Add new infra architecture 8
This commit is contained in:
Urtzi Alfaro
47
infrastructure/security/certificates/generate-mail-certificates.sh
Executable file
47
infrastructure/security/certificates/generate-mail-certificates.sh
Executable file
@@ -0,0 +1,47 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Generate TLS certificates for Mailu service
|
||||
# This script creates a self-signed certificate for mail.bakery-ia.dev
|
||||
# For production, you should use Let's Encrypt or a trusted CA
|
||||
|
||||
set -e
|
||||
|
||||
TLS_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
MAIL_DIR="$TLS_DIR/mail"
|
||||
|
||||
mkdir -p "$MAIL_DIR"
|
||||
|
||||
echo "Generating TLS certificates for Mailu service..."
|
||||
echo "Directory: $MAIL_DIR"
|
||||
echo ""
|
||||
|
||||
# Clean up old certificates
|
||||
rm -f "$MAIL_DIR/tls.key" "$MAIL_DIR/tls.crt" 2>/dev/null || true
|
||||
|
||||
# Generate private key
|
||||
openssl genrsa -out "$MAIL_DIR/tls.key" 2048
|
||||
|
||||
# Generate self-signed certificate valid for 365 days
|
||||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||||
-keyout "$MAIL_DIR/tls.key" -out "$MAIL_DIR/tls.crt" \
|
||||
-subj "/CN=mail.bakery-ia.dev/O=Bakery IA"
|
||||
|
||||
echo "✓ Mailu certificates generated"
|
||||
echo ""
|
||||
|
||||
# Verify certificate
|
||||
echo "Certificate details:"
|
||||
openssl x509 -in "$MAIL_DIR/tls.crt" -noout -subject -issuer -dates
|
||||
|
||||
echo ""
|
||||
echo "==================="
|
||||
echo "✓ Certificate generated successfully!"
|
||||
echo ""
|
||||
echo "Generated files:"
|
||||
echo " - $MAIL_DIR/tls.crt (Certificate)"
|
||||
echo " - $MAIL_DIR/tls.key (Private key)"
|
||||
echo ""
|
||||
echo "Next steps:"
|
||||
echo " 1. Create Kubernetes secret: kubectl create secret tls mailu-certificates --cert=$MAIL_DIR/tls.crt --key=$MAIL_DIR/tls.key -n bakery-ia"
|
||||
echo " 2. Update the mailu-certificates-secret.yaml with the base64 encoded values"
|
||||
echo " 3. Apply the secret to your cluster"
|
||||
20
infrastructure/security/certificates/mail/tls.crt
Normal file
20
infrastructure/security/certificates/mail/tls.crt
Normal file
@@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDQzCCAiugAwIBAgIUUh5FX9qiOD7dsafV/JziJYhuYFIwDQYJKoZIhvcNAQEL
|
||||
BQAwMTEbMBkGA1UEAwwSbWFpbC5iYWtlcnktaWEuZGV2MRIwEAYDVQQKDAlCYWtl
|
||||
cnkgSUEwHhcNMjYwMTE5MjA0NjI0WhcNMjcwMTE5MjA0NjI0WjAxMRswGQYDVQQD
|
||||
DBJtYWlsLmJha2VyeS1pYS5kZXYxEjAQBgNVBAoMCUJha2VyeSBJQTCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2ems6anCJ5y7BP6oJu46NWPIrwfX72
|
||||
wZh1dDIiYH2cljPDJWlotNSBENx1RFYHG7gEREY50zECu0H/UsF3DYOLXhnF0uTW
|
||||
CRNbEF1hb6MOijjuf9bG+7lVBy6fd1vQO2i905VKqE7DfYkib0VJq7GnUJ9Eam8X
|
||||
IlSiJacQz2muYwzB0O7xYyUwTQVL7/JtMMk9f6CcVD5qQ0bnXBM3hjqUFY9glAyt
|
||||
YdpTQHOvk5Yx+fMg/bYVPcCEadXUVHAtz1bRrlb0zyLsqWxwv9yV7JB3mtNCflWl
|
||||
DBYdHortfTNLuR4XaE3WOjgo90OYmn/ObYz2WtIu02zy2HkNpMaAoVkCAwEAAaNT
|
||||
MFEwHQYDVR0OBBYEFLKhOsnxZzWCTr0QnI7chMamkSojMB8GA1UdIwQYMBaAFLKh
|
||||
OsnxZzWCTr0QnI7chMamkSojMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
|
||||
BQADggEBAALCxFWUgcvweZhF1GvSgGtwUoVjBmpmFbqO0/wKij2XCFfz/AjjvZ8s
|
||||
8eHPG9gw+n9ihcR7MzCeyfWQwQli0WfG2K0oP1FyLhaOZ2XmuOg6xMDnDW0Uekj3
|
||||
BagGstEUzjBTuRRwY/nrNooVB9Qhbxhyofmy+W5fs8Y03Sdoii1iXmbHHZzc2/mH
|
||||
avP14gpsYCCeYzjIrZm9Ya8G8iskXzSgeM/HHiG8I9hJFBXhtXadcxi/mNa4tJqh
|
||||
3W+LB3hD84Udgs+GzBgHGvr0ulL14/iLUEqrIvZZ3vU9o6Vx2PoF47r0P5zNeuS7
|
||||
dFNqOrIOjaJnr1qUoKLygwEHjuTMmI4=
|
||||
-----END CERTIFICATE-----
|
||||
28
infrastructure/security/certificates/mail/tls.key
Normal file
28
infrastructure/security/certificates/mail/tls.key
Normal file
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9nprOmpwiecuw
|
||||
T+qCbuOjVjyK8H1+9sGYdXQyImB9nJYzwyVpaLTUgRDcdURWBxu4BERGOdMxArtB
|
||||
/1LBdw2Di14ZxdLk1gkTWxBdYW+jDoo47n/Wxvu5VQcun3db0DtovdOVSqhOw32J
|
||||
Im9FSauxp1CfRGpvFyJUoiWnEM9prmMMwdDu8WMlME0FS+/ybTDJPX+gnFQ+akNG
|
||||
51wTN4Y6lBWPYJQMrWHaU0Bzr5OWMfnzIP22FT3AhGnV1FRwLc9W0a5W9M8i7Kls
|
||||
cL/cleyQd5rTQn5VpQwWHR6K7X0zS7keF2hN1jo4KPdDmJp/zm2M9lrSLtNs8th5
|
||||
DaTGgKFZAgMBAAECggEAInuLT3MSXbqkbgW6ccnUn8l47RNa3xHkluMVJGDYBz/I
|
||||
mNUuIoMmD1cBR/YTXUmhos8z00mEvG7wusnBtOj/jiJ0FF/DQFYkBF8VFMY5VP+5
|
||||
5yyIFvjMoiFyUuow/INbqmqK5aVUAi7Oz3dxoLoK/R2eLbh1WopsddOe4UjPTzpU
|
||||
u5MYx5yLVuYsP7SOSHtkwe/03yDRKrIvWy5BPmc2QTHTpBOUBG4/CpRVGZ3f8KkD
|
||||
7d+6Ve77uMeuxDO8mGgZZ54iwCn1+XGcEqQUGVuZx+qZhuXSfK4j4wyemnweEABv
|
||||
mNSYIt68ouI+4pArWVN4AcixVELHWWz04XNnzXU24QKBgQD0esBYzudG2ZSkyIbQ
|
||||
u8IxpOdsF4gSYizCd13KBKFnohm1kW9XzdfKvNnrqpTOFrHbDWQ7iiHJ3cjV9AU5
|
||||
NQ01U3Yv4K8dukgoc/EAant/F8o0njsJIgfvY1nPsOTUEpkQBMPHjkhjr3qA6Hxv
|
||||
xoB68GUuMNTtdB+AWF4utuObhQKBgQDGjg6bgljWETxNxAjT1smkxJsClflQmytf
|
||||
cbh5VzjstcZwiKJ8uoLcOGxoNGX2HhbQANpEhTGqn0FHllEsPXmphyBUcMIPVSXI
|
||||
EIKyOd/vLb8cXort6Lh3MKAhjEKlLD5VNp8WmYP3wBTMbkpk3CCulCHBKpBWWf66
|
||||
PXZtEFJkxQKBgB3RLs5mBa0NcmSalF6215toalUzlYPwd1cMaeLup6TVD1+mqjbC
|
||||
QzRVzhpBBr8P44c83eGpGi/dndYCWfS9NKwxTrPOKm1sv8o3Qch0NDWu+BlsxvR5
|
||||
MxCORHDhOTdoQUTD4ADhqJCH4WABetPDGP5lfWGh0QZY6FKl9G6sHZxlAoGAZyK/
|
||||
H7PzZS6KvnJHi5IUJ8wgIJW6bU5Ml0VA53aRERPSwf2XOWbANpfwZ6hgFhnHC8CF
|
||||
n/X3uIMEq6S/AVXlblPMTVBM3R4DhApfeShq05hVnuzVCYNK3k6ZvxNWQunabvTy
|
||||
ahDP5c8WfqIDbqSRLV2wst/jHZedoyvt6fUCd2kCgYEAlo4YzTZl//k+4XiixuLA
|
||||
ggfby0hKs5AiKpV4CzUeQ5cKYOi9IzoC2LrLSX+UrH/wL70gBG6gyCRgWKimQnaV
|
||||
tYO/13SrPUgnnuGj6CB5aEkyv2LaOVevXFEriEmd5qbJIrX0CfgQnFr6vnQd4pPS
|
||||
8dU2Gah4b5WMJ5Iw80SpcGI=
|
||||
-----END PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user