Joey Hafner Jafner
0 Followers · 0 Following
Repositories
7
 Projects Packages Public Activity Starred Repositories
1
Jafner commented on issue Jafner/Jafner.net#4 2024-08-15 11:36:03 -07:00
Rollout switch from TLS-ALPN-01-based LE certs to DNS-01-based

Enabled debug logging, still getting:

traefik_traefik
Jafner pushed to main at Jafner/Jafner.net 2024-08-15 11:34:20 -07:00
5aabb51cb5 #4 Add debug logging
Jafner pushed to main at Jafner/Jafner.net 2024-08-15 11:25:36 -07:00
a21aedd233 #4 Enable debug logs for traefik to better diagnose issue getting certs via dnsChallenge
Jafner pushed to main at Jafner/Jafner.net 2024-08-15 11:04:05 -07:00
03878b77ef #4 Add cloudflare zone read token
Jafner commented on issue Jafner/Jafner.net#4 2024-08-15 10:26:34 -07:00
Rollout switch from TLS-ALPN-01-based LE certs to DNS-01-based

We're getting the following error when we try to get a cert via DNS challenge:

time="2024-08-15T17:25:15Z" level=error msg="Unable to obtain ACME certificate for domains \"test.nginx.jafn…
Jafner pushed to main at Jafner/Jafner.net 2024-08-15 10:24:21 -07:00
ec6f552a53 #4 Add nginx container at test.nginx.jafner.net to test DNS challenge
Jafner pushed to main at Jafner/Jafner.net 2024-08-14 14:30:13 -07:00
322a79c2f5 #2 Remove unused lines
Jafner pushed to main at Jafner/Jafner.net 2024-08-14 14:27:00 -07:00
676da8dca3 #2 Move age files to homelab/.sops/
Jafner pushed to main at Jafner/Jafner.net 2024-08-14 14:10:53 -07:00
383b8b3351 #3 Switch send to dns01 challenge certresolver
1bcc37f70d #3 Configure lets-encrypt-dns01 certresolver with its own acme.json storage
Compare 2 commits »
Jafner opened issue Jafner/Jafner.net#4 2024-08-14 13:32:01 -07:00
Rollout switch from TLS-ALPN-01-based LE certs to DNS-01-based
Jafner commented on issue Jafner/Jafner.net#3 2024-08-14 11:54:56 -07:00
Refactor Secrets Management

Workflow still under development, but I think we're getting close to a simple, secure, system.

  • We have an .age-author-pubkeys file with a comma-separated list of pubkeys by whom all
Jafner commented on issue Jafner/Jafner.net#3 2024-08-14 00:21:30 -07:00
Refactor Secrets Management

Definitely have more work to do on the workflow.

Jafner commented on issue Jafner/Jafner.net#3 2024-08-14 00:20:56 -07:00
Refactor Secrets Management

Alright, I think we can use SOPS+age to store our secrets in the codebase, and use some scripting/automation to ease the burden of the encryption step.

This little command is pretty helpful…

Jafner pushed to main at Jafner/Jafner.net 2024-08-14 00:15:45 -07:00
756225c680 #2 Switch postgress back to password from password file
Jafner pushed to main at Jafner/Jafner.net 2024-08-14 00:10:36 -07:00
228b3768cd #2 Fix typo: extra underscore
Jafner pushed to main at Jafner/Jafner.net 2024-08-14 00:06:03 -07:00
b2028a5ad0 #2 Re-encrypt keycloak secrets with fighter's pubkey added to map
Jafner pushed to main at Jafner/Jafner.net 2024-08-13 23:34:21 -07:00
9ca38bd52c #2 Replace Docker secrets with encrypted secrets.env file
Jafner pushed to main at Jafner/Jafner.net 2024-08-13 15:52:05 -07:00
8729e02a23 Switch postgres to native password file, remove entrypoint injection
Jafner pushed to main at Jafner/Jafner.net 2024-08-13 15:39:58 -07:00
c4cc18835f Resolve "/bin/sh: 1: source: not found"
Jafner pushed to main at Jafner/Jafner.net 2024-08-13 15:39:03 -07:00
8efd7c42a8 Simplify entrypoint