docker related updates

Signed-off-by: Matthew R. Kasun <[email protected]>

certs/generate_server_certificates/generate_server_certificates.go

@@ -1,64 +0,0 @@
-package main
-
-import (
-	"crypto/ed25519"
-	"crypto/rand"
-	"fmt"
-	"log"
-	"os"
-
-	"github.com/gravitl/netmaker/tls"
-)
-
-// generate root ca/key and server certificate/key for use with mq
-func main() {
-	if len(os.Args) < 2 {
-		fmt.Printf("usage %s: server-name(fqdn) or IP address\n", os.Args[0])
-		os.Exit(1)
-	}
-	server := os.Args[1]
-
-	caName := tls.NewName("CA Root", "US", "Gravitl")
-	serverName := tls.NewCName(server)
-	_, sk, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		log.Fatal("generate server key ", err)
-	}
-	_, key, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		log.Fatal("generate root key ", err)
-	}
-	csr, err := tls.NewCSR(key, caName)
-	if err != nil {
-		log.Fatal("generate root request ", err)
-	}
-	serverCSR, err := tls.NewCSR(sk, serverName)
-	if err != nil {
-		log.Fatal("generate server request ", err)
-	}
-	rootCA, err := tls.SelfSignedCA(key, csr, 365)
-	if err != nil {
-		log.Fatal("generate root ca ", err)
-	}
-	serverCert, err := tls.NewEndEntityCert(key, serverCSR, rootCA, 365)
-	if err != nil {
-		log.Fatal("generate server certificate", err)
-	}
-	err = tls.SaveCert("./certs/", "server.pem", serverCert)
-	if err != nil {
-		log.Fatal("save server certificate", err)
-	}
-	err = tls.SaveCert("./certs/", "root.pem", rootCA)
-	if err != nil {
-		log.Fatal("save root ca ", err)
-	}
-	err = tls.SaveKey("./certs/", "root.key", sk)
-	if err != nil {
-		log.Fatal("save root key ", err)
-	}
-	err = tls.SaveKey("./certs/", "server.key", sk)
-	if err != nil {
-		log.Fatal("save server key", err)
-	}
-
-}

compose/docker-compose.contained.yml

@@ -7,6 +7,7 @@ services:
     volumes:
       - dnsconfig:/root/config/dnsconfig
       - sqldata:/root/data
+      - /root/certs/:/etc/netmaker/
     cap_add: 
       - NET_ADMIN
       - NET_RAW
@@ -78,7 +79,7 @@ services:
     container_name: mq
     restart: unless-stopped
     ports:
-      - "1883:1883"
+      - "127.0.0.1:1883:1883"
       - "8883:8883"
     volumes:
       - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf

docker/mosquitto.conf

@@ -1,13 +1,12 @@
 per_listener_settings true
 
-listener 1883 localhost
-allow_anonymous true
-
 listener 8883
 allow_anonymous false
 require_certificate true
 use_identity_as_username true
-
 cafile /mosquitto/certs/root.pem
 certfile /mosquitto/certs/server.pem
-keyfile /mosquitto/certs/server.key
+keyfile /mosquitto/certs/server.key
+
+listener 1883 
+allow_anonymous true

scripts/nm-quick.sh

@@ -138,7 +138,7 @@ echo "setting mosquitto.conf..."
 wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf
 
 echo "creating certificates for mosquitto"
-server=$( echo "broker."$NETMAKER_BASE_DOMAIN)
+server=$( echo "/CN=broker."$NETMAKER_BASE_DOMAIN)
 mkdir certs
 
 openssl genpkey -algorithm Ed25519 -out certs/root.key