final-cleanup: Produktionsfertige Konfiguration - Alle Ports auf 443 vereinheitlicht, TLS-Zertifikate vorgeneriert, Zentraler Installer erstellt

scripts/generate_certs.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Script to generate self-signed TLS certificates for MYP project
+# RSA-2048 / SHA-256 certificates with complete DN information
+
+set -e
+
+echo "=== MYP TLS Certificate Generator ==="
+
+# Create directories if they don't exist
+mkdir -p backend/app/certs
+mkdir -p frontend/certs
+
+# Backend Certificate (raspberrypi)
+echo "Generating Backend Certificate..."
+openssl req -x509 -newkey rsa:2048 -keyout backend/app/certs/backend.key -out backend/app/certs/backend.crt -days 365 -nodes -sha256 \
+  -subj "/C=DE/ST=Hamburg/L=Hamburg/O=MYP Reservation Platform/OU=Backend Services/CN=raspberrypi" \
+  -addext "subjectAltName=DNS:raspberrypi,DNS:localhost,IP:192.168.0.105,IP:127.0.0.1"
+
+# Set appropriate permissions
+chmod 600 backend/app/certs/backend.key
+chmod 644 backend/app/certs/backend.crt
+
+# Frontend Certificate (m040tbaraspi001)
+echo "Generating Frontend Certificate..."
+openssl req -x509 -newkey rsa:2048 -keyout frontend/certs/frontend.key -out frontend/certs/frontend.crt -days 365 -nodes -sha256 \
+  -subj "/C=DE/ST=Hamburg/L=Hamburg/O=MYP Reservation Platform/OU=Frontend Services/CN=m040tbaraspi001" \
+  -addext "subjectAltName=DNS:m040tbaraspi001,DNS:m040tbaraspi001.de040.corpintra.net,DNS:localhost,IP:192.168.0.109,IP:127.0.0.1"
+
+# Set appropriate permissions
+chmod 600 frontend/certs/frontend.key
+chmod 644 frontend/certs/frontend.crt
+
+echo "=== Certificate Generation Complete ==="
+echo "Backend certificates: backend/app/certs/"
+echo "Frontend certificates: frontend/certs/"
+echo ""
+echo "Certificate information:"
+echo "- Type: RSA-2048"
+echo "- Hash: SHA-256"
+echo "- Validity: 365 days"
+echo "- Backend CN: raspberrypi"
+echo "- Frontend CN: m040tbaraspi001"