mirror of
https://github.com/dragonflydb/dragonfly
synced 2024-11-22 23:50:34 +00:00
48 lines
1.5 KiB
Bash
48 lines
1.5 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
# This script generates locally-signed TLS files for development usage.
|
||
|
# It's probably a good idea to run in an empty, temporary directory.
|
||
|
#
|
||
|
# Example usage:
|
||
|
#
|
||
|
# mkdir /tmp/dfly-tls
|
||
|
# cd /tmp/dfly-tls
|
||
|
# ~/dragonfly/tools/generate-tls-files.sh
|
||
|
# ~/dragonfly/build-dbg/dragonfly \
|
||
|
# --dbfilename= \
|
||
|
# --logtostdout \
|
||
|
# --tls=true \
|
||
|
# --tls_key_file=/tmp/dfly-tls/df-key.pem \
|
||
|
# --tls_cert_file=/tmp/dfly-tls/df-cert.pem \
|
||
|
# --requirepass=XXX
|
||
|
# redis-cli --tls --cacert /tmp/dfly-tls/ca-cert.pem -a XXX
|
||
|
|
||
|
CA_KEY_PATH=ca-key.pem
|
||
|
CA_CERTIFICATE_PATH=ca-cert.pem
|
||
|
CERTIFICATE_REQUEST_PATH=df-req.pem
|
||
|
PRIVATE_KEY_PATH=df-key.pem
|
||
|
CERTIFICATE_PATH=df-cert.pem
|
||
|
|
||
|
echo "Generating files in local directory (rm *.pem to cleanup)"
|
||
|
|
||
|
openssl req -x509 -newkey rsa:4096 -days 1 -nodes \
|
||
|
-keyout ${CA_KEY_PATH} \
|
||
|
-out ${CA_CERTIFICATE_PATH} \
|
||
|
-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=AcmeStudios/CN=Gr/emailAddress=acme@gmail.com"
|
||
|
|
||
|
openssl req -newkey rsa:4096 -nodes \
|
||
|
-keyout ${PRIVATE_KEY_PATH} \
|
||
|
-out ${CERTIFICATE_REQUEST_PATH} \
|
||
|
-subj "/C=GR/ST=SKG/L=Thessaloniki/O=KK/OU=Comp/CN=Gr/emailAddress=does_not_exist@gmail.com"
|
||
|
|
||
|
openssl x509 -req \
|
||
|
-in ${CERTIFICATE_REQUEST_PATH} \
|
||
|
-days 1 \
|
||
|
-CA ${CA_CERTIFICATE_PATH} \
|
||
|
-CAkey ${CA_KEY_PATH} \
|
||
|
-CAcreateserial -out ${CERTIFICATE_PATH}
|
||
|
|
||
|
echo "You can now run:"
|
||
|
echo "dragonfly --tls=true --tls_key_file=${PRIVATE_KEY_PATH} --tls_cert_file=${CERTIFICATE_PATH} --requirepass=XXX"
|
||
|
echo "redis-cli --tls --cacert ${CA_CERTIFICATE_PATH} -a XXX"
|