SSL pour le home lab

by

https://myhomelab.gr/linux/2019/12/13/local-ca-setup.html

Mon domain : daisy-street.fr

Pihole

configuration du dns pihole 192.168.1.50

Renvoyer les serveurs sur le dns/dhcp pihole

nano /etc/netplan/00-installer-config.yaml
nano /etc/resolv.conf
nano /etc/hostname

Installer traefik

docker-compose.yml

Generer password traefik

sudo apt install apache2-utils
echo $(htpasswd -nb <USER> <PASSWORD>) | sed -e s/\\$/\\$\\$/g

    volumes:
      - /SystemSvg/VM_109/traefik/data/traefik.yml:/traefik.yml:ro
      - /SystemSvg/VM_109/traefik/data/acme.json:/acme.json
      - /SystemSvg/VM_109/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.daisy-street.fr`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.daisy-street.fr`)"

Configurer SSL

openssl genrsa -des3 -out root.key 2048
david@legion2:/SystemSvg/clersa$ openssl req -x509 -new -nodes -key root.key -sha256 -days 7200 -out root.pem
Enter pass phrase for root.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Hauts-de-Seine
Locality Name (eg, city) []:Antony
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Homelab
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:DaisyStreet HomeLab Authority
Email Address []:
david@legion2:/SystemSvg/clersa$

openssl genrsa -out wildcard.homelab.home.key 2048
nano opensslsan.cnf

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = FR
ST = Hauts-de-Seine
L = Antony
O = Wildcard Homelab Inc
OU = IT
CN = *.homelab.home
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.homelab.home

openssl req -new -out wildcard.homelab.home.csr \
-key wildcard.homelab.home.key \
-config opensslsan.cnf
openssl x509 -req -in wildcard.homelab.home.csr \
-CA root.pem \
-CAkey root.key \
-CAcreateserial \
-out wildcard.homelab.home.crt \
-days 7200 \
-sha256 \
-extensions v3_req \
-extfile opensslsan.cnf

Leave a Comment