Update

2025-03-16 14:19:29 +01:00
parent 6848b55101
commit fa62c0b817
9 changed files with 60 additions and 211 deletions
--- a/deploy/scripts/gen-certs.sh
+++ b/deploy/scripts/gen-certs.sh
@@ -3,10 +3,10 @@
 export DEPLOY_DIR="./deploy"
 export CERTS_DIR="${DEPLOY_DIR}/certs/"

-export REGISTRY_CN="registry.egommerce.local,api-registry,localhost"
-export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1"
-export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost"
-export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1"
+export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost"
+export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1"
+export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost"
+export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1"
 export VAULT_CN="vault.egommerce.local,api-vault,localhost"
 export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1"
 export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost"
@@ -68,8 +68,8 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
    -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null


@@ -81,12 +81,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
    -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null


-# Genearte Vault cert
+# Generate Vault cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \
    -keyout ${CERTS_DIR}api-vault/api-vault.key \
@@ -94,12 +94,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
    -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null


-# Genearte Eventbus cert
+# Generate Eventbus cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \
    -keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \
@@ -107,12 +107,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
    -out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null


-# Genearte Cache cert
+# Generate Cache cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \
    -keyout ${CERTS_DIR}api-cache/api-cache.key \
@@ -120,12 +120,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
    -out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null


-# Genearte Logger cert
+# Generate Logger cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \
    -keyout ${CERTS_DIR}api-logger/api-logger.key \
@@ -133,12 +133,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
    -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null


-# Genearte Prometheus cert
+# Generate Prometheus cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \
    -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \
@@ -146,12 +146,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
    -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null


-# Genearte Grafana cert
+# Generate Grafana cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \
    -keyout ${CERTS_DIR}api-grafana/api-grafana.key \
@@ -159,12 +159,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
    -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null


-# Genearte Postgres cert
+# Generate Postgres cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
    -keyout ${CERTS_DIR}db-postgres/db-postgres.key \
@@ -172,12 +172,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
    -out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null


-# Genearte Mongo cert
+# Generate Mongo cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
    -keyout ${CERTS_DIR}db-mongo/db-mongo.key \
@@ -185,12 +185,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
    -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null


-# Genearte Identity cert
+# Generate Identity cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \
    -keyout ${CERTS_DIR}identity-svc/identity-svc.key \
@@ -198,12 +198,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
    -out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null


-# Genearte Basket cert
+# Generate Basket cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \
    -keyout ${CERTS_DIR}basket-svc/basket-svc.key \
@@ -211,12 +211,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
    -out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null


-# Genearte Catalog cert
+# Generate Catalog cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \
    -keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \
@@ -224,12 +224,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
    -out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null


-# Genearte Order cert
+# Generate Order cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \
    -keyout ${CERTS_DIR}order-svc/order-svc.key \
@@ -237,12 +237,12 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
    -out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null


-# Genearte Pricing cert
+# Generate Pricing cert
 openssl req -newkey rsa:2048 -nodes \
    -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \
    -keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \
@@ -250,6 +250,6 @@ openssl req -newkey rsa:2048 -nodes \

 openssl x509 -req -days 365 \
    -in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
    -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
+    -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
    -out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null