capistrano-mb 0.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/CHANGELOG.md +114 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +173 -0
- data/Rakefile +5 -0
- data/capistrano-mb.gemspec +34 -0
- data/lib/capistrano/fiftyfive.rb +6 -0
- data/lib/capistrano/mb.rb +29 -0
- data/lib/capistrano/mb/compatibility.rb +17 -0
- data/lib/capistrano/mb/dsl.rb +187 -0
- data/lib/capistrano/mb/recipe.rb +48 -0
- data/lib/capistrano/mb/templates/crontab.erb +1 -0
- data/lib/capistrano/mb/templates/csr_config.erb +10 -0
- data/lib/capistrano/mb/templates/delayed_job_init.erb +36 -0
- data/lib/capistrano/mb/templates/logrotate.erb +9 -0
- data/lib/capistrano/mb/templates/maintenance.html.erb +26 -0
- data/lib/capistrano/mb/templates/nginx.erb +64 -0
- data/lib/capistrano/mb/templates/nginx_unicorn.erb +109 -0
- data/lib/capistrano/mb/templates/pgpass.erb +1 -0
- data/lib/capistrano/mb/templates/postgresql-backup-logrotate.erb +11 -0
- data/lib/capistrano/mb/templates/rbenv_bashrc +4 -0
- data/lib/capistrano/mb/templates/sidekiq_init.erb +100 -0
- data/lib/capistrano/mb/templates/ssl_setup +43 -0
- data/lib/capistrano/mb/templates/unicorn.rb.erb +71 -0
- data/lib/capistrano/mb/templates/unicorn_init.erb +84 -0
- data/lib/capistrano/mb/templates/version.rb.erb +3 -0
- data/lib/capistrano/mb/version.rb +5 -0
- data/lib/capistrano/tasks/aptitude.rake +101 -0
- data/lib/capistrano/tasks/crontab.rake +14 -0
- data/lib/capistrano/tasks/defaults.rake +122 -0
- data/lib/capistrano/tasks/delayed_job.rake +33 -0
- data/lib/capistrano/tasks/dotenv.rake +57 -0
- data/lib/capistrano/tasks/fiftyfive.rake +59 -0
- data/lib/capistrano/tasks/logrotate.rake +16 -0
- data/lib/capistrano/tasks/maintenance.rake +28 -0
- data/lib/capistrano/tasks/migrate.rake +29 -0
- data/lib/capistrano/tasks/nginx.rake +31 -0
- data/lib/capistrano/tasks/postgresql.rake +177 -0
- data/lib/capistrano/tasks/provision.rake +18 -0
- data/lib/capistrano/tasks/rake.rake +20 -0
- data/lib/capistrano/tasks/rbenv.rake +93 -0
- data/lib/capistrano/tasks/seed.rake +16 -0
- data/lib/capistrano/tasks/sidekiq.rake +39 -0
- data/lib/capistrano/tasks/ssl.rake +57 -0
- data/lib/capistrano/tasks/ufw.rake +32 -0
- data/lib/capistrano/tasks/unicorn.rake +42 -0
- data/lib/capistrano/tasks/user.rake +32 -0
- data/lib/capistrano/tasks/version.rake +34 -0
- metadata +165 -0
@@ -0,0 +1,48 @@
|
|
1
|
+
module Capistrano
|
2
|
+
module MB
|
3
|
+
class Recipe
|
4
|
+
attr_reader :name
|
5
|
+
|
6
|
+
def initialize(name)
|
7
|
+
@name = name.to_s
|
8
|
+
end
|
9
|
+
|
10
|
+
def enabled?
|
11
|
+
fetch(:mb_recipes, []).map(&:to_s).include?(name)
|
12
|
+
end
|
13
|
+
|
14
|
+
def prior_to(task_to_extend, *recipe_tasks)
|
15
|
+
inject_tasks(:before, task_to_extend, *recipe_tasks)
|
16
|
+
end
|
17
|
+
|
18
|
+
def during(task_to_extend, *recipe_tasks)
|
19
|
+
inject_tasks(:after, task_to_extend, *recipe_tasks)
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def inject_tasks(method, task_to_extend, *recipe_tasks)
|
25
|
+
create_task_unless_exists(task_to_extend)
|
26
|
+
|
27
|
+
recipe_tasks.flatten.each do |task|
|
28
|
+
qualified_task = apply_namespace(task)
|
29
|
+
send(method, task_to_extend, "#{qualified_task}:if_enabled") do
|
30
|
+
invoke qualified_task if enabled?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def apply_namespace(task_name)
|
36
|
+
return task_name if task_name.include?(":")
|
37
|
+
|
38
|
+
"mb:#{name}:#{task_name}"
|
39
|
+
end
|
40
|
+
|
41
|
+
def create_task_unless_exists(task_name)
|
42
|
+
unless Rake::Task.task_defined?(task_name)
|
43
|
+
Rake::Task.define_task(task_name)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
# Sample crontab (empty)
|
@@ -0,0 +1,10 @@
|
|
1
|
+
[ req ]
|
2
|
+
distinguished_name="req_distinguished_name"
|
3
|
+
prompt="no"
|
4
|
+
|
5
|
+
[ req_distinguished_name ]
|
6
|
+
C="<%= fetch(:mb_ssl_csr_country) %>"
|
7
|
+
ST="<%= fetch(:mb_ssl_csr_state) %>"
|
8
|
+
L="<%= fetch(:mb_ssl_csr_city) %>"
|
9
|
+
O="<%= fetch(:mb_ssl_csr_org) %>"
|
10
|
+
CN="<%= fetch(:mb_ssl_csr_name) %>"
|
@@ -0,0 +1,36 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
### BEGIN INIT INFO
|
3
|
+
# Provides: delayed_job
|
4
|
+
# Required-Start: $remote_fs $syslog
|
5
|
+
# Required-Stop: $remote_fs $syslog
|
6
|
+
# Default-Start: 2 3 4 5
|
7
|
+
# Default-Stop: 0 1 6
|
8
|
+
# Short-Description: Manage delayed_job worker
|
9
|
+
# Description: Start, stop, restart delayed_job workers for a specific application.
|
10
|
+
### END INIT INFO
|
11
|
+
set -e
|
12
|
+
|
13
|
+
# Feel free to change any of the following variables for your app:
|
14
|
+
CMD="cd <%= current_path %>; RAILS_ENV=<%= fetch(:rails_env) %> <%= fetch(:mb_delayed_job_script) %>"
|
15
|
+
AS_USER=<%= fetch(:mb_delayed_job_user, user) %>
|
16
|
+
set -u
|
17
|
+
|
18
|
+
run () {
|
19
|
+
if [ "$(id -un)" = "$AS_USER" ]; then
|
20
|
+
eval $1
|
21
|
+
else
|
22
|
+
su -c "$1" - $AS_USER
|
23
|
+
fi
|
24
|
+
}
|
25
|
+
|
26
|
+
case "$1" in
|
27
|
+
start)
|
28
|
+
run "$CMD start <%= fetch(:mb_delayed_job_args) %>"
|
29
|
+
;;
|
30
|
+
stop)
|
31
|
+
run "$CMD stop"
|
32
|
+
;;
|
33
|
+
restart)
|
34
|
+
run "$CMD restart <%= fetch(:mb_delayed_job_args) %>"
|
35
|
+
;;
|
36
|
+
esac
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<meta charset="utf-8">
|
5
|
+
<title>Maintenance</title>
|
6
|
+
<style type="text/css">
|
7
|
+
body {
|
8
|
+
width: 500px;
|
9
|
+
margin: 100px auto;
|
10
|
+
font: 300 120% "OpenSans", "Helvetica Neue", "Helvetica", Arial, Verdana, sans-serif;
|
11
|
+
}
|
12
|
+
|
13
|
+
h1 {
|
14
|
+
font-weight: 300;
|
15
|
+
}
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
<body>
|
19
|
+
<h1>Maintenance</h1>
|
20
|
+
|
21
|
+
<p>Our systems are currently down for <%= reason ? reason : "maintenance" %><br>
|
22
|
+
as of <%= Time.now.strftime("%H:%M %Z") %>.</p>
|
23
|
+
|
24
|
+
<p>We’ll be back <%= deadline ? deadline : "shortly" %>.</p>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,64 @@
|
|
1
|
+
# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
|
2
|
+
|
3
|
+
user www-data;
|
4
|
+
pid /run/nginx.pid;
|
5
|
+
error_log /var/log/nginx/error.log;
|
6
|
+
|
7
|
+
# you generally only need one nginx worker unless you're serving
|
8
|
+
# large amounts of static files which require blocking disk reads
|
9
|
+
worker_processes 1;
|
10
|
+
|
11
|
+
events {
|
12
|
+
worker_connections 1024; # increase if you have lots of clients
|
13
|
+
accept_mutex off; # "on" if nginx worker_processes > 1
|
14
|
+
use epoll; # for Linux 2.6+
|
15
|
+
}
|
16
|
+
|
17
|
+
http {
|
18
|
+
# ensure nginx is able to load lots of third-party modules
|
19
|
+
types_hash_max_size 2048;
|
20
|
+
server_names_hash_bucket_size 64;
|
21
|
+
|
22
|
+
# nginx will find this file in the config directory set at nginx build time
|
23
|
+
include mime.types;
|
24
|
+
|
25
|
+
# fallback in case we can't determine a type
|
26
|
+
default_type application/octet-stream;
|
27
|
+
|
28
|
+
# click tracking!
|
29
|
+
access_log /var/log/nginx/access.log combined;
|
30
|
+
|
31
|
+
# you generally want to serve static files with nginx since neither
|
32
|
+
# Unicorn nor Rainbows! is optimized for it at the moment
|
33
|
+
sendfile on;
|
34
|
+
|
35
|
+
# configure reverse proxy cache
|
36
|
+
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=default:8m max_size=1000m inactive=30d;
|
37
|
+
proxy_temp_path /var/cache/nginx/tmp;
|
38
|
+
|
39
|
+
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
|
40
|
+
tcp_nodelay off; # on may be better for some Comet/long-poll stuff
|
41
|
+
|
42
|
+
# we haven't checked to see if Rack::Deflate on the app server is
|
43
|
+
# faster or not than doing compression via nginx. It's easier
|
44
|
+
# to configure it all in one place here for static files and also
|
45
|
+
# to disable gzip for clients who don't get gzip/deflate right.
|
46
|
+
# There are other gzip settings that may be needed used to deal with
|
47
|
+
# bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
|
48
|
+
gzip on;
|
49
|
+
gzip_http_version 1.0;
|
50
|
+
gzip_proxied any;
|
51
|
+
gzip_min_length 500;
|
52
|
+
gzip_disable "MSIE [1-6]\.";
|
53
|
+
gzip_types text/plain text/xml text/css
|
54
|
+
text/comma-separated-values
|
55
|
+
text/javascript application/x-javascript
|
56
|
+
application/atom+xml;
|
57
|
+
|
58
|
+
|
59
|
+
# Allow SSL session resumption
|
60
|
+
ssl_session_cache shared:SSL:10m;
|
61
|
+
|
62
|
+
include /etc/nginx/conf.d/*.conf;
|
63
|
+
include /etc/nginx/sites-enabled/*;
|
64
|
+
}
|
@@ -0,0 +1,109 @@
|
|
1
|
+
# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
|
2
|
+
|
3
|
+
upstream unicorn_<%= application_basename %> {
|
4
|
+
# fail_timeout=0 means we always retry an upstream even if it failed
|
5
|
+
# to return a good HTTP response (in case the Unicorn master nukes a
|
6
|
+
# single worker for timing out).
|
7
|
+
server unix:/tmp/unicorn.<%= application_basename %>.sock fail_timeout=0;
|
8
|
+
}
|
9
|
+
|
10
|
+
<% [80, 443].each do |port| %>
|
11
|
+
|
12
|
+
<% fetch(:mb_nginx_redirect_hosts).each do |orig, desired| %>
|
13
|
+
server {
|
14
|
+
listen <%= port %>;
|
15
|
+
server_name <%= orig %>;
|
16
|
+
return 301 <%= fetch(:mb_nginx_force_https) ? "https" : "$scheme" %>://<%= desired %>$request_uri;
|
17
|
+
}
|
18
|
+
<% end %>
|
19
|
+
|
20
|
+
server {
|
21
|
+
listen <%= port %> <%= "spdy" if port == 443 %> default deferred; # for Linux
|
22
|
+
|
23
|
+
<% if port == 80 && fetch(:mb_nginx_force_https) %>
|
24
|
+
rewrite ^(.*) https://$http_host$1 permanent;
|
25
|
+
<% else %>
|
26
|
+
|
27
|
+
client_max_body_size 4G;
|
28
|
+
server_name _;
|
29
|
+
|
30
|
+
# ~2 seconds is often enough for most folks to parse HTML/CSS and
|
31
|
+
# retrieve needed images/icons/frames, connections are cheap in
|
32
|
+
# nginx so increasing this is generally safe...
|
33
|
+
keepalive_timeout 5;
|
34
|
+
|
35
|
+
# path for static files
|
36
|
+
root <%= current_path %>/public;
|
37
|
+
|
38
|
+
# Capistrano `deploy:web:disable` support
|
39
|
+
if (-f $document_root/system/maintenance.html) {
|
40
|
+
return 503;
|
41
|
+
}
|
42
|
+
error_page 503 @maintenance;
|
43
|
+
location @maintenance {
|
44
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
45
|
+
break;
|
46
|
+
}
|
47
|
+
|
48
|
+
<% if port == 443 %>
|
49
|
+
ssl on;
|
50
|
+
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
|
51
|
+
ssl_prefer_server_ciphers on;
|
52
|
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
53
|
+
ssl_dhparam /etc/ssl/dhparams.pem;
|
54
|
+
ssl_certificate /etc/ssl/<%= application_basename %>.crt;
|
55
|
+
ssl_certificate_key /etc/ssl/<%= application_basename %>.key;
|
56
|
+
|
57
|
+
<% if fetch(:mb_nginx_force_https) %>
|
58
|
+
add_header Strict-Transport-Security "max-age=631138519";
|
59
|
+
<% end %>
|
60
|
+
<% end %>
|
61
|
+
|
62
|
+
# Far-future expires and gzip for fingerprinted assets
|
63
|
+
location ~ "/<%= fetch(:assets_prefix, "assets") %>/.*-[0-9a-f]{32}.*" {
|
64
|
+
gzip_static on;
|
65
|
+
expires max;
|
66
|
+
add_header Cache-Control public;
|
67
|
+
break;
|
68
|
+
}
|
69
|
+
|
70
|
+
include /etc/nginx/<%= application_basename%>-locations/*;
|
71
|
+
|
72
|
+
# Prefer to serve static files directly from nginx to avoid unnecessary
|
73
|
+
# data copies from the application server.
|
74
|
+
try_files $uri/index.html $uri @unicorn;
|
75
|
+
|
76
|
+
location @unicorn {
|
77
|
+
# an HTTP header important enough to have its own Wikipedia entry:
|
78
|
+
# http://en.wikipedia.org/wiki/X-Forwarded-For
|
79
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
80
|
+
|
81
|
+
# this helps Rack set the proper URL scheme for doing HTTPS redirects:
|
82
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
83
|
+
|
84
|
+
# pass the Host: header from the client right along so redirects
|
85
|
+
# can be set properly within the Rack application
|
86
|
+
proxy_set_header Host $http_host;
|
87
|
+
|
88
|
+
# we don't want nginx trying to do something clever with
|
89
|
+
# redirects, we set the Host: header above already.
|
90
|
+
proxy_redirect off;
|
91
|
+
|
92
|
+
# enable caching (honors cache-control headers sent by Rails)
|
93
|
+
# lock and use_stale help prevent a cache stampede
|
94
|
+
proxy_cache default;
|
95
|
+
proxy_cache_lock on;
|
96
|
+
proxy_cache_use_stale updating;
|
97
|
+
add_header X-Cache-Status $upstream_cache_status;
|
98
|
+
|
99
|
+
proxy_pass http://unicorn_<%= application_basename %>;
|
100
|
+
}
|
101
|
+
|
102
|
+
# Rails error pages
|
103
|
+
error_page 500 502 503 504 /500.html;
|
104
|
+
location = /500.html {
|
105
|
+
root <%= current_path %>/public;
|
106
|
+
}
|
107
|
+
<% end %>
|
108
|
+
}
|
109
|
+
<% end %>
|
@@ -0,0 +1 @@
|
|
1
|
+
<%= fetch(:mb_postgresql_host) %>:5432:<%= fetch(:mb_postgresql_database) %>:<%= fetch(:mb_postgresql_user) %>:<%= fetch(:mb_postgresql_password).gsub(/([\\:])/, '\\\\\1') %>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
<%= fetch(:mb_postgresql_backup_path) %> {
|
2
|
+
daily
|
3
|
+
nomissingok
|
4
|
+
rotate 30
|
5
|
+
ifempty
|
6
|
+
create 600 <%= user %>
|
7
|
+
dateext
|
8
|
+
postrotate
|
9
|
+
/usr/bin/sudo -u <%= user %> PGPASSFILE=<%= fetch(:mb_postgresql_pgpass_path) %> /usr/bin/pg_dump -Fc -Z9 -O -x <%= fetch(:mb_postgresql_dump_options) %> -h <%= fetch(:mb_postgresql_host) %> -U <%= fetch(:mb_postgresql_user) %> -f <%= fetch(:mb_postgresql_backup_path) %> <%= fetch(:mb_postgresql_database) %>
|
10
|
+
endscript
|
11
|
+
}
|
@@ -0,0 +1,100 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
### BEGIN INIT INFO
|
3
|
+
# Provides: sidekiq
|
4
|
+
# Required-Start: $remote_fs $syslog
|
5
|
+
# Required-Stop: $remote_fs $syslog
|
6
|
+
# Default-Start: 2 3 4 5
|
7
|
+
# Default-Stop: 0 1 6
|
8
|
+
# Short-Description: Manage sidekiq worker
|
9
|
+
# Description: Start, stop, restart sidekiq worker.
|
10
|
+
### END INIT INFO
|
11
|
+
|
12
|
+
APP_DIR="<%= current_path %>"
|
13
|
+
LOG_FILE="$APP_DIR/log/sidekiq.log"
|
14
|
+
PID_FILE="$APP_DIR/tmp/pids/sidekiq.pid"
|
15
|
+
SIDEKIQ="sidekiq"
|
16
|
+
SIDEKIQCTL="sidekiqctl"
|
17
|
+
APP_ENV="<%= fetch(:rails_env) %>"
|
18
|
+
BUNDLE="bundle"
|
19
|
+
AS_USER=<%= fetch(:mb_sidekiq_user, user) %>
|
20
|
+
CONCURRENCY=<%= fetch(:mb_sidekiq_concurrency) %>
|
21
|
+
|
22
|
+
START_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQ -d -e $APP_ENV -P $PID_FILE --concurrency $CONCURRENCY -L $LOG_FILE"
|
23
|
+
CTL_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQCTL"
|
24
|
+
RETVAL=0
|
25
|
+
|
26
|
+
|
27
|
+
run () {
|
28
|
+
if [ "$(id -un)" = "$AS_USER" ]; then
|
29
|
+
eval $1
|
30
|
+
else
|
31
|
+
su -c "$1" - $AS_USER
|
32
|
+
fi
|
33
|
+
}
|
34
|
+
|
35
|
+
start() {
|
36
|
+
|
37
|
+
status
|
38
|
+
if [ $? -eq 1 ]; then
|
39
|
+
|
40
|
+
[ -d $APP_DIR ] || (echo "$APP_DIR not found!.. Exiting"; exit 6)
|
41
|
+
echo "Starting $SIDEKIQ message processor .. "
|
42
|
+
run "$START_CMD"
|
43
|
+
RETVAL=$?
|
44
|
+
#Sleeping for 8 seconds for process to be precisely visible in process table - See status ()
|
45
|
+
sleep 8
|
46
|
+
return $RETVAL
|
47
|
+
else
|
48
|
+
echo "$SIDEKIQ message processor is already running .. "
|
49
|
+
fi
|
50
|
+
|
51
|
+
|
52
|
+
}
|
53
|
+
|
54
|
+
stop() {
|
55
|
+
|
56
|
+
status
|
57
|
+
if [ $? -eq 0 ]; then
|
58
|
+
|
59
|
+
echo "Stopping $SIDEKIQ message processor .."
|
60
|
+
run "$CTL_CMD stop $PID_FILE"
|
61
|
+
RETVAL=$?
|
62
|
+
return $RETVAL
|
63
|
+
|
64
|
+
else
|
65
|
+
echo "$SIDEKIQ message processor is already stopped .. "
|
66
|
+
fi
|
67
|
+
|
68
|
+
}
|
69
|
+
|
70
|
+
status() {
|
71
|
+
|
72
|
+
ps -ef | egrep 'sidekiq [0-9]+.[0-9]+.[0-9]+' | grep -v grep
|
73
|
+
return $?
|
74
|
+
}
|
75
|
+
|
76
|
+
|
77
|
+
case "$1" in
|
78
|
+
start)
|
79
|
+
start
|
80
|
+
;;
|
81
|
+
stop)
|
82
|
+
stop
|
83
|
+
;;
|
84
|
+
status)
|
85
|
+
status
|
86
|
+
|
87
|
+
if [ $? -eq 0 ]; then
|
88
|
+
echo "$SIDEKIQ message processor is running .."
|
89
|
+
RETVAL=0
|
90
|
+
else
|
91
|
+
echo "$SIDEKIQ message processor is stopped .."
|
92
|
+
RETVAL=1
|
93
|
+
fi
|
94
|
+
;;
|
95
|
+
*)
|
96
|
+
echo "Usage: $0 {start|stop|status}"
|
97
|
+
exit 0
|
98
|
+
;;
|
99
|
+
esac
|
100
|
+
exit $RETVAL
|
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
# Usage:
|
4
|
+
#
|
5
|
+
# ssl_setup [--self] <name> <csr_config>
|
6
|
+
#
|
7
|
+
# This script is used to generate key and CSR for use HTTPS in Nginx.
|
8
|
+
#
|
9
|
+
# --self Generate self-signed certificate in addition to key and CSR.
|
10
|
+
# name Output files will be named as <name>.key and <name>.csr.
|
11
|
+
# csr_config Path to file that specifies CSR information. See below.
|
12
|
+
#
|
13
|
+
# CSR configuration format:
|
14
|
+
#
|
15
|
+
# [ req ]
|
16
|
+
# distinguished_name="req_distinguished_name"
|
17
|
+
# prompt="no"
|
18
|
+
#
|
19
|
+
# [ req_distinguished_name ]
|
20
|
+
# C="US"
|
21
|
+
# ST="California"
|
22
|
+
# L="San Francisco"
|
23
|
+
# O="Example Company"
|
24
|
+
# CN="www.example.com"
|
25
|
+
|
26
|
+
if [[ $1 == --self ]]; then
|
27
|
+
SELF_SIGN=1
|
28
|
+
shift
|
29
|
+
fi
|
30
|
+
|
31
|
+
KEY_NAME=$1
|
32
|
+
CSR_CONFIG=$2
|
33
|
+
|
34
|
+
openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
|
35
|
+
chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
|
36
|
+
echo "Created ${KEY_NAME}.key"
|
37
|
+
echo "Created ${KEY_NAME}.csr"
|
38
|
+
|
39
|
+
if [[ -n $SELF_SIGN ]]; then
|
40
|
+
openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
|
41
|
+
chmod 600 ${KEY_NAME}.crt
|
42
|
+
echo "Created ${KEY_NAME}.crt (self-signed)"
|
43
|
+
fi
|