gfwleak/tsg-tsg-diagnose
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
c30e7e8c34bdd2c5371d6d67b0a3c06c37ed7f1c
tsg-tsg-diagnose/images_build/badssl.com/Makefile

133 lines
3.6 KiB
Makefile
Raw Blame History

################ Definitions ################
export TEST_DOMAIN = badssl.test
export TEST_DOMAIN_SELF_TEST = badssl.self-test.geedge.net
export PROD_DOMAIN = badssl.com
################ Main ################
# This should bring up a full test server in docker from a bare repo.
# Certs are generated outside the docker container, for persistence.
.PHONY: test
test: certs-test docker-build
# Convenience alias.
.PHONY: serve
serve: test
# This should properly deploy from any state of the repo.
.PHONY: deploy
deploy: certs-prod jekyll-prod upload nginx
################ Jekyll ################
.PHONY: jekyll-test
jekyll-test:
DOMAIN=${TEST_DOMAIN_SELF_TEST} jekyll build
.PHONY: jekyll-prod
jekyll-prod:
DOMAIN=${PROD_DOMAIN} jekyll build
################ Certs ################
.PHONY: certs-test
certs-test:
cd certs && make test O=sets/test D=badssl.self-test.geedge.net
cd certs/sets && rm -rf current && cp -R test current
rm -rf common/certs/*.crt
cp certs/sets/current/gen/crt/ca-root.crt common/certs
cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
cp certs/sets/current/gen/crt/client.p12 common/certs/${TEST_DOMAIN}-client.p12
cp certs/sets/current/gen/crt/client.pem common/certs/${TEST_DOMAIN}-client.pem
.PHONY: certs-prod
certs-prod:
cd certs && make prod O=sets/prod D=badssl.com
cd certs/sets && rm -rf current && cp -R prod current
rm -rf common/certs/*.crt
cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
cp certs/sets/current/gen/crt/client.p12 common/certs/${PROD_DOMAIN}-client.p12
cp certs/sets/current/gen/crt/client.pem common/certs/${PROD_DOMAIN}-client.pem
.PHONY: clean-certs
clean-certs:
rm -rf certs/sets/current
rm -rf certs/sets/*/gen
rm -rf common/certs/*.crt
################ Installation ################
.PHONY: install-keys
install-keys:
mkdir -p /etc/keys
cp ./certs/sets/current/gen/key/*.key /etc/keys
chmod 640 /etc/keys/*.key
chmod 750 /etc/keys
.PHONY: link
link:
if [ ! -d /var/www ]; then mkdir -p /var/www; fi
if [ ! -d /var/www/badssl ]; then ln -sf "`pwd`" /var/www/badssl; fi
# Add the badssl.conf include to /etc/nginx/nginx.conf only if it is not already in the config.
# If /etc/nginx/nginx.conf does not exist, instead warn the user that it must be manually added.
if [ -f /etc/nginx/nginx.conf ]; then \
if ! grep -q "include /var/www/badssl/_site/nginx.conf" /etc/nginx/nginx.conf; then \
sed -i '/# Virtual Host Configs/a\\tinclude /var/www/badssl/_site/nginx.conf;' /etc/nginx/nginx.conf; \
fi \
else \
@echo "Please add `pwd`/_site/nginx.conf to your nginx.conf configuration."; \
fi
.PHONY: install
install: install-keys link
.PHONY: clean
clean: clean-certs
rm -rf _site
rm -f /etc/keys/*.key
################ Docker ################
.PHONY: inside-docker
inside-docker: jekyll-test install
.PHONY: docker-build
docker-build:
docker build -t badssl:ssl-self-test .
.PHONY: docker-run
docker-run:
docker run -it -p 80:80 -p 443:443 -p 1000-1024:1000-1024 badssl
################ Deployment ################
.PHONY: upload
upload:
rsync -avz \
--exclude .DS_Store \
--exclude .git \
--exclude _site/domains-local-only \
--delete --delete-excluded \
./ \
badssl.com:~/badssl/
echo "\nDone deploying.\n"
.PHONY: nginx
nginx:
ssh badssl.com "sudo nginx -t ; sudo service nginx reload"
##
.PHONY: list-hosts
list-hosts:
@echo "#### start of badssl.self-test.geedge.net hosts ####"
@grep -r "server_name.*{{ site.domain }}" . \
| sed "s/.*server_name \([^\{]*\).*/127.0.0.1 \1badssl.self-test.geedge.net/g" \
| sort \
| uniq \
| grep -v "\*"
@echo "#### end of badssl.self-test.geedge.net hosts ####"
Reference in New Issue View Git Blame Copy Permalink