From be0766c60986afc6862ec11c56d6c27401b473d9 Mon Sep 17 00:00:00 2001
From: guacamole <gunjanwalecha@gmail.com>
Date: Tue, 1 Mar 2022 10:05:59 +0530
Subject: [PATCH] Chore: HTTPS as default way to run OpenRegistry through Open
 SSL

this PR resolves issue #83
---
 .gitignore            | 1 +
 Makefile              | 3 +++
 main.go               | 3 ++-
 scripts/localcerts.sh | 8 ++++++++
 4 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 scripts/localcerts.sh

diff --git a/.gitignore b/.gitignore
index 5269145a..add1c83f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ OpenRegistry.yml
 config.yaml
 config.yml
 .cache_ggshield
+.certs
diff --git a/Makefile b/Makefile
index 71edf1ef..3b396cac 100644
--- a/Makefile
+++ b/Makefile
@@ -4,3 +4,6 @@ mod-fix:
 tools:
 	pip3 install ggshield pre-commit
 	pre-commit install
+
+certs:
+	bash scripts/localcerts.sh
diff --git a/main.go b/main.go
index 89ed2fed..1c0d2c92 100644
--- a/main.go
+++ b/main.go
@@ -55,5 +55,6 @@ func main() {
 	}
 
 	router.Register(cfg, e, reg, authSvc, localCache, pgStore)
-	logger.Errorf("error initialising OpenRegistry Server: %s", e.Start(cfg.Registry.Address()))
+	logger.Errorf("error initialising OpenRegistry Server: %s",
+		e.StartTLS(cfg.Registry.Address(), ".certs/openregistry.local.crt", ".certs/openregistry.local.key"))
 }
diff --git a/scripts/localcerts.sh b/scripts/localcerts.sh
new file mode 100644
index 00000000..fa1dbc45
--- /dev/null
+++ b/scripts/localcerts.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+DOMAIN="openregistry.local"
+CERTS_DIR=".certs"
+mkdir -p ${CERTS_DIR}
+openssl req -newkey rsa:2048 -nodes -keyout ${CERTS_DIR}/${DOMAIN}.key -x509 -days 365 -out ${CERTS_DIR}/${DOMAIN}.crt -subj \
+"/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=${DOMAIN}"
+