mirror of
				https://github.com/photoprism/photoprism.git
				synced 2025-10-26 10:20:32 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			65 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			65 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| 
 | |
| # Generates local HTTPS keys and certificates on Linux.
 | |
| # bash <(curl -s https://raw.githubusercontent.com/photoprism/photoprism/develop/scripts/dist/install-https.sh)
 | |
| 
 | |
| PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts:$PATH"
 | |
| 
 | |
| # Abort if not executed as root.
 | |
| if [[ $(id -u) != "0" ]]; then
 | |
|   echo "Usage: run ${0##*/} as root" 1>&2
 | |
|   exit 1
 | |
| fi
 | |
| 
 | |
| # shellcheck disable=SC2164
 | |
| CONF_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/openssl"
 | |
| CERTS_PATH="/etc/ssl/certs"
 | |
| KEY_PATH="/etc/ssl/private"
 | |
| 
 | |
| # Abort if files already exist.
 | |
| 
 | |
| if [ -f "$CERTS_PATH/photoprism.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.pfx" ]; then
 | |
|     echo "Certificate already exists in ${KEY_PATH} and ${CERTS_PATH}."
 | |
|     exit 0
 | |
| fi
 | |
| 
 | |
| echo "Creating keys and certificates in ${KEY_PATH} and ${CERTS_PATH}."
 | |
| 
 | |
| mkdir -p "${CERTS_PATH}" "${KEY_PATH}"
 | |
| groupadd -f -r -g 116 ssl-cert 1>&2
 | |
| 
 | |
| # Generate issuer (CA) certificate.
 | |
| 
 | |
| echo "Generating self-signed issuer (CA) certificate..."
 | |
| 
 | |
| openssl genrsa -out "$KEY_PATH/photoprism.issuer.key" 4096
 | |
| 
 | |
| openssl req -x509 -new -nodes -key "$KEY_PATH/photoprism.issuer.key" -sha256 -days 3650 -out "$CERTS_PATH/photoprism.issuer.pem" -passin pass: -passout pass: -config "$CONF_PATH/ca.conf"
 | |
| 
 | |
| openssl x509 -outform der -in "$CERTS_PATH/photoprism.issuer.pem" -out "$CERTS_PATH/photoprism.issuer.crt"
 | |
| 
 | |
| # Generate server certificates.
 | |
| 
 | |
| echo "Generating self-signed tls certificate..."
 | |
| 
 | |
| openssl genrsa -out "$KEY_PATH/photoprism.key" 4096
 | |
| 
 | |
| openssl req -new -config "$CONF_PATH/csr.conf" -key "$KEY_PATH/photoprism.key" -out "$CERTS_PATH/photoprism.csr"
 | |
| 
 | |
| openssl x509 -req -in "$CERTS_PATH/photoprism.csr" -CA "$CERTS_PATH/photoprism.issuer.pem" -CAkey "$KEY_PATH/photoprism.issuer.key" -CAcreateserial \
 | |
| -out "$CERTS_PATH/photoprism.crt" -days 3650 -sha256 -extfile "$CONF_PATH/ext.conf"
 | |
| 
 | |
| openssl pkcs12 -export -in "$CERTS_PATH/photoprism.crt" -inkey "$KEY_PATH/photoprism.key" -out "$KEY_PATH/photoprism.pfx" -passin pass: -passout pass:
 | |
| 
 | |
| # Change key permissions.
 | |
| 
 | |
| echo "Updating permissions of keys in '$KEY_PATH'..."
 | |
| 
 | |
| chown -R root:ssl-cert "$KEY_PATH"
 | |
| chmod -R u=rwX,g=rX,o-rwx "$KEY_PATH"
 | |
| 
 | |
| # Run "update-ca-certificates".
 | |
| 
 | |
| echo "Running 'update-ca-certificates'..."
 | |
| update-ca-certificates
 | 
