#!/bin/bash

CERT_DIR="/etc/nginx/ssl"
KEY_FILE="$CERT_DIR/key.pem"
CERT_FILE="$CERT_DIR/cert.pem"
DH_FILE="/etc/nginx/dhparam.pem"
DHSTRENGTH=2048

DAYS=365

if [ ! -f "$CERT_FILE" ]; then
    echo "No certs, generating new one."
    mkdir -p "$CERT_DIR"

    openssl genrsa -out "$KEY_FILE" 2048
    openssl req -new -x509 -key "$KEY_FILE" -out "$CERT_FILE" -days $DAYS \
        -subj "/C=RU/ST=Moscow/L=Moscow/O=Polymatica Platform/CN=*"

    echo "Generated sefsigned certs."
else
    echo "Got certs, skipping."
fi

time openssl dhparam -dsaparam -out $DH_FILE $DHSTRENGTH

echo "Proceed"