From c763686374b2367b6349a71cfac686b9adc9ee60 Mon Sep 17 00:00:00 2001 From: sauravvijay Date: Sat, 18 Apr 2020 20:51:26 +0100 Subject: [PATCH] Enabled HTTPS in dev mode with self signed certificate (#514) * Enabled HTTPS in dev mode with self signed certificate * review comments * review comments * added PEM format cert for Linux/Mac * removed duplicate cert Co-authored-by: saurav vijay --- backend/src/Squidex/Program.cs | 12 ++++++ backend/src/Squidex/appsettings.json | 5 +++ frontend/package.json | 2 +- local_certs/create-cert.ps1 | 40 ++++++++++++++++++ local_certs/install-cert.ps1 | 7 ++++ local_certs/squidex-dev.cer | Bin 0 -> 786 bytes local_certs/squidex-dev.crt | 59 +++++++++++++++++++++++++++ local_certs/squidex-dev.pfx | Bin 0 -> 2726 bytes 8 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 local_certs/create-cert.ps1 create mode 100644 local_certs/install-cert.ps1 create mode 100644 local_certs/squidex-dev.cer create mode 100644 local_certs/squidex-dev.crt create mode 100644 local_certs/squidex-dev.pfx diff --git a/backend/src/Squidex/Program.cs b/backend/src/Squidex/Program.cs index 791e13cbb..d47479211 100644 --- a/backend/src/Squidex/Program.cs +++ b/backend/src/Squidex/Program.cs @@ -5,7 +5,9 @@ // All rights reserved. Licensed under the MIT license. // ========================================================================== +using System.Net; using Microsoft.AspNetCore.Hosting; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Squidex.Areas.IdentityServer.Config; @@ -61,6 +63,16 @@ namespace Squidex }) .ConfigureWebHostDefaults(builder => { + builder.ConfigureKestrel((context, serverOptions) => + { + if (context.HostingEnvironment.IsDevelopment() || context.Configuration.GetValue("devMode:enable")) + { + serverOptions.Listen( + IPAddress.Any, + context.Configuration.GetValue("devMode:port"), + listenOptions => listenOptions.UseHttps("../../../local_certs/squidex-dev.pfx", "password")); + } + }); builder.UseStartup(); }); } diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json index f74ed02af..a3ad53a46 100644 --- a/backend/src/Squidex/appsettings.json +++ b/backend/src/Squidex/appsettings.json @@ -1,4 +1,9 @@ { + "devMode": { + "enable": false, + "port": 5001 + }, + "mode": { /* * Use this flag to set Squidex to readonly, e.g. when you deploy a second instance for migration. diff --git a/frontend/package.json b/frontend/package.json index 9fee2cb4f..ff44b2eba 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -5,7 +5,7 @@ "license": "MIT", "repository": "https://github.com/SebastianStehle/Squidex", "scripts": { - "start": "webpack-dev-server --config app-config/webpack.config.js --inline --port 3000 --hot", + "start": "webpack-dev-server --config app-config/webpack.config.js --inline --port 3000 --hot --https --pfx ../local_certs/squidex-dev.pfx --pfx-passphrase password", "test": "karma start", "test:coverage": "karma start karma.coverage.conf.js", "test:clean": "rimraf _test-output", diff --git a/local_certs/create-cert.ps1 b/local_certs/create-cert.ps1 new file mode 100644 index 000000000..83ce8fb72 --- /dev/null +++ b/local_certs/create-cert.ps1 @@ -0,0 +1,40 @@ +# setup certificate properties including the commonName (DNSName) property for Chrome 58+ +$certificate = New-SelfSignedCertificate ` + -Subject localhost ` + -DnsName localhost ` + -KeyAlgorithm RSA ` + -KeyLength 2048 ` + -NotBefore (Get-Date) ` + -NotAfter (Get-Date).AddYears(10) ` + -CertStoreLocation "cert:CurrentUser\My" ` + -FriendlyName "Localhost Certificate for .NET Core" ` + -HashAlgorithm SHA256 ` + -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment ` + -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") +$certificatePath = 'Cert:\CurrentUser\My\' + ($certificate.ThumbPrint) + +# create temporary certificate path +$tmpPath = "C:\tmp" +If(!(test-path $tmpPath)) +{ +New-Item -ItemType Directory -Force -Path $tmpPath +} + +# set certificate password here +$pfxPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText +$pfxFilePath = "c:\tmp\squidex-dev.pfx" +$cerFilePath = "c:\tmp\squidex-dev.cer" + +# create pfx certificate +Export-PfxCertificate -Cert $certificatePath -FilePath $pfxFilePath -Password $pfxPassword +Export-Certificate -Cert $certificatePath -FilePath $cerFilePath + +# import the pfx certificate +Import-PfxCertificate -FilePath $pfxFilePath Cert:\LocalMachine\My -Password $pfxPassword -Exportable + +# trust the certificate by importing the pfx certificate into your trusted root +Import-Certificate -FilePath $cerFilePath -CertStoreLocation Cert:\CurrentUser\Root + +# optionally delete the physical certificates (don’t delete the pfx file as you need to copy this to your app directory) +# Remove-Item $pfxFilePath +#Remove-Item $cerFilePath \ No newline at end of file diff --git a/local_certs/install-cert.ps1 b/local_certs/install-cert.ps1 new file mode 100644 index 000000000..d89f424a7 --- /dev/null +++ b/local_certs/install-cert.ps1 @@ -0,0 +1,7 @@ +$pfxPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText + +# import the pfx certificate +Import-PfxCertificate -FilePath ./squidex-dev.pfx Cert:\LocalMachine\My -Password $pfxPassword -Exportable + +# trust the certificate by importing the pfx certificate into your trusted root +Import-Certificate -FilePath ./squidex-dev.cer -CertStoreLocation Cert:\CurrentUser\Root \ No newline at end of file diff --git a/local_certs/squidex-dev.cer b/local_certs/squidex-dev.cer new file mode 100644 index 0000000000000000000000000000000000000000..7d847a4c5614980b3759e480f43f329979110eed GIT binary patch literal 786 zcmXqLV&*ewV*Iv%nTe5!Ng(M(_PheO;O%b8td@%(9h5NOW#iOp^Jx3d%gD&h%3vU3 zC}beO#vIDR%)^=3Kd6V^Y)AGoNt55wG-67s8bj6^xx1#Gf>(Oif zx8^;nl9#T`7e2^szIm1FvF@F|tdIJqJMqtL;|>w6%4o1V`0$pvpNMa>&&(}XPJh3x zIAxP>>W)~^TLMf=bT{YUm65U&O`hJ$#LURRxH!fj%770T;I!Q zf-JlS+)YTaAPf>!W#KX4V&l+eV`ODzXJ#~z1qt%8h_Q%B&q>M(=j6N4dAK1?w!_R+ z;qrxp$l(u+USRk$GThUe647#v;U?F85smDF0cAU$8a_GenS0FSB#+NV(X|trCj>7_ zeA>S$=()&ei-%qREAQTCHx>M4{oDJVcyQxM4y8<<%;OyeyRLKJP2^kK-+X>?rl;P$ zg2LOYj*`6uM1S--TE)j8zNG*2{7%V%?Q zmG35@Lvz{xPMdtJ^rK-Lif0Z>>w3WBih(WqELG$Hm}NoCTTK?3=V#|8~Wid1D literal 0 HcmV?d00001 diff --git a/local_certs/squidex-dev.crt b/local_certs/squidex-dev.crt new file mode 100644 index 000000000..e05568a0a --- /dev/null +++ b/local_certs/squidex-dev.crt @@ -0,0 +1,59 @@ +Bag Attributes + localKeyID: 01 00 00 00 + friendlyName: te-c73b69d4-3341-4710-874d-e22bb2c15956 + Microsoft CSP Name: Microsoft Software Key Storage Provider +Key Attributes + X509v3 Key Usage: 90 +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDh/y1tm+cbvrdH +DZHh8LMgWGmuJxfgImLu0S//GLkQ4MQGjQEBkLSjoQLsjQI2B8zNzqM07DfouBmj +nO+zu0argEPSyMxcEtQxB6aDCq+gHs+mamPs1d3JfgfP3yZjK7/wHhvF4pZaYhwI +HNYwaq2BtRc1KvFnd9qjqoE1WfmucqlBGnHxHq5MW0Qyg9b1PIFRRAXB/WXPbutl +ZkSBHOxq5bKnWeGryv8VuBeFEtQwhY14iscFxdb/tW7ieh8beW8TwQs3s6pFxou5 +TQXij5dCD52GC1QVemiAPsHh2hdOFE2DTJm01Mv32yGUsk1luF0V2hACpC2zb90c +Gj4VY5eFAgMBAAECggEBAJ6Wd6V0AqBYm7ozjoxzYO+wuzAnZLy2xJ/7kWe8TJnI +cCZ8qhkUF36/jRK7/LI3lQNTHvoTTUR0dCF5DkgcggH1NyLiH235FIf3a2SHiiid +lm+cNtTKWyF63DaFzCVJXR49spWRZJq2QB99RNyi73CWyFtZ8B8AXx/8lUEAC5La +t8Ftb/M5ieKQ9dAxyGL/U9L13ZmSO+J5Lc0ez9OwFpvNBNy353HKT0FL+qFuNV0K +g+t+x0DRudlL7uxeACPdnBlaEaT3ILWqCig6IBcILgNfGofuCC/hMLMcx8JUoQcg +atxife5w5Yyrxpsls1MLJEIhC02CKGsMwxXYPxaJjH0CgYEA9Rl0ivKaQSp/g43w +Frt84za70J68ZSrAP7pLHETEpEZnUxGX6O9glS8R5nZBZZsOr+7l6GcGK0QodyBy +CIpKppGt7JXSLnvq6FQeP4p5z6DTfKinfHhUCBffoQsDumMCQxsSLUmCpSSU5uXg +Pv69i4vcRxs3EXw/78gu8jZDpEsCgYEA7Aw7UrV0IHgbfMTjPOrgrxMO02uKwya4 +2xf9a8Qst2KUVdV32LgKr3wqVhnaFWJTOoKWWnvOvzRLvkrz0UlevqwXDiNy9Lp+ +5R41KGi6QR3ehwQvizrtEkHange/mtvMh/7BwXRF2u7xnyjWavVs1iFCt/CNg3UK +rMqbcz63MW8CgYASFvfgDXnPF3jj18UBmILmLjL8ecrD2LzptzE1++lbioqzudex +bIF/YUL79HxtKF2UJJi5Z2kwJk6qRC3GbZaG5rekf4ZMwf6beSHmZK0K4v7Y84Wx +DRx+oGxz8WEsD4SqOURFLWjEEYgf5pV/cMPCmeb/JIYS902sv+SfIdwqMwKBgQDT +LJI6CVnN3oYA1ofRLPQ7zJn77P8kXdUNNWYj7kpu+cNpEuP4P5ZXroaVpuUjMmbx +NnjalF6/UkLdCGMefjxD6uNpY69pYBs8UQ0PjLnsnZNCSS1bqykCp2W08YuqOC/A +Dts6fhIsro39bOR+pfhrjTAKLSv9Sk11joEJ1jbAAwKBgQCHSGKYa4ugobYx/0Bz +LYayNm4z0zf1V4aRlJZu6GyAoeBc1EEEXavmkCEJ7MEYoUDLp6ywuDnUybHzoa6c +I0spWppC8GGGDhrxtrBS35tfENclhdxoUVorOI/yn8iJZtc1DU3vPFXNKUEYqgew +gbGUoYGragfhbOfNGwkQ7C7jpA== +-----END PRIVATE KEY----- +Bag Attributes + localKeyID: 01 00 00 00 + 1.3.6.1.4.1.311.17.3.71: 50 00 53 00 4C 00 4C 00 32 00 38 00 38 00 38 00 34 00 2E 00 62 00 32 00 62 00 2E 00 72 00 65 00 67 00 6E 00 2E 00 6E 00 65 00 74 00 00 00 + friendlyName: Localhost Certificate for .NET Core +subject=/CN=localhost +issuer=/CN=localhost +-----BEGIN CERTIFICATE----- +MIIDDjCCAfagAwIBAgIQYuhrnnBGU7dGIwU5o+LBGDANBgkqhkiG9w0BAQsFADAU +MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNDE3MDc1MTA2WhcNMzAwNDE3MDc1 +MTA2WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDh/y1tm+cbvrdHDZHh8LMgWGmuJxfgImLu0S//GLkQ4MQGjQEB +kLSjoQLsjQI2B8zNzqM07DfouBmjnO+zu0argEPSyMxcEtQxB6aDCq+gHs+mamPs +1d3JfgfP3yZjK7/wHhvF4pZaYhwIHNYwaq2BtRc1KvFnd9qjqoE1WfmucqlBGnHx +Hq5MW0Qyg9b1PIFRRAXB/WXPbutlZkSBHOxq5bKnWeGryv8VuBeFEtQwhY14iscF +xdb/tW7ieh8beW8TwQs3s6pFxou5TQXij5dCD52GC1QVemiAPsHh2hdOFE2DTJm0 +1Mv32yGUsk1luF0V2hACpC2zb90cGj4VY5eFAgMBAAGjXDBaMA4GA1UdDwEB/wQE +AwIEsDAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEw +HQYDVR0OBBYEFBucYmpXCQ7QicOAXh2INjUg09DBMA0GCSqGSIb3DQEBCwUAA4IB +AQDeKpRYhNYA2QrfFChrwVB2uOUx5M1JbcY0yQxMsRWtkIOQU6Jh5Y+yUucU8zjh +iv953d8HNRH6O/tL3hdTgckIImkMaceIcLrXC91hDq2Pg8+jaUku3qH13i4DLUm5 +Yyw/G66hTH/pCzitwdlABrDLDEiZiqM4ZKa5oyYRR0TOQA3qQ+sTJfZ7b5oxxI+c +43eF1/zN3XcHPLbJNxXzOhw/y2gSuaZWT2BuZjvpPR0swksCnhVuKkyzg3pNshLC +nQf9lpPGdfExhgRKGACbPEIhyW6uRdquYpwz6QSEp1OFiNFToRPKtCq5vO1wr8O+ +j4gj3gZ8Dhp/sbwCp+U8OLTv +-----END CERTIFICATE----- diff --git a/local_certs/squidex-dev.pfx b/local_certs/squidex-dev.pfx new file mode 100644 index 0000000000000000000000000000000000000000..c8c1ef2956a93805ee0e0ef0bc4171310c0da628 GIT binary patch literal 2726 zcmZWpc{tQv8~!n4#*8(DnaD1cW$alZvacgcj8OLM`&PCo291d95%CI@rLimfQns>u zVXUDS*|(7_eZRNs{oe2TuJ3xT=bZc8_qm^Q{<<-Eck!}P{FD4 z@knDR9;pw~+88_x_#cU88;Yk{$KYvJ!2SlK``bm2q@vEpLr*by=uZq64EY}#9L@-( zHOZr2A#2Z_rKW~|hT@^)WJ@zb)w_n|i5uEHcM?9(x7al1?0&P@8=o)4=V`FNWlX*> zP~UAL-4L+LeOHyoisk7Oizjk3*${nvs8KZPS`!hzzZCb4>7hB1H1&x!XVzqd&^h*O zwYWj2%h-K(EpW!BiMmN7KjW~GZVzrVeq%uq*1M~_>WIqD8_IHm^;TbA$f!BddPck# zP@1ud{9duoRxT@c%em_yxz2;D_+#^6!y+fDh z=&-3I2n6`VSm*6_Df4Fp@Dg?4 zz^{!*v0pW~L<`7^BTZ_X#}pqoT3gdX-xsL|EwOfi8@5?;&xk=?nZD<>*-PDuJc55+ z+!cmE69h*SU8`#BO=dOu$gUYt`?BpCO*=G3gq)27CD#78!TzJ?{ocGLiO+F)o$7uc zr7-PeZbC#{UXESwR%NLlFV6F)pac)>+92J}lzinWA2BfcUOS^|a{tRDi@5YRh%U*U7ZRCW(_J^pGJ3XQzd97B3NtdqQ4w~xs zs$}>! z<;Sa-kxz(xladHW9DecGX|?}KcHnBUI`sfbqJ4q|_(PJg2ImLK7C~aheaMSF@plO2 z4<)WUaq5R$A~bKmyiqc2sLFk*Y@jDWP%aF+=~&<{QZs&LK&LYhwLCVW-mEWxlB*Zm zc(>k^{%Ad$GlNKB9|`}Z6zP$!X!I-B8#-_3B;St7OunhSUQ53}H}~g8N49Yqf3jdL zZ?g8*7!c0yGpM#AjXz?M|L}Q>xjC92d#?7^5}n%-@~3~2DHkqe95e6Ii?z&?HrJYA!>RMtvDLVxz5g*$)NU3#PFuqC}?i5$q z6|P&^zrydnhfHA2x!iIkfg*yQW6hP`tkYz%*21J8=S8AAk_)S9Bl(1GDZ5PR!ELg( z8i&q?vQn6~7uCFf8PJKNB4Vsw!CTpfrrdhI|6wby2Mzt&@2#poI>10{D)^XOm654- ze_0dD4X+;ZlZ+n0u>KR5h_jL~D3l5S0F2FlNj6FBc_SbIa00{t2S6T>2J8VjKml+B zWI#q5EEzx&L^7Zz31C2U1w=BSE(Us}z_JHR3iL_>vY<~Eko#-=Wf&Ed3NL?#>i2j< z;4XN<5AX*3!FC3p;{{CrM!~=xP;mkoeQ*u^tptFYAIQ7>=CQw>LEsEW@azX>y6Qjw zhr_^_$AFY5H5CAELjP5${y+Hd>n(Cp`VVgY75q_n$Pbn1c&j#n!WKg7Ao)lWC;w5I z$_5#%=AVP@kvvmYN~Ip^r2C;pPlI+mf~{Z^$9?}veTaj#NRw;ihR}(d-AI1@a~82? zJzI@83+Ai3Nu<^`Wv;X(cbCUS2A2jJFP4k6d~{`|L`#b=3KQV&Yfr3hoHLfSM&<2J zE1FnjvX?PNGo>V@Yu;^>a%$7++a(=4zoMo9 z?sF>BFF!%cXH%Yq3kTdh_4u!G}w%(MTa$YD%BM&9JL~s=)*m`JhCaig_ zau_YeW~av~aue+=c@k8uLWxFHrZSgB+TW=6<&N7`c3rNa{O+|eT;|7)^ zez+0cJ?(?WH9g;D#fd_2Bz(*4DJ)NI-|3!)(Tm5ZZ*o66FG{)@&xQV6*ixwrpy?Zk zwcp!I3BdZEEIXI86k#|x$?^P3kUkCUjxFqar@5qCc+lmN9#m=dANFWh+M|JER5t7Q z@s#DjHp}Aa6}49NDvcva%S7hn=Ew#TEFw-djQ&H;-nwWPafTPccrWa^R=qhlLokPg zWpu1Dk{D~YIlapjvq143KJ&2Af`O><(UYH50lPm*KqS_^mkchoMW-UB)X9G;m?&W_ zl+y_bJXykvY>dL_gX+RHJ$LAm7QOug=m1dOcj396W{+2R+F0peT9$O&ojC46bjZzS z60!S7|7uOrz`Z@O@6ujoUL`w&5zvj-jKt$59-0Z21!3Y-%fU5W+U_^`Q9ujRp|(1# zi+{(|{)<{pKu1cDRdLK~cAWN47S@C>t0%2ELD{kmCfAAAIcIk{06Bea{L{SmN6b$o zVx>G4nVW@s-seMUhKhE2Mg$Svy0NwDe2*5dFEO9=o#$Gfl!zGHEI8_`w!r_?WKY>|;GoB}o~Q2%PeItQl^%C|tP%v`WtXoDe&KYn&gr|L{i zT6Cq4GSB=~M~o7N2Lp%ETxNt&qoHhsT*Q?R8FjUv)k)GBW=n!+Tw}taY!x1g=K|O- VBGTH-&o2?;^UiAPqW=nxe*-P%&t3ok literal 0 HcmV?d00001