diff --git a/create-certificate.js b/create-certificate.js new file mode 100644 index 0000000..3556241 --- /dev/null +++ b/create-certificate.js @@ -0,0 +1,44 @@ +import { program } from 'commander' +import chalk from 'chalk' + +import { command, execSync, log } from './helpers/command.js' + +/** + * create-certificate.js + * + * creating self signed certifactes for secure Connections + * + * + */ + +// getting hostname +const hostname = execSync('hostname').toString().trim() + +// getting arguments and options +program + .argument('', 'destination for certificate') + +program.parse(process.argv) + +// getting arguments +const destination = program.args[0] + +// creating +try { + log(chalk.green('Generating CA')) + command('openssl genrsa 4096 > ' + destination + '/ca-key.pem') + command('openssl req -new -x509 -nodes -days 365000 -key ' + destination + '/ca-key.pem -out ' + destination + '/ca-cert.pem -subj "/CN=' + hostname + '-database-ca"') + + log(chalk.green('Generating Server Certificate')) + command('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout ' + destination + '/server-key.pem -out ' + destination + '/server-req.pem -subj "/CN=' + hostname + '-database-server"') + command('openssl rsa -in ' + destination + '/server-key.pem -out ' + destination + '/server-key.pem') + command('openssl x509 -req -in ' + destination + '/server-req.pem -days 365000 -CA ' + destination + '/ca-cert.pem -CAkey ' + destination + '/ca-key.pem -set_serial 01 -out ' + destination + '/server-cert.pem') + + log(chalk.green('Generating Client Certificate')) + command('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout ' + destination + '/client-key.pem -out ' + destination + '/client-req.pem -subj "/CN=' + hostname + '-database-server"') + command('openssl rsa -in ' + destination + '/client-key.pem -out ' + destination + '/client-key.pem') + command('openssl x509 -req -in ' + destination + '/client-req.pem -days 365000 -CA ' + destination + '/ca-cert.pem -CAkey ' + destination + '/ca-key.pem -set_serial 01 -out ' + destination + '/client-cert.pem') + command('openssl verify -CAfile ' + destination + '/ca-cert.pem ' + destination + '/server-cert.pem ' + destination + '/client-cert.pem') +} catch(error) { + +} \ No newline at end of file diff --git a/helpers/command.js b/helpers/command.js new file mode 100644 index 0000000..58e978f --- /dev/null +++ b/helpers/command.js @@ -0,0 +1,14 @@ +import { execSync } from 'node:child_process' + +const log = console.log + +// helper for output command +const command = function(value) { + log(execSync(value).toString().trim()) +} + +export { + command, + execSync, + log +} \ No newline at end of file diff --git a/lets-encrypt.js b/lets-encrypt.js index aebdef0..bd0274b 100644 --- a/lets-encrypt.js +++ b/lets-encrypt.js @@ -1,3 +1,10 @@ -sudo apt install letsencrypt -sudo systemctl status certbot.timer -sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d domain-name.com \ No newline at end of file +import chalk from 'chalk' +import { command, execSync, log } from './helpers/command.js' + +try { + log(chalk.green('Installing letsencrypt')) + command('apt-get install -y letsencrypt') + command('systemctl status certbot.timer') +} catch(error) { + +} \ No newline at end of file diff --git a/mariadb.js b/mariadb.js index 220a958..9f25f4b 100644 --- a/mariadb.js +++ b/mariadb.js @@ -34,15 +34,17 @@ await command('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 await command('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem') await command('cat >> /etc/mysql/my.cnf << EOF' + -'[mysqld]' + -'bind-address = 0.0.0.0' + -'ssl-ca=/etc/mysql/ssl/ca-cert.pem' + -'ssl-cert=/etc/mysql/ssl/server-cert.pem' + -'ssl-key=/etc/mysql/ssl/server-key.pem' + -'[client]' + -'ssl-ca=/etc/mysql/ssl/ca-cert.pem' + -'ssl-cert=/etc/mysql/ssl/client-cert.pem' + -'ssl-key=/etc/mysql/ssl/client-key.pem') +[mysqld] +bind-address = 0.0.0.0 + +ssl-ca=/etc/mysql/ssl/ca-cert.pem +ssl-cert=/etc/mysql/ssl/server-cert.pem +ssl-key=/etc/mysql/ssl/server-key.pem + +[client] +ssl-ca=/etc/mysql/ssl/ca-cert.pem +ssl-cert=/etc/mysql/ssl/client-cert.pem +ssl-key=/etc/mysql/ssl/client-key.pem') await command('chown -R mysql:mysql /etc/mysql/ssl') await command('chmod 644 /etc/mysql/ssl/*cert*') diff --git a/package.json b/package.json index 333b86b..19220cd 100644 --- a/package.json +++ b/package.json @@ -4,8 +4,6 @@ "dependencies": { "@inquirer/prompts": "^3.2.0", "chalk": "^5.3.0", - "commander": "^11.1.0", - "generate-password": "^1.7.1", - "mysql2": "^3.6.2" + "commander": "^11.1.0" } }