alimu
/
OnlineMsgServer
2
5
Fork 0
Code Issues 1 Pull Requests Packages Projects 4 Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
codex/alimu
emilia-t
linran
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fc6ebccb59'
${ noResults }
OnlineMsgServer/deploy/redeploy_with_lan_cert.sh

92 lines
3.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# Usage:
# bash deploy/redeploy_with_lan_cert.sh
#
# Optional overrides:
# CONTAINER_NAME=onlinemsgserver IMAGE_NAME=onlinemsgserver:latest CERT_PASSWORD=changeit bash deploy/redeploy_with_lan_cert.sh
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
CONTAINER_NAME="${CONTAINER_NAME:-onlinemsgserver}"
IMAGE_NAME="${IMAGE_NAME:-onlinemsgserver:latest}"
CERT_PASSWORD="${CERT_PASSWORD:-changeit}"
for cmd in openssl docker ipconfig route awk base64 tr; do
if ! command -v "${cmd}" >/dev/null 2>&1; then
echo "Missing required command: ${cmd}"
exit 1
fi
done
DEFAULT_IFACE="$(route get default 2>/dev/null | awk '/interface:/{print $2; exit}')"
LAN_IP=""
if [ -n "${DEFAULT_IFACE}" ]; then
LAN_IP="$(ipconfig getifaddr "${DEFAULT_IFACE}" 2>/dev/null || true)"
fi
if [ -z "${LAN_IP}" ]; then
LAN_IP="$(ipconfig getifaddr en0 2>/dev/null || true)"
fi
if [ -z "${LAN_IP}" ]; then
LAN_IP="$(ipconfig getifaddr en1 2>/dev/null || true)"
fi
if [ -z "${LAN_IP}" ]; then
echo "Failed to detect LAN IP from default interface/en0/en1."
exit 1
fi
echo "LAN IP: ${LAN_IP}"
mkdir -p "${ROOT_DIR}/deploy/certs" "${ROOT_DIR}/deploy/keys"
# Generate service RSA key only if missing.
if [ ! -f "${ROOT_DIR}/deploy/keys/server_rsa_pkcs8.b64" ]; then
echo "Generating service RSA key..."
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "${ROOT_DIR}/deploy/keys/server_rsa.pem"
openssl pkcs8 -topk8 -inform PEM \
-in "${ROOT_DIR}/deploy/keys/server_rsa.pem" \
-outform DER -nocrypt \
-out "${ROOT_DIR}/deploy/keys/server_rsa_pkcs8.der"
base64 < "${ROOT_DIR}/deploy/keys/server_rsa_pkcs8.der" | tr -d '\n' > "${ROOT_DIR}/deploy/keys/server_rsa_pkcs8.b64"
fi
echo "Reissuing TLS certificate with LAN SAN..."
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 365 \
-subj "/CN=${LAN_IP}" \
-addext "subjectAltName=IP:${LAN_IP},IP:127.0.0.1,DNS:localhost" \
-keyout "${ROOT_DIR}/deploy/certs/tls.key" \
-out "${ROOT_DIR}/deploy/certs/tls.crt"
openssl pkcs12 -export \
-inkey "${ROOT_DIR}/deploy/certs/tls.key" \
-in "${ROOT_DIR}/deploy/certs/tls.crt" \
-out "${ROOT_DIR}/deploy/certs/server.pfx" \
-passout "pass:${CERT_PASSWORD}"
echo "Rebuilding image: ${IMAGE_NAME}"
docker build -t "${IMAGE_NAME}" "${ROOT_DIR}"
echo "Restarting container: ${CONTAINER_NAME}"
docker rm -f "${CONTAINER_NAME}" >/dev/null 2>&1 || true
docker run -d --name "${CONTAINER_NAME}" --restart unless-stopped \
-p 13173:13173 \
-v "${ROOT_DIR}/deploy/certs:/app/certs:ro" \
-v "${ROOT_DIR}/deploy/keys:/app/keys:ro" \
-e REQUIRE_WSS=true \
-e TLS_CERT_PATH=/app/certs/server.pfx \
-e TLS_CERT_PASSWORD="${CERT_PASSWORD}" \
-e SERVER_PRIVATE_KEY_PATH=/app/keys/server_rsa_pkcs8.b64 \
"${IMAGE_NAME}"
echo "Container logs (tail 30):"
docker logs --tail 30 "${CONTAINER_NAME}"
echo
echo "Done."
echo "Use this URL in frontend: wss://${LAN_IP}:13173/"
echo "If using self-signed cert, trust deploy/certs/tls.crt on client devices."
Reference in New Issue View Git Blame Copy Permalink