWwZ4W/wm4F/DtPkgEXgEwY/TMXHvhvN6+JaQPO7iemWL7qsRAPea0oDLkMm
|
||||
0phT3hKgcnbyewH6GU53KQgr2hUzhgGOKibAo+4ud9lY6M/X1axCepetKMl78Cz9
|
||||
rK2MgJOhDr6Nu/K2bKL8Q3zSB1n1WRNaTVnH6wY4j/FpeQvVv+qTAbZhJm7cRT5m
|
||||
+C7JCqJGg66liqIMq6YyYXK//Ddl
|
||||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCLCEiNS02IQRmz
|
||||
jfwESy4WmvFcvLl54/5L4/I5ftLNtorng4VZj9KPNPdntosp60uzoghqSi6T1cdG
|
||||
jUxJZkNGBVagnAOBVDoC3QtwYoahpBkSE1BybZub0o1YXeEI+e7RIsB+qQUXFzyM
|
||||
cBhcwAFvVKOLE61whCNXVFBC00XJkJWCEbd+XomkPouyHN4tnhPp7anuEL3r2WL0
|
||||
7wgRgrgvqx0VU3SqDFm2oXFq610m7Da9MYQ3oVyIHeNoXWoRXZOrOkwwSAIcQTaJ
|
||||
07pkCWXSDK/Posi1+7BGVVEImckyulHCwGvg863pIkK2xA28E5pea1NaY1qdxHrp
|
||||
YKgFUOgWk/q8MM4IL2fhUrWEqmM7a7C8zxwA0d2yUIV6OGk1y7SCu4Eo7d31qupj
|
||||
SuCiEpEnYdN07TIbvsi1wYWRN4bB6rDm7M/aD5nJG8Xb4VgkYO/kMnRX/vTZvi/n
|
||||
cDEAUmMw58Tohl2geTXJBcMxlTu62VQHrixi/ABBKvvaYPW4FQvXQJ5ojtb1thB0
|
||||
gWen8FedGvIsfbyzOdThev1vcHHGCPDO0N0lkgFK8H1KW53mLrCydCEtRVkvkhGH
|
||||
QlCs4OgC02fvbIYOzKzgKwaqVSE9HeN2kuk7g6fJV++6ambYhthG38K6FzvG5O2K
|
||||
NMo8x3UaOQVkbXhK5eM+rqV7j4uuHwIDAQABAoICAC2foD9NkLm/szFqzGKUUSF1
|
||||
4vJts+e923sH6DrZ1U9QMbDbRe0n9w6rcOyFyJEO956Q83X9td8pbeVHBNupRTY7
|
||||
FjxKNhRAkXDTHKfajReKA/gcgm+qbD/sDhoLZIdPjQDwCH8H8/Wp2GK1fikhkNb5
|
||||
zVkcMfQUSIylzFjBf8svOQCf07kSSNSu+aSPOJF7qElBhlvq/ofgpEqADgPBA7QQ
|
||||
0NBovIX424/E1rUhW0Ykian4D805lGXOeQuMa/wa2xR7YvkNCDRBaiY8ZpPhSZpu
|
||||
M1tNrdOaLjRGVvsdjBqrbZ0dC8mb7VvttDrJh0BKpoOJcKbep6PSEAt5fmmQLTiP
|
||||
nk3Z0ZF51VUfJII5xAvgP9EbeQqMB37WlZXwRD/k2Rg0F2x2XkEkI0m94xZPPQlf
|
||||
b8nKnsAQ2gekmPfCv+4BokxMY6f9fDrEhvC93KOCh/euCJkKMmMyq7AmIxKyzOYB
|
||||
6BX85nlY7P6dneeqLXVW+QZYX0XWGxtL8k0Gl4NCei93DrP2KyzCkR5R2xucGTTQ
|
||||
9DCiLBtOR2WvzSMNnueSLAPicVD7/9VrjWSTejjjJzqOgPe7LWW64zbyN0zxFy9t
|
||||
J1tVTDjl/AQqwHtAWW+mx0Ghdke4jNuC9aW73k2SYFB3CmYoUhXqlSy/PyDKeyJs
|
||||
viofzwmvFRnEmjgdPOqhAoIBAQDDSHVyF30aR9uhf59Pz087OxRYGm4PUmsEO6k5
|
||||
PIdwSrNwFADqvWIg3VjDwibgOhZlrALDYL0hxdbEsjuVs0hvU0z76qjnPO9ohYoN
|
||||
2eTawXjZK895vnSi/taF/yA/UPNmR/zJJM+iH3R685mNq20zo2r8100vW9SkFgxk
|
||||
zzRM2hqSKbArrfGKJSf092TUQaSvsYiNuEqcEYCiKBtr2EYAqsXaQ38CMmifQlot
|
||||
oNnI99PsB/h2GmrQa3Zm9pKOoUXqfD+8tIDOpU9J1zc+HRjk/GuId4aWGrZFXvk0
|
||||
z8029jUQrc/W0+ECQROUeKZG31NjcqyG2HyxVulKXPjLbpH5AoIBAQC2Qo4R+WD5
|
||||
eaU4J555565VmkgHqFffKPGpg0HYXcsstyWtX8Uef0OKwpLDV3k9lb5kTBg258m0
|
||||
DjijchPO67ml1ZEyDnIRDX9j23sG7KBVpPorNn+VSgsN66JbExUeYm/91Rq5GQez
|
||||
CfS15Vy/lLCJo/qALMDKdu9uSSQV2x5pHU+hEwDATgB18ACXd9bX8IjO8g6va09g
|
||||
PJsEjrq2s91L6kHVX+y6478EtC/y9ez6qMdq/N9vT+YnmqoEG22eVtNVEWQpht5p
|
||||
Mv0ZOFRkdAMUd235tWypsX+7M9/In58ZiEg9d0XIOUGzyLsLHqni1rZWVv/StR57
|
||||
acduqdOZLUbXAoIBAQCn4aH+DI1jS4VYSJQYE5wEypyJxWb6yxrvT68CYrP46G9s
|
||||
mfXT2C4FHOVTnZS4TZe1nnPdrUvLPf6NqMAqyS8rbYyQQcMk0DDtRWhS0hC5s3wG
|
||||
D3DVM9On0LdyCMubQyeMtbRu47OQp8QGc2d98HL34rR2W02iuiqLSd0rySooK5SO
|
||||
NUKbunUdEyZPpWNMSoae+Fvxog6aLz3Lqfkw9IPxzN487qvAor9osq097rtr1wqc
|
||||
Lpn+RmWvecMXb0C9V434sQpGW1Mk097fFyMJxhABw7NaZY8RejNaXfSV31OHvZAP
|
||||
H62+/PXCb1m62SHxacqRgyMo5fIErzft0xGcKhlZAoIBABZ7VzL4Y/HiA3NNz8qR
|
||||
vXtpsIDhTxWD42tZeYHK8Ajv/oHIUnRUlmxDW/8khxwFoJqWmFYNeV/wcSQYKkFX
|
||||
6mp+UY6vIXrhA1m59Q8BmTV3SDSUYGB15a8t5bT+QZih49aXttgmMkDvdXQKespW
|
||||
+P/BbmDpJE7VJOuhsgXQJYwpxWzE/065UG070ZbdfW7diMKeMRmKTxw73ZNOV9G5
|
||||
lg6LMtuzHWxgM2vNHi0GENlKgG6+CoGchXNVLKudBoSFiUPxBT3qGP05AOdff2l0
|
||||
tfyMTtCChIjaEDtzRqNkrSdlHCQY1k7AYU5f8FKK0cHdYlh8GspO9RecELGh2SwH
|
||||
3bkCggEBAKsUi3SEvdmUndpaC9e8rBD4DeSnuu5UrZiOY2xRFHID+yd3u1Jc44CR
|
||||
PazSKYLOBJ2TSMI+EXuLTKZVmCrQBMt54Sh2NdTzIba0Wfx4zigS/3nZn1UPc1Ew
|
||||
Z5ShZHAGc9PAPOFFhzO4K1l0zY+q45f96cdLRkIawBHDwcX2r+aQquZdPkl4xvxU
|
||||
CUDhbg/Bev0L85UO5rCCt2lLtolXbJvHUnD31RaAdJu6e2csPQOE7qThxCoI162J
|
||||
O7DUKRSOURcgWuor+pqyqmBMoE4sZj5sLXdPj0LgkATs2tPlTDcpI/pJunPhyir8
|
||||
uEvXbfqi689/4ksIwzuP1NaLwzhQ1BE=
|
||||
-----END PRIVATE KEY-----
|
||||
|
||||
@@ -1,73 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) Abstract Machines
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
mkdir -p docker/ssl/certs
|
||||
cd docker
|
||||
|
||||
if [ ! -f ssl/certs/ca.key ] || [ ! -f ssl/certs/ca.crt ]; then
|
||||
echo "Generating new CA certificates..."
|
||||
openssl genrsa -out ssl/certs/ca.key 4096
|
||||
openssl req -new -x509 -days 365 -key ssl/certs/ca.key -out ssl/certs/ca.crt -subj "/C=FR/ST=Paris/L=Paris/O=SuperMQ/OU=SuperMQ/CN=SuperMQ Root CA"
|
||||
else
|
||||
echo "Using existing CA certificates..."
|
||||
fi
|
||||
|
||||
generate_cert() {
|
||||
local name=$1
|
||||
local type=$2
|
||||
local cn="$3"
|
||||
|
||||
openssl genrsa -out "ssl/certs/${name}-grpc-${type}.key" 4096
|
||||
|
||||
openssl req -new \
|
||||
-key "ssl/certs/${name}-grpc-${type}.key" \
|
||||
-out "ssl/certs/${name}-grpc-${type}.csr" \
|
||||
-subj "/C=FR/ST=Paris/L=Paris/O=SuperMQ/OU=SuperMQ/CN=${cn}"
|
||||
|
||||
cat > "ssl/certs/${name}-grpc-${type}.ext" << EOF
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = localhost
|
||||
DNS.2 = ${name}
|
||||
EOF
|
||||
|
||||
openssl x509 -req \
|
||||
-in "ssl/certs/${name}-grpc-${type}.csr" \
|
||||
-CA ssl/certs/ca.crt \
|
||||
-CAkey ssl/certs/ca.key \
|
||||
-CAcreateserial \
|
||||
-out "ssl/certs/${name}-grpc-${type}.crt" \
|
||||
-days 365 \
|
||||
-extfile "ssl/certs/${name}-grpc-${type}.ext"
|
||||
|
||||
rm "ssl/certs/${name}-grpc-${type}.csr" "ssl/certs/${name}-grpc-${type}.ext"
|
||||
}
|
||||
|
||||
# Generate server certificates
|
||||
generate_cert "auth" "server" "auth.supermq.local"
|
||||
generate_cert "groups" "server" "groups.supermq.local"
|
||||
generate_cert "channels" "server" "channels.supermq.local"
|
||||
generate_cert "clients" "server" "clients.supermq.local"
|
||||
|
||||
# Generate client certificates
|
||||
generate_cert "auth" "client" "auth-client.supermq.local"
|
||||
generate_cert "domains" "client" "domains-client.supermq.local"
|
||||
generate_cert "groups" "client" "groups-client.supermq.local"
|
||||
generate_cert "channels" "client" "channels-client.supermq.local"
|
||||
generate_cert "clients" "client" "clients-client.supermq.local"
|
||||
|
||||
cd ssl/certs
|
||||
chmod 644 *.crt
|
||||
chmod 600 *.key
|
||||
|
||||
for service in auth groups channels clients domains; do
|
||||
ln -sf ca.crt "${service}-grpc-server-ca.crt"
|
||||
ln -sf ca.crt "${service}-grpc-client-ca.crt"
|
||||
done
|
||||
|
||||
echo "Certificates generated successfully in docker/ssl/certs/"
|
||||
Reference in New Issue
Block a user