Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pkg6/ssl-certificate

Generate certificates by calling the go function, use the simplest command to generate certificates, and complete automatic deployment
https://github.com/pkg6/ssl-certificate

Last synced: 7 days ago
JSON representation

Generate certificates by calling the go function, use the simplest command to generate certificates, and complete automatic deployment

Host: GitHub
URL: https://github.com/pkg6/ssl-certificate
Owner: pkg6
License: apache-2.0
Created: 2024-10-15T03:40:16.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-10-24T10:45:58.000Z (25 days ago)
Last Synced: 2024-10-24T20:51:29.245Z (24 days ago)
Language: Go
Homepage:
Size: 39.1 KB
Stars: 1
Watchers: 0
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        ## Using the Command Line

### sh install or uninstall

~~~

curl -sSL https://raw.githubusercontent.com/izhiqiang/sh/main/install-pkg.sh | bash -s jq

// install

curl -sSL https://raw.githubusercontent.com/pkg6/ssl-certificate/main/install.sh | bash

// uinstall

curl -sSL https://raw.githubusercontent.com/pkg6/ssl-certificate/main/uninstall.sh | bash

~~~

### ssl-certificate-local

~~~

go install github.com/pkg6/ssl-certificate/cli/ssl-certificate-local@latest

ssl-certificate-local --domain=ssl.zhiqiang.wang --webroot=/data/wwwroot/ssl.zhiqiang.wang --path=/etc/nginx/ssl/ --command="servcie nginx reload"

~~~

## Nginx SSL configuration (partial)

~~~

listen 443 ssl;

ssl_certificate /etc/nginx/ssl/ssl.zhiqiang.wang.cer;

ssl_certificate_key /etc/nginx/ssl/ssl.zhiqiang.wang.key;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 10m;

~~~

## Using SSL certificate for function calls

### download

~~~

go get github.com/pkg6/ssl-certificate

~~~

### Case code

~~~

package main

import (

	"context"

	"fmt"

	certificate "github.com/pkg6/ssl-certificate"

	"github.com/pkg6/ssl-certificate/deployer"

	"github.com/pkg6/ssl-certificate/providers"

	"github.com/pkg6/ssl-certificate/registrations"

)

func main() {

	//---------------------generate start-------------------------------

	config := &certificate.Config{

		Domains: []string{"ssl.zhiqiang.wang"},

		Provider: &providers.Config{

			//Name: providers.NameALiYun,

			//Config: &providers.AliYunAccess{

			//	AccessKeyId:     "****************",

			//	AccessKeySecret: "****************",

			//},

			Name: providers.NameHTTP,

			Config: &providers.HTTPAccess{

				Path: "/data/wwwroot/ssl.zhiqiang.wang",

			},

		},

		Registration: &registrations.Config{

			Provider: registrations.LetsencryptSSL,

		},

	}

	ssl, err := certificate.SSLCertificateByConfig(config)

	if err != nil {

		panic(err)

	}

	fmt.Printf("certificate：%s\n", ssl.Certificate)

	fmt.Printf("privateKey：%s\n", ssl.PrivateKey)

	fmt.Printf("IssuerCertificate：%s\n", ssl.IssuerCertificate)

	//---------------------generate end-------------------------------

	//---------------------deployer start-------------------------------

	certificate.Deployer(context.Background(), &deployer.Config{

		//Name: deployer.Local,

		//Options: &deployer.Options{Access: deployer.LocalAccess{

		//	CertPath:     "/etc/nginx/etc/ssl.zhiqiang.wang.cer",

		//	KeyPath:      "/etc/nginx/etc/ssl.zhiqiang.wang.key",

		//	AfterCommand: "service nginx reload",

		//}},

		//

		//Name: deployer.SSH,

		//Options: &deployer.Options{Access: deployer.SSHAccess{

		//	Host:         "127.0.0.1",

		//	Username:     "ubuntu",

		//	Password:     "123456",

		//	CertPath:     "/etc/nginx/etc/ssl.zhiqiang.wang.cer",

		//	KeyPath:      "/etc/nginx/etc/ssl.zhiqiang.wang.key",

		//	AfterCommand: "service nginx reload",

		//}},

		//Name: deployer.OSS,

		//Options: &deployer.Options{Access: deployer.ALiYunOSSAccess{

		//	AccessKeyId:     "***********************",

		//	AccessKeySecret: "***********************",

		//	//https://help.aliyun.com/zh/oss/user-guide/regions-and-endpoints

		//	Endpoint: "oss-cn-hangzhou.aliyuncs.com",

		//	Bucket:   "test",

		//	Domain:   "ssl.zhiqiang.wang",

		//}},

		//Name: deployer.ALiYunCDN,

		//Options: &deployer.Options{Access: deployer.ALiYunCDNAccess{

		//	AccessKeyId:     "***********************",

		//	AccessKeySecret: "***********************",

		//	Endpoint:        "cdn.aliyuncs.com",

		//	Region:          "cn-hangzhou",

		//	Domain:          "ssl.zhiqiang.wang",

		//}},

		//Name: deployer.ALiYunDCDN,

		Options: &deployer.Options{Access: deployer.ALiYunDCDNAccess{

			AccessKeyId:     "***********************",

			AccessKeySecret: "***********************",

			Endpoint:        "dcdn.aliyuncs.com",

			Region:          "cn-hangzhou",

			Domain:          "ssl.zhiqiang.wang",

		}},

	}, ssl)

	//---------------------deployer end-------------------------------

	//---------------------Certificate Information start-------------------------------

	//Obtain certificate information through domain access

	domainCertificates, err := certificate.SSLCertificateInfoByTCP("ssl.zhiqiang.wang")

	if err != nil {

		panic(err)

	}

	domainCertificate := domainCertificates[0]

	fmt.Printf("certificate NotBefore：%s\n", domainCertificate.NotBefore)

	fmt.Printf("certificate NotAfter：%s\n", domainCertificate.NotAfter)

	//Obtain certificate information through the content of the certificate file

	domainCertificate2, err := certificate.SSLCertificateInfoByCer([]byte(ssl.Certificate))

	if err != nil {

		panic(err)

	}

	fmt.Printf("certificate NotBefore：%s\n", domainCertificate2.NotBefore)

	fmt.Printf("certificate NotAfter：%s\n", domainCertificate2.NotAfter)

	//---------------------Certificate Information start-------------------------------

}

~~~