-
Notifications
You must be signed in to change notification settings - Fork 9
/
localssl.sh
124 lines (105 loc) · 3.68 KB
/
localssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/bin/bash
#This script will help you to generate a local ssl for your server
#With this you can enable ssl in your config.json
#Before you do a bash lisk.sh reload first check if your delegate is about to forge
#created by mrgr. Please consider to vote for mrgr delegate
CYAN='\033[1;36m'
OFF='\033[0m'
echo
echo "----------------------------------------"
echo "Welcome to localssl script"
echo -e "Don't forget to vote for ${CYAN}mrgr${OFF} delegate"
echo "----------------------------------------"
echo
LOG=logs/localssl.log
COUNTRY=DE
STA=Berlin
LOC=Germany
ORG=LISK
ORU=LSK
PASS=$(date +%s | sha256sum | base64 | head -c 32 ; echo)
if [ -f "$1" ]; then
case $1 in
"main")
echo "You are installing this script for mainnet"
VERSION="lisk-main"
;;
"test")
echo "You are installing this script for testnet"
VERSION="lisk-test"
;;
*)
echo "You are installing this script for mainnet"
VERSION="lisk-main"
;;
esac
else
echo "You are installing this script for mainnet"
echo "If you want to change this script to testnet please stop this installation and start again with:"
echo "bash install.sh test"
VERSION="lisk-main"
fi
mkdir -p ../$VERSION/ssl/
echo "Please enter the following information:"
echo -n "Name of your delegate: "
read DELEGATE_NAME
echo -n "Type an email: "
read EMAIL
echo -n "Enter the port you will use for HTTPS: "
read HTTPS_PORT
TIME=$(date +"%H:%M") #for your local time add: -d '6 hours ago')
echo "$TIME Starting to generate ssl" > $LOG
openssl genrsa -des3 -passout pass:"$PASS" -out "$DELEGATE_NAME".key 2048 >> $LOG 2>&1
if [ $? != 0 ]; then
echo "X Failed to create ssl key"
echo "Exiting.."
exit 0
else
echo "ssl key created" >> $LOG
fi
#Remove password from key
openssl rsa -in "$DELEGATE_NAME".key -passin pass:"$PASS" -out "$DELEGATE_NAME".key >> $LOG 2>&1
if [ $? != 0 ]; then
echo "X Failed to clean ssl key"
echo "Exiting.."
exit 0
fi
openssl req -new -key "$DELEGATE_NAME".key -out "$DELEGATE_NAME".csr -passin pass:"$PASS" -subj "/C=$COUNTRY/ST=$STA/L=$LOC/O=$ORG/OU=$ORU/CN=$DELEGATE_NAME/emailAddress=$EMAIL" >> $LOG 2>&1
if [ $? != 0 ]; then
echo "X Failed to create csr"
echo "Exiting.."
exit 0
else
echo "csr created" >> $LOG
fi
openssl x509 -req -days 365 -in "$DELEGATE_NAME".csr -signkey "$DELEGATE_NAME".key -out "$DELEGATE_NAME".crt >> $LOG 2>&1
if [ $? != 0 ]; then
echo "X Failed to create SSL certificate"
echo "Exiting.."
exit 0
else
echo "SSL certificate created" >> $LOG
fi
if [[ -f "$DELEGATE_NAME".crt ]] && [[ -f "$DELEGATE_NAME".key ]]; then
cat "$DELEGATE_NAME".crt "$DELEGATE_NAME".key > "$DELEGATE_NAME".pem
fi
#FINISHING AND CLEANING
mv "$DELEGATE_NAME".pem ../$VERSION/ssl/
rm $DELEGATE_NAME*
echo
echo "Your SSL Certificate has been created successfully."
echo "Go to your lisk config.json file and edit ssl section like the following:"
echo " \"ssl\": {"
echo -e " \"enabled\": ${CYAN}true${OFF},"
echo " \"options\": {"
echo -e " \"port\": ${CYAN}$HTTPS_PORT${OFF},"
echo " \"address\"\: \"0.0.0.0\","
echo -e " \"key\": \"${CYAN}./ssl/$DELEGATE_NAME.pem${OFF}\","
echo -e " \"cert\": \"${CYAN}./ssl/$DELEGATE_NAME.pem${OFF}\""
echo " }"
echo " },"
echo
echo "After edit config.json reload lisk: bash lisk.sh reload."
echo "Now you will be able to access to your wallet in a more secure way."
echo "Try the following (change the example IP for yours):"
echo "http://123.123.123.123:$HTTPS_PORT/"