From af072b74fd579d0e18c6ba8d52043f3bb17b8045 Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Sat, 6 Sep 2025 20:15:23 +0200
Subject: [PATCH] Fix jwt-token

---
 generate-ssl-cert.sh | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/generate-ssl-cert.sh b/generate-ssl-cert.sh
index f2bd8de..d93e8da 100644
--- a/generate-ssl-cert.sh
+++ b/generate-ssl-cert.sh
@@ -13,7 +13,7 @@ BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 
 # Certificate configuration
-CERT_DIR="./docker/ssl"
+CERT_DIR="/etc/ssl/uggla"
 CERT_NAME="uggla"
 CERT_KEY="${CERT_DIR}/${CERT_NAME}.key"
 CERT_CRT="${CERT_DIR}/${CERT_NAME}.crt"
@@ -23,13 +23,22 @@ DAYS=3650  # 10 years
 
 echo -e "${BLUE}======================================${NC}"
 echo -e "${BLUE}  Uggla SSL Certificate Generator${NC}"
+echo -e "${BLUE}  For External Proxy Configuration${NC}"
 echo -e "${BLUE}======================================${NC}"
 echo
 
+# Check if running as root
+if [[ $EUID -ne 0 ]]; then
+   echo -e "${RED}This script must be run as root to create certificates in /etc/ssl/${NC}"
+   echo "Please run: sudo $0"
+   exit 1
+fi
+
 # Create SSL directory if it doesn't exist
 mkdir -p "${CERT_DIR}"
 
 echo -e "${YELLOW}This script will generate a self-signed SSL certificate valid for 10 years.${NC}"
+echo -e "${YELLOW}Certificate will be placed in /etc/ssl/uggla/ for your external proxy.${NC}"
 echo -e "${YELLOW}You'll need to provide certificate details and domain names.${NC}"
 echo
 
@@ -171,12 +180,30 @@ openssl x509 -in "${CERT_CRT}" -dates -noout
 
 echo
 echo -e "${YELLOW}Next steps:${NC}"
-echo "1. Update your nginx configuration to use these certificates"
-echo "2. In docker/nginx/default.conf, add SSL configuration:"
-echo "   ssl_certificate /etc/nginx/ssl/${CERT_NAME}.crt;"
-echo "   ssl_certificate_key /etc/nginx/ssl/${CERT_NAME}.key;"
-echo "3. Mount the SSL directory in docker-compose.yml (already configured)"
-echo "4. Restart your Docker containers"
+echo "1. Configure your external proxy (nginx/apache/traefik) to use these certificates:"
+echo "   Certificate: ${CERT_CRT}"
+echo "   Private Key: ${CERT_KEY}"
+echo ""
+echo "2. Example nginx configuration:"
+echo "   server {"
+echo "     listen 443 ssl;"
+echo "     ssl_certificate ${CERT_CRT};"
+echo "     ssl_certificate_key ${CERT_KEY};"
+echo "     location /uggla/ {"
+echo "       proxy_pass http://localhost:8080/uggla/;"
+echo "     }"
+echo "   }"
+echo ""
+echo "3. Example Apache configuration:"
+echo "   <VirtualHost *:443>"
+echo "     SSLEngine on"
+echo "     SSLCertificateFile ${CERT_CRT}"
+echo "     SSLCertificateKeyFile ${CERT_KEY}"
+echo "     ProxyPass /uggla/ http://localhost:8080/uggla/"
+echo "   </VirtualHost>"
+echo ""
+echo "4. Docker cluster should run on internal ports (8080/8443)"
+echo "5. External proxy forwards traffic to Docker cluster"
 echo
 echo -e "${RED}Warning: This is a self-signed certificate.${NC}"
 echo -e "${RED}Browsers will show security warnings. Add to trusted certificates if needed.${NC}"