Last active
September 15, 2024 00:51
-
-
Save m-triassi/ad80a89ca1027f16991880c73f6f3495 to your computer and use it in GitHub Desktop.
Generate an SSL certificate for a KASM instance. Requires Certbot & Docker to be installed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Leverages Docker containers to create a temporary signing server | |
| # Obtain a SSL cert and then apply it to the service in question we're interested in | |
| # Usage: ./kasm_cert.sh mydomain.test | |
| mkdir -p /tmp/webroot | |
| # Start an ephemeral nginx container | |
| docker run --rm --name temp-nginx -v /tmp/webroot/:/usr/share/nginx/html -p 80:80 -d nginx | |
| # Get the certificate | |
| sudo certbot certonly --webroot -w /tmp/webroot -d $1 -n | |
| # Backup existing Certs | |
| sudo cp /opt/kasm/current/certs/kasm_nginx.crt /tmp/kasm_nginx.backup.crt | |
| sudo cp /opt/kasm/current/certs/kasm_nginx.key /tmp/kasm_nginx.backup.key | |
| # Copy the certificates | |
| sudo cp /etc/letsencrypt/live/$1/fullchain.pem /opt/kasm/current/certs/kasm_nginx.crt | |
| sudo cp /etc/letsencrypt/live/$1/privkey.pem /opt/kasm/current/certs/kasm_nginx.key | |
| # restart Kasm | |
| sudo /opt/kasm/bin/stop | |
| sudo /opt/kasm/bin/start | |
| # Clean up the container | |
| docker stop temp-nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment