init

2025-07-23 17:30:33 +08:00
commit 5e4e272b3a
875 changed files with 362355 additions and 0 deletions
--- a/ca-server/bin/ca-server.service
+++ b/ca-server/bin/ca-server.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=ca-server Application Container Engine
+Documentation=http://www.yyds8848.com
+After=network.service
+
+[Service]
+ExecStart=/opt/arrokoth/ca-mini/bin/ca-server
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+RestartSec=3s
+
+[Install]
+WantedBy=multi-user.target
--- a/ca-server/bin/initCa.sh
+++ b/ca-server/bin/initCa.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+set -x
+
+WORK_PATH="/opt/arrokoth/ca-mini"
+
+if [ ! -d "$WORK_PATH" ]; then
+    mkdir -p "$WORK_PATH"
+fi
+cd "$WORK_PATH"
+if [ ! -d "$WORK_PATH/ca" ]; then
+    mkdir -p $WORK_PATH/ca
+    cd $WORK_PATH/ca
+    # 签发根CA证书
+    openssl req -newkey rsa:2048 -nodes -keyout CaRoot.key -x509 -days 10950 -out CaRoot.crt -subj "/C=CN/ST=BeiJing/L=BeiJing/O=Arrokoth/OU=Arrokoth CA Center/CN=Arrokoth CaRoot/emailAddress=CaRoot@yyds8848.com" -extensions v3_ca
+    # 建立凭据数据库文件
+    touch certindex
+    # 建立 crlnumber 文件
+    echo 1000000000000001 > crlnumber
+    # 建立 certserial 文件
+    echo 1000000000000001 > certserial
+    # 建立 ca.conf 配置文件
+    cat > ca.conf << EOF
+[ ca ]
+default_ca = myca
+[ crl_ext ]
+# issuerAltName=issuer:copy  #this would copy the issuer name to altname
+authorityKeyIdentifier=keyid:always
+[ myca ]
+dir = /opt/arrokoth/ca-mini/ca
+new_certs_dir = \$dir
+unique_subject = no
+certificate = \$dir/CaRoot.crt
+database = \$dir/certindex
+private_key = \$dir/CaRoot.key
+serial = \$dir/certserial
+default_days = 3650
+default_md = sha256
+policy = myca_policy
+x509_extensions = myca_extensions
+crlnumber = \$dir/crlnumber
+default_crl_days = 3650
+[ myca_policy ]
+commonName = supplied
+stateOrProvinceName = supplied
+countryName = optional
+emailAddress = optional
+organizationName = supplied
+organizationalUnitName = optional
+[ myca_extensions ]
+basicConstraints = CA:false
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+keyUsage = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth
+crlDistributionPoints = URI:http://www.yyds8848.com/ca/crl/CaRoot.crl
+EOF
+    
+fi
+
+# 生成证书吊销列表目录
+if [ ! -d "$WORK_PATH/crl" ]; then
+    mkdir -p $WORK_PATH/crl
+    # 生成空的CRL（证书吊销列表）
+    openssl ca -config $WORK_PATH/ca/ca.conf -gencrl -out $WORK_PATH/crl/CaRoot.crl
+fi
+
+# 生成证书存放目录
+if [ ! -d "$WORK_PATH/cert" ]; then
+    mkdir -p $WORK_PATH/cert
+fi
+
+# 加入系统服务，启动服务，并设置开机自启
+if [ ! -f "/usr/lib/systemd/system/ca-server.service" ]; then
+    cp ca-server.service /usr/lib/systemd/system/ca-server.service
+    systemctl start ca-server
+    systemctl enable ca-server
+fi