Task 09 — Self-signed cert + nginx HTTPS on :8443

Submit 09.sh that generates a self-signed TLS certificate with OpenSSL and starts nginx serving HTTPS on port 8443.

Submit as

09.sh (single bash script)

Input

Your script is expected to create cert/key files and an nginx config (paths are your choice).

Output

Required content (static analysis)

The grader reads your script source (does not run nginx in the sandbox):

Example (skeleton — not a complete solution)

Outline only — you choose paths, heredoc vs file, and how you start nginx:

#!/usr/bin/env bash
set -euo pipefail

# 1) Generate self-signed cert (openssl req -x509 -nodes -newkey rsa:… or ec:…)
#    → write certificate and private key to files you choose

# 2) Write an nginx config that includes:
#      listen 8443 ssl;
#      ssl_certificate     …;
#      ssl_certificate_key …;

# 3) Start nginx pointing at that config (e.g. nginx -c /path/to/your.conf)

Local verify (on your machine, after you implement the above):

./09.sh
curl -k https://localhost:8443/    # -k skips untrusted cert warning

What the grader checks

Grep-only (no network in sandbox).

Visible (5 pts) — documented openssl/TLS surface. On failure you see which visible rule failed.

Hidden (5 pts) — extra requirements, pass/fail only.

Hints

• -nodes — private key not passphrase-protected (nginx can read it)
• -subj "/CN=localhost" — non-interactive openssl req

Points: 10 (partial grading)