learning
/
learn_mqtt_go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prepare to use TLS in local dev

Browse Source
main
Drew Bednar 4 months ago
parent 4314b5e864
commit 2a4538c8d3
6 changed files with 89 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
.gitignore vendored
Unescape Escape View File

@ -21,3 +21,7 @@
# Go workspace file
go.work
# Certs
*.crt
*.key
*.csr

3
.mosquitto/.gitignore vendored
Unescape Escape View File

@ -1 +1,4 @@
passwd
*.crt
*.key
*.csr

0
.mosquitto/certs/.gitkeep
Unescape Escape View File

12
Makefile
Unescape Escape View File

@ -1,3 +1,15 @@
check-deps:
@echo "Checking system dependencies..."
@command -v openssl > /dev/null || (echo "OpenSSL cli is not installed."; exit 1)
@echo "System dependencies met."
.PHONEY: check-deps
# https://mosquitto.org/man/mosquitto-tls-7.html
# FOR LOCAL DEV ONLY! These certs do not use encryption. Use let's encrypt or a real cert.
gen-local-tls:
./scripts/gen-local-tls-certs.sh
.PHONEY: gen-local-tls
start-dev:
docker compose up -d
.PHONEY: start-dev

2
README.md
Unescape Escape View File

@ -5,7 +5,7 @@ Learning MQTT with Golang by doing. This repo is a simple example of using a Gol
## Development
Start the local development environment with:
For local development we use [Mosquitto](https://mosquitto.org/). Start the local development environment with:
```
make start-dev

68
scripts/gen-local-tls-certs.sh
Unescape Escape View File

@ -0,0 +1,68 @@
#!/usr/bin/env bash
# https://mosquitto.org/man/mosquitto-tls-7.html
set -euo pipefail
# Set working directory to project root
cd "$(dirname "$0")/../"
CDIR=$(pwd -P)
export CDIR
MOSQUITTO_CERTS_DIR="${CDIR}/.mosquitto/certs"
TLS_CERT_DURATION="${TLS_CERT_DURATION:-365}"
CA_COMMON_NAME="${CA_COMMON_NAME:-runcible.io}"
HOSTNAME=$(hostname)
warn(){
echo -e "\nFOR LOCAL DEVELOPMENT ONLY!!! These certs do not follow best practices.\n\
Keys are not encypted! Seriously, don't use this for anything other than local development.\n"
}
generate_ca_cert(){
echo "Generating CA key in ${MOSQUITTO_CERTS_DIR}..."
openssl genpkey -algorithm RSA -out "${MOSQUITTO_CERTS_DIR}/ca.key"
echo "Generating CA cert..."
openssl req -x509 -new -nodes -key "${MOSQUITTO_CERTS_DIR}/ca.key" -sha256 -days "${TLS_CERT_DURATION}" \
-extensions v3_ca -out "${MOSQUITTO_CERTS_DIR}/ca.crt" -subj "/C=US/O=Runcible/CN=${CA_COMMON_NAME}"
echo "CA cert generation complete."
}
generate_server_cert(){
echo "Generating server key..."
openssl genrsa -out "${MOSQUITTO_CERTS_DIR}/server.key" 2048
echo "Generating cert signing request for CA..."
openssl req -out "${MOSQUITTO_CERTS_DIR}/server.csr" -key "${MOSQUITTO_CERTS_DIR}/server.key" -new \
-subj "/C=US/O=Runcible/CN=${HOSTNAME}"
echo "Sending server CSR to CA..."
openssl x509 -req -in "${MOSQUITTO_CERTS_DIR}/server.csr" -CA "${MOSQUITTO_CERTS_DIR}/ca.crt" \
-CAkey "${MOSQUITTO_CERTS_DIR}/ca.key" -CAcreateserial -out "${MOSQUITTO_CERTS_DIR}/server.crt" \
-days "${TLS_CERT_DURATION}"
echo "Server cert generation complete."
}
generate_client_cert(){
echo "Creating client cert in $CDIR"
echo "Generating client key..."
openssl genrsa -out "${CDIR}/client.key" 2048
echo "Generating client CSR for CA..."
openssl req -out "${CDIR}/client.csr" -key "${CDIR}/client.key" -new -subj "/C=US/O=Runcible/CN=localhost"
echo "Sending client CSR to CA..."
openssl x509 -req -in "${CDIR}/client.csr" -CA "${MOSQUITTO_CERTS_DIR}/ca.crt" -CAkey "${MOSQUITTO_CERTS_DIR}/ca.key" \
-CAcreateserial -out "${CDIR}/client.crt" -days "${TLS_CERT_DURATION}"
echo "Client cert generation complete."
}
warn
generate_ca_cert
generate_server_cert
generate_client_cert
warn
Write Preview
Loading…
Cancel
Save