This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| docker-command [2026/04/08 16:46] – admin | docker-command [2026/04/08 22:10] (current) – admin | ||
|---|---|---|---|
| Line 14: | Line 14: | ||
| docker image save fueltracker_app > | docker image save fueltracker_app > | ||
| </ | </ | ||
| - | |||
| - | ====== SSL/TLS connection ====== | ||
| - | |||
| - | 1. Create a working directory | ||
| - | |||
| - | mkdir -p ~/ | ||
| - | |||
| - | 2. Generate the CA private key | ||
| - | |||
| - | openssl genrsa -aes256 -out ca-key.pem 4096 | ||
| - | |||
| - | 3. Generate the CA certificate | ||
| - | |||
| - | openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem | ||
| - | |||
| - | You'll be prompted for a passphrase and subject info (Country, CN, etc.). | ||
| - | |||
| - | 4. Generate the server private key | ||
| - | |||
| - | openssl genrsa -out server-key.pem 4096 | ||
| - | |||
| - | 5. Generate the server CSR (Certificate Signing Request) | ||
| - | |||
| - | openssl req -subj "/ | ||
| - | |||
| - | Replace < | ||
| - | |||
| - | 6. Create a SANs (Subject Alternative Names) extension file | ||
| - | |||
| - | echo subjectAltName = DNS:< | ||
| - | echo extendedKeyUsage = serverAuth >> extfile.cnf | ||
| - | |||
| - | Add all hostnames/ | ||
| - | |||
| - | 7. Sign the server certificate with the CA | ||
| - | |||
| - | openssl x509 -req -days 365 -sha256 \ | ||
| - | -in server.csr -CA ca.pem -CAkey ca-key.pem \ | ||
| - | -CAcreateserial -out server-cert.pem -extfile extfile.cnf | ||
| - | |||
| - | 8. Generate the client private key | ||
| - | |||
| - | openssl genrsa -out key.pem 4096 | ||
| - | |||
| - | 9. Generate the client CSR | ||
| - | |||
| - | openssl req -subj '/ | ||
| - | |||
| - | 10. Create a client extension file | ||
| - | |||
| - | echo extendedKeyUsage = clientAuth > extfile-client.cnf | ||
| - | |||
| - | 11. Sign the client certificate with the CA | ||
| - | |||
| - | openssl x509 -req -days 365 -sha256 \ | ||
| - | -in client.csr -CA ca.pem -CAkey ca-key.pem \ | ||
| - | -CAcreateserial -out cert.pem -extfile extfile-client.cnf | ||
| - | |||
| - | 12. Clean up CSRs and extension files, lock down permissions | ||
| - | |||
| - | rm -f client.csr server.csr extfile.cnf extfile-client.cnf | ||
| - | chmod 0400 ca-key.pem key.pem server-key.pem | ||
| - | chmod 0444 ca.pem server-cert.pem cert.pem | ||
| - | |||
| - | After this you'll have: | ||
| - | |||
| - | ┌──────────────────────────────────┬───────────────────────────────────────────────────┐ | ||
| - | │ | ||
| - | ├──────────────────────────────────┼───────────────────────────────────────────────────┤ | ||
| - | │ ca.pem | ||
| - | ├──────────────────────────────────┼───────────────────────────────────────────────────┤ | ||
| - | │ server-cert.pem / server-key.pem │ Server certificate and key │ | ||
| - | ├──────────────────────────────────┼───────────────────────────────────────────────────┤ | ||
| - | │ cert.pem / key.pem | ||
| - | └──────────────────────────────────┴───────────────────────────────────────────────────┘ | ||
| - | |||
| ===== References ===== | ===== References ===== | ||