From fa62c0b817ca705527202da9a2fc02ac827e3a81 Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Sun, 16 Mar 2025 14:19:29 +0100 Subject: [PATCH] Update --- Makefile | 3 +- deploy/.env.dist | 4 +- deploy/.env.local | 4 +- deploy/.env.prod | 6 ++ deploy/bin/register-service.go | 2 +- deploy/docker/stack.dev.local.yml | 6 +- deploy/docker/stack.yml | 26 ++--- deploy/make-cert.sh | 156 ------------------------------ deploy/scripts/gen-certs.sh | 64 ++++++------ 9 files changed, 60 insertions(+), 211 deletions(-) create mode 100644 deploy/.env.prod delete mode 100755 deploy/make-cert.sh diff --git a/Makefile b/Makefile index ed72e67..676d8d7 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,5 @@ DEPLOY_DIR := ./deploy -# SETTING ENV up: - sh ${DEPLOY_DIR}/scripts/start-docker.sh @@ -8,7 +7,7 @@ down: - docker stack rm egommerce k8s-up: - - sh ${DEPLOY_DIR}/start-k8s.sh + - sh ${DEPLOY_DIR}/scripts/start-k8s.sh k8s-down: - kubectl delete -f deploy/k8s/stack.yml diff --git a/deploy/.env.dist b/deploy/.env.dist index 64d6321..a66a317 100644 --- a/deploy/.env.dist +++ b/deploy/.env.dist @@ -1,6 +1,6 @@ API_GATEWAY_ADDR=gw.service.ego.io API_GATEWAY_PORT=443 -# API_REGISTRY_ADDR=registry.service.ego.io -API_REGISTRY_ADDR=api-registry +# REGISTRY_ADDR=registry.service.ego.io +REGISTRY_ADDR=api-registry API_REGISTRY_PORT=8501 diff --git a/deploy/.env.local b/deploy/.env.local index 342ba56..91be335 100644 --- a/deploy/.env.local +++ b/deploy/.env.local @@ -1,6 +1,6 @@ API_GATEWAY_ADDR=gw.service.ego.io API_GATEWAY_PORT=443 -# API_REGISTRY_ADDR=registry.service.ego.io -#API_REGISTRY_ADDR=api-registry +# REGISTRY_ADDR=registry.service.ego.io +#REGISTRY_ADDR=api-registry API_REGISTRY_PORT=8501 diff --git a/deploy/.env.prod b/deploy/.env.prod new file mode 100644 index 0000000..91be335 --- /dev/null +++ b/deploy/.env.prod @@ -0,0 +1,6 @@ +API_GATEWAY_ADDR=gw.service.ego.io +API_GATEWAY_PORT=443 + +# REGISTRY_ADDR=registry.service.ego.io +#REGISTRY_ADDR=api-registry +API_REGISTRY_PORT=8501 diff --git a/deploy/bin/register-service.go b/deploy/bin/register-service.go index 7afa5f2..61ac2e4 100644 --- a/deploy/bin/register-service.go +++ b/deploy/bin/register-service.go @@ -9,7 +9,7 @@ import ( ) func main() { - addr, port := env("API_REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501") + addr, port := env("REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501") regUrl := "https://" + addr + ":" + port + "/v1/agent/service/register?replace-existing-checks=true" regData, err := os.ReadFile("/.app.config") if err != nil { diff --git a/deploy/docker/stack.dev.local.yml b/deploy/docker/stack.dev.local.yml index 6bfeacb..44439a1 100644 --- a/deploy/docker/stack.dev.local.yml +++ b/deploy/docker/stack.dev.local.yml @@ -5,7 +5,7 @@ services: env_file: ../.env.local environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN + - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro @@ -15,7 +15,7 @@ services: env_file: ../.env.local environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN + - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro @@ -26,7 +26,7 @@ services: # command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"] environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN + - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro diff --git a/deploy/docker/stack.yml b/deploy/docker/stack.yml index 7311ba5..aae52af 100644 --- a/deploy/docker/stack.yml +++ b/deploy/docker/stack.yml @@ -83,7 +83,7 @@ services: environment: - APP_DOMAIN - APP_NAME=api-vault - - API_REGISTRY_ADDR=api-registry + - REGISTRY_ADDR=api-registry - VAULT_ADDR=https://localhost:8200 - VAULT_API_ADDR=https://localhost:8200 volumes: @@ -109,7 +109,7 @@ services: - RABBITMQ_ERLANG_COOKIE=rabbitmq - APP_DOMAIN - APP_NAME=api-eventbus - - API_REGISTRY_ADDR=api-registry + - REGISTRY_ADDR=api-registry volumes: - eventbus_data:/var/lib/rabbitmq - eventbus_logs:/var/log/rabbitmq @@ -133,7 +133,7 @@ services: environment: - APP_DOMAIN - APP_NAME=api-cache - - API_REGISTRY_ADDR=api-registry + - REGISTRY_ADDR=api-registry volumes: - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service @@ -153,7 +153,7 @@ services: environment: - APP_DOMAIN - APP_NAME=api-logger - - API_REGISTRY_ADDR=api-registry + - REGISTRY_ADDR=api-registry volumes: - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service @@ -174,7 +174,7 @@ services: # environment: # - APP_DOMAIN # - APP_NAME=api-prometheus - # - API_REGISTRY_ADDR=api-registry + # - REGISTRY_ADDR=api-registry # volumes: # - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro @@ -191,7 +191,7 @@ services: # environment: # - APP_DOMAIN # - APP_NAME=api-grafana - # - API_REGISTRY_ADDR=api-registry + # - REGISTRY_ADDR=api-registry # volumes: # - grafana-db:/var/lib/grafana # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro @@ -207,7 +207,7 @@ services: environment: - APP_DOMAIN - APP_NAME=db-postgres - - API_REGISTRY_ADDR=api-registry + - REGISTRY_ADDR=api-registry - POSTGRESQL_USERNAME=postgres - POSTGRESQL_DATABASE=postgres - POSTGRESQL_PASSWORD=H5Gd7^37*Hka*a72 @@ -232,7 +232,7 @@ services: # environment: # - APP_DOMAIN # - APP_NAME=mongo-db - # - API_REGISTRY_ADDR=api-registry + # - REGISTRY_ADDR=api-registry # - MONGO_INITDB_ROOT_USERNAME=mongodb # - MONGO_INITDB_ROOT_PASSWORD # volumes: @@ -256,7 +256,7 @@ services: environment: - APP_NAME=identity-svc - APP_PATH_PREFIX=/identity - - API_REGISTRY_ADDR=api-gateway + - REGISTRY_ADDR=https://api-gateway:8501 - APP_DOMAIN - APP_KV_NAMESPACE - DATABASE_URL @@ -284,7 +284,7 @@ services: environment: - APP_NAME=catalog-svc - APP_PATH_PREFIX=/catalog - - API_REGISTRY_ADDR=api-gateway + - REGISTRY_ADDR=https://api-gateway:8501 - APP_DOMAIN - APP_KV_NAMESPACE - AUTH_HANDLER_URL @@ -313,7 +313,7 @@ services: environment: - APP_NAME=basket-svc - APP_PATH_PREFIX=/basket - - API_REGISTRY_ADDR=api-gateway + - REGISTRY_ADDR=https://api-gateway:8501 - APP_DOMAIN - APP_KV_NAMESPACE - AUTH_HANDLER_URL @@ -342,7 +342,7 @@ services: environment: - APP_NAME=order-svc - APP_PATH_PREFIX=/order - - API_REGISTRY_ADDR=api-gateway + - REGISTRY_ADDR=https://api-gateway:8501 - APP_DOMAIN - APP_KV_NAMESPACE - AUTH_HANDLER_URL @@ -371,7 +371,7 @@ services: environment: - APP_NAME=pricing-svc - APP_PATH_PREFIX=/pricing - - API_REGISTRY_ADDR=api-gateway + - REGISTRY_ADDR=https://api-gateway:8501 - APP_DOMAIN - APP_KV_NAMESPACE - AUTH_HANDLER_URL diff --git a/deploy/make-cert.sh b/deploy/make-cert.sh deleted file mode 100755 index e89e60e..0000000 --- a/deploy/make-cert.sh +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/bash - -cd deploy/certs - -mkdir -p ca -mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault -mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc - -# # Generate ROOT Key -# openssl genrsa -out ca/internalCA.key 4096 - -# # Generate ROOT Cert -# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \ -# -sha256 -days 3650 -out ca/internalCA.crt - - -# # MANAGING SERVICES - -# # Generate Key for API-REGISTRY -# openssl genrsa -out api-registry/registry.key 2048 - -# # Generate Cert for API-REGISTRY -openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ - -out api-registry/registry.internal.csr -openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ - -out api-registry/registry.local.csr - -openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \ - -out api-registry/registry.internal.crt -days 365 -sha256 -openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out api-registry/registry.local.crt -days 365 -sha256 - -# # Generate Key for API-GATEWAY -# openssl genrsa -out api-gateway/gateway.key 2048 - -# # Generate Cert for API-GATEWAY -openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ - -out api-gateway/gateway.internal.csr -openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ - -out api-gateway/gateway.local.csr - -openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \ - -out api-gateway/gateway.internal.crt -days 365 -sha256 -openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out api-gateway/gateway.local.crt -days 365 -sha256 - -# Generate Key for API-VAULT -# openssl genrsa -out api-vault/vault.key 2048 - -# Generate Cert for API-VAULT -openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ - -out api-vault/vault.internal.csr -openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ - -out api-vault/vault.local.csr - -openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ - -out api-vault/vault.internal.crt -days 365 -sha256 -openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out api-vault/vault.local.crt -days 365 -sha256 - - -# Generate Key for API-EVENTBUS -# openssl genrsa -out api-eventbus/eventbus.key 2048 - -# Generate Cert for API-EVENTBUS -openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ - -out api-eventbus/eventbus.internal.csr -openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ - -out api-eventbus/eventbus.local.csr - -openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ - -out api-eventbus/eventbus.internal.crt -days 365 -sha256 -openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out api-eventbus/eventbus.local.crt -days 365 -sha256 - - -# API MICROSERVICES -# Generate Key for domain (service) - BASKET-SVC -# openssl genrsa -out basket-svc/basket-svc.key 2048 - -# Generate Cert for domain (service) - BASKET-SVC -openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \ - -out basket-svc/basket-svc.csr - -openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out basket-svc/basket-svc.crt -days 365 -sha256 - - -# Generate Key for domain (service) - CATALOG-SVC -# openssl genrsa -out catalog-svc/catalog-svc.key 2048 - -# Generate Cert for domain (service) - CATALOG-SVC -openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \ - -out catalog-svc/catalog-svc.csr - -openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out catalog-svc/catalog-svc.crt -days 365 -sha256 - - -# Generate Key for domain (service) - IDENTITY-SVC -# openssl genrsa -out identity-svc/identity-svc.key 2048 - -# Generate Cert for domain (service) - IDENTITY-SVC -openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \ - -out identity-svc/identity-svc.csr - -openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out identity-svc/identity-svc.crt -days 365 -sha256 - - -# Generate Key for domain (service) - ORDER-SVC -# openssl genrsa -out order-svc/order-svc.key 2048 - -# Generate Cert for domain (service) - ORDER-SVC -openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \ - -out order-svc/order-svc.csr - -openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out order-svc/order-svc.crt -days 365 -sha256 - - -# Generate Key for domain (service) - PRICING-SVC -# openssl genrsa -out pricing-svc/pricing-svc.key 2048 - -# Generate Cert for domain (service) - PRICING-SVC -openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \ - -out pricing-svc/pricing-svc.csr - -openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ - -extensions SAN \ - -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ - -out pricing-svc/pricing-svc.crt -days 365 -sha256 diff --git a/deploy/scripts/gen-certs.sh b/deploy/scripts/gen-certs.sh index 7621e2a..6925f95 100644 --- a/deploy/scripts/gen-certs.sh +++ b/deploy/scripts/gen-certs.sh @@ -3,10 +3,10 @@ export DEPLOY_DIR="./deploy" export CERTS_DIR="${DEPLOY_DIR}/certs/" -export REGISTRY_CN="registry.egommerce.local,api-registry,localhost" -export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1" -export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost" -export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1" +export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost" +export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1" +export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost" +export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1" export VAULT_CN="vault.egommerce.local,api-vault,localhost" export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" @@ -68,8 +68,8 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \ -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null @@ -81,12 +81,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null -# Genearte Vault cert +# Generate Vault cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \ -keyout ${CERTS_DIR}api-vault/api-vault.key \ @@ -94,12 +94,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \ -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null -# Genearte Eventbus cert +# Generate Eventbus cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \ -keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \ @@ -107,12 +107,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \ -out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null -# Genearte Cache cert +# Generate Cache cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \ -keyout ${CERTS_DIR}api-cache/api-cache.key \ @@ -120,12 +120,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \ -out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null -# Genearte Logger cert +# Generate Logger cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \ -keyout ${CERTS_DIR}api-logger/api-logger.key \ @@ -133,12 +133,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null -# Genearte Prometheus cert +# Generate Prometheus cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \ -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \ @@ -146,12 +146,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \ -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null -# Genearte Grafana cert +# Generate Grafana cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \ -keyout ${CERTS_DIR}api-grafana/api-grafana.key \ @@ -159,12 +159,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \ -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null -# Genearte Postgres cert +# Generate Postgres cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ -keyout ${CERTS_DIR}db-postgres/db-postgres.key \ @@ -172,12 +172,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \ -out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null -# Genearte Mongo cert +# Generate Mongo cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ -keyout ${CERTS_DIR}db-mongo/db-mongo.key \ @@ -185,12 +185,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null -# Genearte Identity cert +# Generate Identity cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \ -keyout ${CERTS_DIR}identity-svc/identity-svc.key \ @@ -198,12 +198,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \ -out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null -# Genearte Basket cert +# Generate Basket cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \ -keyout ${CERTS_DIR}basket-svc/basket-svc.key \ @@ -211,12 +211,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \ -out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null -# Genearte Catalog cert +# Generate Catalog cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \ -keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \ @@ -224,12 +224,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \ -out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null -# Genearte Order cert +# Generate Order cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \ -keyout ${CERTS_DIR}order-svc/order-svc.key \ @@ -237,12 +237,12 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \ -out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null -# Genearte Pricing cert +# Generate Pricing cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \ -keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \ @@ -250,6 +250,6 @@ openssl req -newkey rsa:2048 -nodes \ openssl x509 -req -days 365 \ -in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \ -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \ -out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null