openface/demos/web/create-cert.sh

12 lines
555 B
Bash
Raw Permalink Normal View History

TLS migration for demos/web (#260) What does this PR do? Minimally invasive migration to TLS for the http (8000) and websocket (9000) endpoints for the real time web demo. Where should the reviewer start? Install the demo like a normal install. During the install-deps.sh script it will prompt for questions to generate a local self-signed cert. Anything can be entered into the cert. Start the demo as normal but connect on https://domain:http_port instead of http. How should this PR be tested? The first step is the cert generation (added to install-deps.sh for convenience). The second step is ensuring the two endpoints are brought up. The next step is loading the web page and accepting the self-signed cert. Reloading the web app everything should now be secure, e.g. no errors or warnings and the video works as normal. Any background context you want to provide? I tried to be as minimal as possible so the changes tends to follow the existing structure rather than a refactor of anything major. With that said, SimpleHTTPServer doesn't work with TLS via the -m flag so that is now a short script. I updated all the html/js files to point to https/wss. I also updated the js for Firefox's change from navigator.mozGetUserMedia to navigator.mediaDevices.getUserMedia. What are the relevant issues? #75 Questions: Do the docs need to be updated? Yes. I updated the script's docs in demos/web but didn't make any changes outside of demos/web Does this PR add new (Python) dependencies? I don't think so.
2017-04-28 18:05:12 +08:00
# generate self-signed certs with no password for the web and socket servers
# this script requires that openssl is installed: e.g. sudo apt-get install openssl
TLS migration for demos/web (#260) What does this PR do? Minimally invasive migration to TLS for the http (8000) and websocket (9000) endpoints for the real time web demo. Where should the reviewer start? Install the demo like a normal install. During the install-deps.sh script it will prompt for questions to generate a local self-signed cert. Anything can be entered into the cert. Start the demo as normal but connect on https://domain:http_port instead of http. How should this PR be tested? The first step is the cert generation (added to install-deps.sh for convenience). The second step is ensuring the two endpoints are brought up. The next step is loading the web page and accepting the self-signed cert. Reloading the web app everything should now be secure, e.g. no errors or warnings and the video works as normal. Any background context you want to provide? I tried to be as minimal as possible so the changes tends to follow the existing structure rather than a refactor of anything major. With that said, SimpleHTTPServer doesn't work with TLS via the -m flag so that is now a short script. I updated all the html/js files to point to https/wss. I also updated the js for Firefox's change from navigator.mozGetUserMedia to navigator.mediaDevices.getUserMedia. What are the relevant issues? #75 Questions: Do the docs need to be updated? Yes. I updated the script's docs in demos/web but didn't make any changes outside of demos/web Does this PR add new (Python) dependencies? I don't think so.
2017-04-28 18:05:12 +08:00
mkdir tls
openssl genrsa -des3 -out tls/server.key 1024
openssl req -new -key tls/server.key -out tls/server.csr
cp tls/server.key tls/server.key.org
openssl rsa -in tls/server.key.org -out tls/server.key
openssl x509 -req -days 3650 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
TLS migration for demos/web (#260) What does this PR do? Minimally invasive migration to TLS for the http (8000) and websocket (9000) endpoints for the real time web demo. Where should the reviewer start? Install the demo like a normal install. During the install-deps.sh script it will prompt for questions to generate a local self-signed cert. Anything can be entered into the cert. Start the demo as normal but connect on https://domain:http_port instead of http. How should this PR be tested? The first step is the cert generation (added to install-deps.sh for convenience). The second step is ensuring the two endpoints are brought up. The next step is loading the web page and accepting the self-signed cert. Reloading the web app everything should now be secure, e.g. no errors or warnings and the video works as normal. Any background context you want to provide? I tried to be as minimal as possible so the changes tends to follow the existing structure rather than a refactor of anything major. With that said, SimpleHTTPServer doesn't work with TLS via the -m flag so that is now a short script. I updated all the html/js files to point to https/wss. I also updated the js for Firefox's change from navigator.mozGetUserMedia to navigator.mediaDevices.getUserMedia. What are the relevant issues? #75 Questions: Do the docs need to be updated? Yes. I updated the script's docs in demos/web but didn't make any changes outside of demos/web Does this PR add new (Python) dependencies? I don't think so.
2017-04-28 18:05:12 +08:00
echo 'converting to pem'
cat tls/server.crt tls/server.key > tls/server.pem
echo 'cert complete'