azure prod gateway
This commit is contained in:
ValueOn AG
parent
8abfc88470
commit
fc3519e1e4
3 changed files with 106 additions and 2 deletions
|
|
@ -22,4 +22,4 @@ APP_JWT_SECRET_SECRET=dev_jwt_secret_token
|
|||
APP_TOKEN_EXPIRY=300
|
||||
|
||||
# CORS Configuration
|
||||
APP_ALLOWED_ORIGINS="http://localhost:8080","http://localhost:3000"
|
||||
APP_ALLOWED_ORIGINS="http://localhost:8080","https://playground.poweron-center.net"
|
||||
|
|
|
|||
|
|
@ -22,4 +22,4 @@ APP_JWT_SECRET_SECRET=dev_jwt_secret_token
|
|||
APP_TOKEN_EXPIRY=300
|
||||
|
||||
# CORS Configuration
|
||||
APP_ALLOWED_ORIGINS="http://localhost:8080","http://localhost:3000"
|
||||
APP_ALLOWED_ORIGINS="http://localhost:8080","https://playground.poweron-center.net"
|
||||
|
|
|
|||
104
notes/azuresetup.txt
Normal file
104
notes/azuresetup.txt
Normal file
|
|
@ -0,0 +1,104 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Variables
|
||||
SUBSCRIPTION_ID="213596c9-34b2-4677-a712-45ed127cdae5"
|
||||
RESOURCE_GROUP="volucy-group"
|
||||
APP_NAME="poweron-gateway"
|
||||
DOMAIN_NAME="gateway.poweron-center.net"
|
||||
CERT_PASSWORD="TheSecurePass$(date +%s)" # Unique password with timestamp
|
||||
|
||||
# Login to Azure (uncomment if not already logged in)
|
||||
# az login
|
||||
|
||||
# Set subscription
|
||||
echo "Setting subscription..."
|
||||
az account set --subscription "$SUBSCRIPTION_ID"
|
||||
|
||||
# Create directory for certificate files
|
||||
mkdir -p cert-files
|
||||
cd cert-files
|
||||
|
||||
# Create OpenSSL config file with required extensions
|
||||
cat > openssl.cnf << EOF
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = req_ext
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
localityName = Locality Name (eg, city)
|
||||
organizationName = Organization Name (eg, company)
|
||||
commonName = Common Name (e.g. server FQDN)
|
||||
[ req_ext ]
|
||||
subjectAltName = @alt_names
|
||||
extendedKeyUsage = serverAuth
|
||||
[alt_names]
|
||||
DNS.1 = ${DOMAIN_NAME}
|
||||
EOF
|
||||
|
||||
# Generate private key
|
||||
openssl genrsa -out private.key 2048
|
||||
|
||||
# Create CSR with config file
|
||||
openssl req -new -key private.key -out request.csr -config openssl.cnf -subj "/C=US/ST=State/L=City/O=Organization/CN=${DOMAIN_NAME}"
|
||||
|
||||
# Generate self-signed certificate with extensions
|
||||
openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt \
|
||||
-extfile openssl.cnf -extensions req_ext
|
||||
|
||||
# Create PFX file
|
||||
openssl pkcs12 -export -out self-signed-cert.pfx -inkey private.key -in certificate.crt -passout pass:$CERT_PASSWORD
|
||||
|
||||
cd ..
|
||||
|
||||
# Upload certificate to App Service
|
||||
echo "Uploading certificate..."
|
||||
UPLOAD_RESULT=$(az webapp config ssl upload \
|
||||
--resource-group "$RESOURCE_GROUP" \
|
||||
--name "$APP_NAME" \
|
||||
--certificate-file "cert-files/self-signed-cert.pfx" \
|
||||
--certificate-password "$CERT_PASSWORD")
|
||||
|
||||
# Extract thumbprint from upload result
|
||||
CERT_THUMBPRINT=$(echo $UPLOAD_RESULT | jq -r '.thumbprint')
|
||||
|
||||
echo "Certificate uploaded successfully with thumbprint: $CERT_THUMBPRINT"
|
||||
|
||||
# If the thumbprint is empty, try to find it another way
|
||||
if [ -z "$CERT_THUMBPRINT" ] || [ "$CERT_THUMBPRINT" == "null" ]; then
|
||||
echo "Thumbprint not found in upload result. Trying to list certificates..."
|
||||
CERT_LIST=$(az webapp config ssl list --resource-group "$RESOURCE_GROUP")
|
||||
|
||||
# Look for the most recently uploaded certificate
|
||||
CERT_THUMBPRINT=$(echo $CERT_LIST | jq -r 'sort_by(.expirationDate) | reverse | .[0].thumbprint')
|
||||
|
||||
if [ -z "$CERT_THUMBPRINT" ] || [ "$CERT_THUMBPRINT" == "null" ]; then
|
||||
echo "Error: Could not find certificate thumbprint."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Using certificate thumbprint: $CERT_THUMBPRINT"
|
||||
|
||||
# Make sure the custom domain is added
|
||||
echo "Checking if custom domain exists..."
|
||||
DOMAIN_EXISTS=$(az webapp config hostname list --resource-group "$RESOURCE_GROUP" --webapp-name "$APP_NAME" | jq -r ".[] | select(.name==\"$DOMAIN_NAME\") | .name")
|
||||
|
||||
if [ -z "$DOMAIN_EXISTS" ]; then
|
||||
echo "Adding custom domain..."
|
||||
az webapp config hostname add \
|
||||
--resource-group "$RESOURCE_GROUP" \
|
||||
--webapp-name "$APP_NAME" \
|
||||
--hostname "$DOMAIN_NAME"
|
||||
fi
|
||||
|
||||
# Add IP-based SSL binding
|
||||
echo "Creating IP-based SSL binding..."
|
||||
az webapp config ssl bind \
|
||||
--resource-group "$RESOURCE_GROUP" \
|
||||
--name "$APP_NAME" \
|
||||
--certificate-thumbprint "$CERT_THUMBPRINT" \
|
||||
--ssl-type "IP"
|
||||
|
||||
echo "SSL binding completed. Your domain should now be secured."
|
||||
Loading…
Reference in a new issue