mirror of
https://github.com/community-scripts/ProxmoxVE
synced 2026-05-03 08:00:49 +00:00
Joerg Heinemann
cf391086e5
* Patch for step-ca.sh Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli) * Refactor step-ca installation script Refactor step-ca installation script to improve configuration and template handling. - Carve out step-ca-admin.sh - Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli) - Define enhanced x509 CA and Certificate Templates - Configure CA Provisioners, DB and CRL settings - Generate Root CA Certificate and Key - Validity: 219168h (~25 Years) - maxPathLen: 1 (Root -> Intermediate -> Leaf) => Only one Intermediate CA allowed below Root CA - Active revocation on Intermediate CA and Leaf Certificates by the usage of build-in Certificate Revocation List (CRL) - Generate Intermediate CA Certificate Bundle and Key - Validity: 175368h (~20 Years) - maxPathLen: 0 (Root -> Intermediate -> Leaf) => Intermediate CA is only allowed to issue Leaf Certificates - Active revocation on Leaf Certificates by the usage of build-in Certificate Revocation List (CRL) - Bundle: Certificate Chain (including Root CA Certificate) * Update source URL in step-ca.sh script
57 lines
1.7 KiB
Bash
57 lines
1.7 KiB
Bash
#!/usr/bin/env bash
|
|
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
|
|
# Copyright (c) 2021-2026 community-scripts ORG
|
|
# Author: Joerg Heinemann (heinemannj)
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
# Source: https://github.com/smallstep/certificates
|
|
|
|
APP="step-ca"
|
|
var_tags="${var_tags:-certificate-authority;pki;acme-server}"
|
|
var_cpu="${var_cpu:-1}"
|
|
var_ram="${var_ram:-512}"
|
|
var_disk="${var_disk:-2}"
|
|
var_os="${var_os:-debian}"
|
|
var_version="${var_version:-13}"
|
|
var_unprivileged="${var_unprivileged:-1}"
|
|
|
|
header_info "$APP"
|
|
variables
|
|
color
|
|
catch_errors
|
|
|
|
function update_script() {
|
|
header_info
|
|
check_container_storage
|
|
check_container_resources
|
|
if [[ ! -f /etc/apt/sources.list.d/smallstep.sources ]]; then
|
|
msg_error "No ${APP} Installation Found!"
|
|
exit
|
|
fi
|
|
msg_info "Updating step-ca and step-cli"
|
|
$STD apt update
|
|
$STD apt upgrade -y step-ca step-cli
|
|
|
|
# Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli)
|
|
STEPBIN="$(which step)"
|
|
rm -f "$STEPBIN"
|
|
cp -f "$(which step-cli)" "$STEPBIN"
|
|
|
|
$STD systemctl restart step-ca
|
|
msg_ok "Updated step-ca and step-cli"
|
|
|
|
if check_for_gh_release "step-badger" "lukasz-lobocki/step-badger"; then
|
|
fetch_and_deploy_gh_release "step-badger" "lukasz-lobocki/step-badger" "prebuild" "latest" "/opt/step-badger" "step-badger_Linux_x86_64.tar.gz"
|
|
msg_ok "Updated step-badger"
|
|
fi
|
|
exit
|
|
}
|
|
|
|
start
|
|
build_container
|
|
description
|
|
|
|
msg_ok "Completed successfully!\n"
|
|
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
|
|
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
|
|
echo -e "${TAB}${GATEWAY}${BGN}https://${IP}/provisioners${CL}"
|