Tls cert bugfix (#262)
* Bugfix for systems that cannot generate openssl certs. Includes self-signed certs that expire in 10 years. Removed automatic cert generation from install-deps.sh. Updated create-cert.sh to manually generate 10year certs (or any custom duration). * Docker config changes to support web demo TLS
This commit is contained in:
parent
37ba2ac982
commit
47afcbf35a
|
@ -8,6 +8,8 @@ RUN apt-get update && apt-get install -y \
|
||||||
curl \
|
curl \
|
||||||
git \
|
git \
|
||||||
graphicsmagick \
|
graphicsmagick \
|
||||||
|
libssl-dev \
|
||||||
|
libffi-dev \
|
||||||
python-dev \
|
python-dev \
|
||||||
python-pip \
|
python-pip \
|
||||||
python-numpy \
|
python-numpy \
|
||||||
|
@ -15,6 +17,7 @@ RUN apt-get update && apt-get install -y \
|
||||||
python-scipy \
|
python-scipy \
|
||||||
python-pandas \
|
python-pandas \
|
||||||
python-protobuf \
|
python-protobuf \
|
||||||
|
python-openssl \
|
||||||
wget \
|
wget \
|
||||||
zip \
|
zip \
|
||||||
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
# generate self-signed certs with no password for the web and socket servers
|
# generate self-signed certs with no password for the web and socket servers
|
||||||
|
# this script requires that openssl is installed: e.g. sudo apt-get install openssl
|
||||||
mkdir tls
|
mkdir tls
|
||||||
openssl genrsa -des3 -out tls/server.key 1024
|
openssl genrsa -des3 -out tls/server.key 1024
|
||||||
openssl req -new -key tls/server.key -out tls/server.csr
|
openssl req -new -key tls/server.key -out tls/server.csr
|
||||||
cp tls/server.key tls/server.key.org
|
cp tls/server.key tls/server.key.org
|
||||||
openssl rsa -in tls/server.key.org -out tls/server.key
|
openssl rsa -in tls/server.key.org -out tls/server.key
|
||||||
openssl x509 -req -days 365 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
|
openssl x509 -req -days 3650 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
|
||||||
echo 'converting to pem'
|
echo 'converting to pem'
|
||||||
cat tls/server.crt tls/server.key > tls/server.pem
|
cat tls/server.crt tls/server.key > tls/server.pem
|
||||||
echo 'cert complete'
|
echo 'cert complete'
|
||||||
|
|
|
@ -7,11 +7,10 @@ sudo apt-get install -y libprotobuf-dev libleveldb-dev libsnappy-dev \
|
||||||
libopencv-dev libhdf5-serial-dev libboost-all-dev libgflags-dev \
|
libopencv-dev libhdf5-serial-dev libboost-all-dev libgflags-dev \
|
||||||
libgoogle-glog-dev liblmdb-dev protobuf-compiler libboost-all-dev \
|
libgoogle-glog-dev liblmdb-dev protobuf-compiler libboost-all-dev \
|
||||||
libatlas-dev libatlas-base-dev liblapack-dev libblas-dev \
|
libatlas-dev libatlas-base-dev liblapack-dev libblas-dev \
|
||||||
python-pip python-numpy python-imaging python-opencv \
|
libssl-dev libffi-dev python-pip python-numpy python-imaging \
|
||||||
|
python-openssl python-opencv \
|
||||||
git wget cmake gfortran
|
git wget cmake gfortran
|
||||||
|
|
||||||
source ~/openface/demos/web/create-cert.sh
|
|
||||||
|
|
||||||
mkdir -p ~/src
|
mkdir -p ~/src
|
||||||
cd ~/src
|
cd ~/src
|
||||||
git clone https://github.com/bvlc/caffe.git
|
git clone https://github.com/bvlc/caffe.git
|
||||||
|
|
|
@ -4,3 +4,7 @@ twisted == 15.2.1
|
||||||
scipy >= 0.13, < 0.17
|
scipy >= 0.13, < 0.17
|
||||||
scikit-learn >= 0.17, < 0.18
|
scikit-learn >= 0.17, < 0.18
|
||||||
protobuf >= 2.5, < 2.7
|
protobuf >= 2.5, < 2.7
|
||||||
|
appdirs >= 1.4.3
|
||||||
|
pyOpenSSL >= 17.0.0
|
||||||
|
cryptography >= 1.8.1
|
||||||
|
service-identity >= 16.0.0
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
|
||||||
|
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
|
||||||
|
cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
|
||||||
|
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
|
||||||
|
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
|
||||||
|
fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
|
||||||
|
kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
|
||||||
|
haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
|
||||||
|
AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
|
||||||
|
IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
|
||||||
|
l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
|
||||||
|
lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
|
||||||
|
eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
|
||||||
|
AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
|
||||||
|
6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
|
||||||
|
Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
|
||||||
|
7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
|
||||||
|
bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
|
||||||
|
DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
|
||||||
|
laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
|
||||||
|
VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
|
||||||
|
c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
|
||||||
|
PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICATCCAWoCCQC0Yl1TUb3gjzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
|
||||||
|
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
|
||||||
|
cyBQdHkgTHRkMB4XDTE3MDQzMDE2MDIxNFoXDTI3MDQyODE2MDIxNFowRTELMAkG
|
||||||
|
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
|
||||||
|
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnSL
|
||||||
|
fpgnKHKCNypUxedbBMik02B40zlK5jQUqAt8ityNYM4DxZV2pOwS4RLfgDrWfLKV
|
||||||
|
kOiBL+2iJmNWtc8fcU/4MnhAUCgYXvl+o3yFu8EVOLU+FXhlqJRAJOpqESMVa+II
|
||||||
|
haXDSuLLnSA0e/UrxhDmWEiTGAkteWPLyEP7G6kCAwEAATANBgkqhkiG9w0BAQsF
|
||||||
|
AAOBgQAwYgs2CrrCoknDs2p2bS/sEBc/cAWxlB3VA0yQXTAxh+6rLOYLwoF+z92w
|
||||||
|
IbUhUkZss1r0k7zZDBZ32ZEB6Hc0+q4r599UVV3gF/2Ongc6rvtzJtRAv5EZza0d
|
||||||
|
l3aaZ0aPu09XuDqv9cb/g+i/L7RgQgoEiEpK60WoTm9FeJ4Fpw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICWwIBAAKBgQCmdIt+mCcocoI3KlTF51sEyKTTYHjTOUrmNBSoC3yK3I1gzgPF
|
||||||
|
lXak7BLhEt+AOtZ8spWQ6IEv7aImY1a1zx9xT/gyeEBQKBhe+X6jfIW7wRU4tT4V
|
||||||
|
eGWolEAk6moRIxVr4giFpcNK4sudIDR79SvGEOZYSJMYCS15Y8vIQ/sbqQIDAQAB
|
||||||
|
AoGAAM7D9oNKfVnA4/+ilas/t9A5bIUlUPEQOfm6t+4GVq4nSXb2cbj98GLs3Ia4
|
||||||
|
6uheLhC3xRI7vj3K8aC9xPgSUPpvdqEfef+SlfC7/lcHdtIfz1Fm2qtGdUERw2TC
|
||||||
|
Iy1ttU58sDLK5dy1Igx9SeIPGMHCWemDw4CA0HVaplCIrPkCQQDRWl0HouUquzNd
|
||||||
|
7i6kk2uNKvj0Hdft5tGNdSk9diJU2d5kLravwXKxq9cFkoZ5g8bgxjGrdnguNO4y
|
||||||
|
bcv/fN0LAkEAy4tED+0Etg0PLIXuYpHUjy5SGYpykaNx+Rfktv2lF5Uf2aDnh6Pv
|
||||||
|
DObQEYF1NAZVcT8BsLGKta9RGFL7UJOSmwJAS3fgu2T8abgMH1tCUy+VgNEx54Zu
|
||||||
|
laM0fWLz1+UjISVc5w5z6s24k9XXcHnOojVf1x17QE03q6iHCYTNGi+f2wJAXgfk
|
||||||
|
VYclmgTGcccdraO5ErxPaUUwUF+1k2GaY38h+ZcGs79Ftr/g+5DVpoCr6HDUoBB/
|
||||||
|
c2VRs0VerWIIf9zs6QJAI0M7qCsyLw9z3wfMt8uZjGLokeSet9+LarJyRFkDVFow
|
||||||
|
PBHMPvgU1+no5L+4A61cB9azn9zkIvchI2bSG0Ubgg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in New Issue