Skip to content

Commit 0eeb2ff

Browse files
committed
Science Commit 5.
1 parent 75a3248 commit 0eeb2ff

4 files changed

Lines changed: 68 additions & 5 deletions

File tree

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,3 +78,6 @@ modules/AE6E66/configuration/dns.settings
7878

7979
### Legal Documents ###
8080
modules/black/presidential/Brarner.M.Alete/data/legal/Legal Tasking Document - US Custodial Authority Above Territory.docx
81+
82+
# TLS keystore (contains private key — never commit)
83+
psychiatry/secrets/server.p12
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
32895
1+
33495

scripts/generate-tls-keystore.sh

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
#!/bin/bash
2+
# NitroWebExpress™ — Generate TLS Keystore
3+
# Creates a self-signed PKCS12 keystore for TLS on all TCP services.
4+
# On next startup, TlsContextProvider will load this and enable TLS.
5+
#
6+
# For production, replace with a Let's Encrypt or CA-signed certificate:
7+
# openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out psychiatry/secrets/server.p12
8+
#
9+
# Usage: bash scripts/generate-tls-keystore.sh
10+
11+
set -e
12+
13+
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
14+
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
15+
KEYSTORE="$PROJECT_ROOT/psychiatry/secrets/server.p12"
16+
PASS="${NWE_KEYSTORE_PASS:-changeit}"
17+
18+
if [ -f "$KEYSTORE" ]; then
19+
echo "[*] Keystore already exists: $KEYSTORE"
20+
keytool -list -keystore "$KEYSTORE" -storepass "$PASS" -storetype PKCS12 2>/dev/null | head -7
21+
echo ""
22+
read -rp " Regenerate? (y/N): " REGEN
23+
if [ "$REGEN" != "y" ] && [ "$REGEN" != "Y" ]; then
24+
echo " Keeping existing keystore."
25+
exit 0
26+
fi
27+
fi
28+
29+
mkdir -p "$(dirname "$KEYSTORE")"
30+
31+
echo "[*] Generating TLS keystore (EC secp256r1, TLSv1.3)..."
32+
echo " Output: $KEYSTORE"
33+
echo ""
34+
35+
keytool -genkeypair \
36+
-alias nwe-server \
37+
-keyalg EC \
38+
-groupname secp256r1 \
39+
-sigalg SHA384withECDSA \
40+
-validity 365 \
41+
-storetype PKCS12 \
42+
-keystore "$KEYSTORE" \
43+
-storepass "$PASS" \
44+
-dname "CN=NitroWebExpress, OU=MEARVK LLC, O=MEARVK, L=Durham, ST=NC, C=US"
45+
46+
chmod 600 "$KEYSTORE"
47+
48+
echo ""
49+
echo "[✓] TLS keystore generated successfully"
50+
echo " Algorithm: EC secp256r1 (256-bit)"
51+
echo " Signature: SHA384withECDSA"
52+
echo " Validity: 365 days"
53+
echo " Keystore: $KEYSTORE (mode 600)"
54+
echo ""
55+
echo " TLS will activate on next backend startup."
56+
echo " To set a custom password: export NWE_KEYSTORE_PASS=yourpassword"
57+
echo ""
58+
echo " For production (Let's Encrypt / CA-signed):"
59+
echo " openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem \\"
60+
echo " -out $KEYSTORE -passout pass:\$NWE_KEYSTORE_PASS"
61+
echo ""

scripts/web/deploy-all.sh

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -50,14 +50,13 @@ for SCRIPT in $ENABLED; do
5050
echo ""
5151
echo "[*] [$CURRENT_MODULE/$TOTAL_MODULES] Deploying: $SCRIPT"
5252
set +e
53-
DEPLOY_OUT=$(timeout 120 bash "$FULL_PATH" 2>&1)
54-
EXIT_CODE=$?
53+
timeout 180 bash "$FULL_PATH" 2>&1 | tail -20
54+
EXIT_CODE=${PIPESTATUS[0]}
5555
set -e
56-
echo "$DEPLOY_OUT" | tail -3
5756
if [ $EXIT_CODE -eq 0 ]; then
5857
PASS=$((PASS + 1))
5958
elif [ $EXIT_CODE -eq 124 ]; then
60-
echo "[!] TIMEOUT (120s): $SCRIPT — skipping"
59+
echo "[!] TIMEOUT (180s): $SCRIPT — skipping"
6160
FAIL=$((FAIL + 1))
6261
else
6362
echo "[!] Failed (exit $EXIT_CODE): $SCRIPT"

0 commit comments

Comments
 (0)