| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- #!/bin/sh
- # entrypoint.sh/Open GoPro, Version 2.0 (C) Copyright 2021 GoPro, Inc. (http://gopro.com/OpenGoPro).
- # This copyright was auto-generated on Fri Jun 9 22:45:24 UTC 2023
- set -e
- function generate_root_cert
- {
- echo -e "$(date +"%Y-%m-%d %H:%M:%S") INFO: Generating a Self Signing Certificate Authority..."
- openssl genrsa -out /ssl/self_signed/RTMP-CA.key 2048
- openssl req -x509 -new -nodes -key /ssl/self_signed/RTMP-CA.key -sha256 -days 1825 -subj '/CN=RTMP-Server-CA' -out /ssl/self_signed/RTMP-CA.crt
- cp -fv /ssl/self_signed/RTMP-CA.crt /ssl/
- }
- function generate_cert_from_root
- {
- SUBJ="/CN=$SSL_DOMAIN"
- echo -e "$(date +"%Y-%m-%d %H:%M:%S") INFO: The generated certificate will be valid for: $SSL_DOMAIN"
- openssl genrsa -out /ssl/self_signed/rtmp.key 2048
- openssl req -new -key /ssl/self_signed/rtmp.key -subj $SUBJ -out /tmp/rtmp.csr
- openssl x509 -req -in /tmp/rtmp.csr -CA /ssl/self_signed/RTMP-CA.crt -CAkey /ssl/self_signed/RTMP-CA.key -CAcreateserial -days 365 -sha256 -out /ssl/self_signed/rtmp.crt
- }
- # This is richard's method. It does not work with Chrome. It apparently works with the camera but I haven't seen this work yet
- # function generate_standalone_cert
- # {
- # # Using IP Address, build temporary request file from template
- # cp /cert_request.ext /ssl/temp.ext
- # sed -i "s/__IP_ADDR__/$SSL_DOMAIN/g" /ssl/temp.ext
- # openssl genrsa -out /ssl/self_signed/rtmp.key 2048
- # openssl req -new -config /ssl/temp.ext -key /ssl/self_signed/rtmp.key -out /ssl/self_signed/rtmp.csr
- # openssl x509 -req -days 300 -in /ssl/self_signed/rtmp.csr -extfile /ssl/temp.ext -extensions req_ext -signkey /ssl/self_signed/rtmp.key -out /ssl/self_signed/rtmp.crt
- # rm /ssl/temp.ext
- # # Print it to the console
- # openssl x509 -in /ssl/self_signed/rtmp.crt -noout -text
- # cat /ssl/self_signed/rtmp.crt
- # }
- function generate_standalone_cert
- {
- # Using IP Address, build temporary request file from template
- cp /cert_request.ini /ssl/temp.ini
- sed -i "s/__IP_ADDR__/$SSL_DOMAIN/g" /ssl/temp.ini
- openssl req -new -nodes -x509 -days 365 -keyout /ssl/self_signed/rtmp.key -out /ssl/self_signed/rtmp.crt -config /ssl/temp.ini
- # Print it to the console
- openssl x509 -in /ssl/self_signed/rtmp.crt -noout -text
- rm /ssl/temp.ini
- }
- if [[ $SSL_DOMAIN == "" ]]; then
- echo "You need to set the SSL_DOMAIN env variable"
- exit 1
- fi
- # Create fresh ssl directory
- rm -rf /ssl/* && mkdir -p /ssl/self_signed
- # This was the original way of generating a root certificate and then generating indivudal certs from this
- # for each domain.
- # generate_root_cert
- # generate_cert_from_root
- generate_standalone_cert
- echo -e "$(date +"%Y-%m-%d %H:%M:%S") INFO: Starting Nginx!"
- exec nginx -g "daemon off;"
|
