egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
PB
2025-11-23 21:49:18 +01:00
parent d5596b59cb
commit 68d0f3d48d
18 changed files with 268 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
deploy/scripts/gen-certs.sh
View File

@@ -19,6 +19,8 @@ export POSTGRES_CN="db-postgres.egommerce.local,db-postgres"
export POSTGRES_SAN="DNS:db-postgres.egommerce.local,DNS:db-postgres,IP:127.0.0.1"
# export MONGO_CN="mongo.db.egommerce.local,db-mongo"
# export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,IP:127.0.0.1"
export CONFIG_CN="config-svc.egommerce.local"
export CONFIG_SAN="DNS:config-svc.egommerce.local,IP:127.0.0.1"
export IDENTITY_CN="identity-svc.egommerce.local"
export IDENTITY_SAN="DNS:identity-svc.egommerce.local,IP:127.0.0.1"
export CATALOG_CN="catalog-svc.egommerce.local,catalog-svc"
@@ -39,6 +41,7 @@ mkdir -p \
${CERTS_DIR}api-cache \
${CERTS_DIR}api-logger \
${CERTS_DIR}db-postgres \
${CERTS_DIR}config-svc \
${CERTS_DIR}identity-svc \
${CERTS_DIR}basket-svc \
${CERTS_DIR}catalog-svc \
@@ -46,13 +49,15 @@ mkdir -p \
${CERTS_DIR}pricing-svc
# Generate Root CA cert
openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
-keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
# openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \
# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
# -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
# Create fullchain pem file
cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem
# cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem
# Shortcut openssl command
# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout app1-tls.key -out app1-tls.crt -subj "/CN=egommerce.io/O=sisox"
# Generate Gateway cert
openssl req -newkey rsa:2048 -nodes \
@@ -122,7 +127,20 @@ openssl x509 -req -days 365 \
-out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null
# Generate Identity cert
# Generate config-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CONFIG_CN" \
-keyout ${CERTS_DIR}config-svc/config-svc.key \
-out ${CERTS_DIR}config-svc/config-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}config-svc/config-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CONFIG_SAN}")) \
-out ${CERTS_DIR}config-svc/config-svc.crt >/dev/null
# Generate identity-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \
-keyout ${CERTS_DIR}identity-svc/identity-svc.key \
@@ -135,7 +153,7 @@ openssl x509 -req -days 365 \
-out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null
# Generate Basket cert
# Generate basket-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \
-keyout ${CERTS_DIR}basket-svc/basket-svc.key \
@@ -148,7 +166,7 @@ openssl x509 -req -days 365 \
-out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null
# Generate Catalog cert
# Generate catalog-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \
-keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \
@@ -161,7 +179,7 @@ openssl x509 -req -days 365 \
-out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null
# Generate Order cert
# Generate order-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \
-keyout ${CERTS_DIR}order-svc/order-svc.key \
@@ -174,7 +192,7 @@ openssl x509 -req -days 365 \
-out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null
# Generate Pricing cert
# Generate pricing-svc cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \
-keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \