MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-30 19:50:07 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

(feature): release scripts review

Browse Source
This commit is contained in:
Maksym Sadovnychyy 2025-11-16 13:22:54 +01:00
parent 4495b2209c
commit 67af5584fb
61 changed files with 2097 additions and 907 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -193,6 +193,7 @@ ClientBin/
*.pfx
*.publishsettings
node_modules/
dist/
orleans.codegen.cs
.directory
@ -262,5 +263,3 @@ __pycache__/
*.pyc
**/*docker-compose/LetsEncryptServer/acme
**/*docker-compose/LetsEncryptServer/cache

880
README.md
View File

@ -1,17 +1,212 @@
# LetsEncrypt C# Client by MaksIT
# MaksIT.CertsUI - Container-based Let's Encrypt ACME client with WebUI
Powerful client to obtain and manage Let's Encrypt HTTPS certificates.
This client currently supports the HTTP-01 challenge and is designed to follow the official [Let's Encrypt requirements and guidelines](https://letsencrypt.org/docs/), implementing the ACME protocol and adhering to recommended security and operational practices.
If you find this project useful, please consider supporting its development:
[<img src="https://cdn.buymeacoffee.com/buttons/v2/default-blue.png" alt="Buy Me A Coffee" style="height: 60px; width: 217px;">](https://www.buymeacoffee.com/maksitcom)
---
## Table of Contents
- [MaksIT.CertsUI - Container-based Let's Encrypt ACME client with WebUI](#maksitcertsui---container-based-lets-encrypt-acme-client-with-webui)
- [Table of Contents](#table-of-contents)
- [Versions History](#versions-history)
- [Architecture](#architecture)
- [Current Limitations](#current-limitations)
- [Architecture Scheme](#architecture-scheme)
- [Architecture Description](#architecture-description)
- [MaksIT.CertsUI Agent](#maksitcertsui-agent)
- [MaksIT.CertsUI WebUI](#maksitcertsui-webui)
- [MaksIT.CertsUI WebAPI](#maksitcertsui-webapi)
- [Flow Overview](#flow-overview)
- [HAProxy configuration](#haproxy-configuration)
- [Explanation](#explanation)
- [MaksIT.CertsUI Agent installation](#maksitcertsui-agent-installation)
- [MaksIT.CertsUI Server Installation on Linux with Podman Compose](#maksitcertsui-server-installation-on-linux-with-podman-compose)
- [Prerequisites](#prerequisites)
- [Running the Project with Podman Compose](#running-the-project-with-podman-compose)
- [MaksIT.CertsUI Server Installation on Windows with Docker Compose](#maksitcertsui-server-installation-on-windows-with-docker-compose)
- [Prerequisites](#prerequisites-1)
- [Secrets and Configuration](#secrets-and-configuration)
- [Running the Project with Docker Compose](#running-the-project-with-docker-compose)
- [MaksIT.CertsUI Server installation on Kubernetes](#maksitcertsui-server-installation-on-kubernetes)
- [1. Add MaksIT Helm Repository](#1-add-maksit-helm-repository)
- [2. Prepare Namespace, Secrets, and ConfigMap](#2-prepare-namespace-secrets-and-configmap)
- [3. Create a Minimal Custom Values File](#3-create-a-minimal-custom-values-file)
- [4. Install the Helm Chart](#4-install-the-helm-chart)
- [MaksIT.CertsUI Interface Overview](#maksitcertsui-interface-overview)
- [Contact](#contact)
Simple client to obtain Let's Encrypt HTTPS certificates developed with .net core and currently works only with http challenge
## Versions History
* 29 Jun, 2019 - V1.0
* 01 Nov, 2019 - V2.0 (Dependency Injection pattern implementation)
* 31 May, 2024 - V3.0 (Webapi and containerization)
* 11 Aug, 2024 - V3.1 (Release)
* 11 Sep, 2025 - V3.2 New WebUI with authentication
* 15 Nov, 2025 - V3.3 Pre release
*
## Haproxy configuration
* 29 Jun, 2019 - V1.0.0
* 01 Nov, 2019 - V2.0.0 (Dependency Injection pattern implementation)
* 31 May, 2024 - V3.0.0 (Webapi and containerization)
* 11 Aug, 2024 - V3.1.0 (Release)
* 11 Sep, 2025 - V3.2.0 New WebUI with authentication
* 15 Nov, 2025 - V3.3.0 Pre release
---
## Architecture
This solution provides automated, secure management of Let's Encrypt certificates for environments where the edge proxy is behind NAT and certificate management logic runs in a Docker/Podman compose or Kubernetes cluster.
### Current Limitations
- **Single Agent Support:**
The current implementation supports only a single MaksIT.CertsUI Agent instance. High-availability (HA) or multi-agent deployments are not supported at this time. (Multi-agent/HA support may be added in future releases.)
- **No HA Mode:**
There is no built-in high-availability mode for the WebAPI or Agent components. This is by design, as the solution targets environments where a single edge proxy and agent are sufficient, and additional complexity is unnecessary.
- **HTTP-01 Challenge Only:**
Only the HTTP-01 ACME challenge type is supported. DNS-01 and other challenge types are not implemented.
- **Single Kubernetes Replica:**
The solution is intended for use with a single Kubernetes replica for the MaksIT.CertsUI server and MaksIT.WebUI components.
These limitations are intentional to keep the architecture simple and reliable for typical edge proxy scenarios. Future releases may introduce additional features based on user demand.
### Architecture Scheme
```
Edge Proxy (NAT) Kubernetes Cluster (Internal Network)
+-----------------------+ +----------------------------------------------------+
| | HTTP | +-----------------------+ +----------------+ |
+-------------------+ | Reverse Proxy-----|--------|->| | | | |
| | ACME | (HAProxy/Nginx) | | | MaksIT.CertsUI Server |<--->| MaksIT.WebUI | |
| Let's Encrypt |<------>| | HTTP | | (ACME logic) | | (Management) | |
| (Internet) | HTTP | MaksIT.CertsUI Agent<-|--------|--| | | | |
| | | (Edge WebAPI, | | +-----------------------+ +----------------+ |
+-------------------+ | next to HAProxy) | +----------------------------------------------------+
| |
+-----------------------+
|
|
v
+-----------------------+
| |
| Application(s) |
| |
+-----------------------+
```
### Architecture Description
#### MaksIT.CertsUI Agent
The **MaksIT.CertsUI Agent** is a lightweight service responsible for **receiving cached certificates** from the **MaksIT.CertsUI** server and **deploying them to the local file system** used by your reverse proxy (e.g., **HAProxy** or **Nginx**). It also handles **proxy service reloads** to activate new certificates.
**Language Independence:**
A standard **C# WebAPI implementation** of the Agent is available in this repository for immediate use or customization. However, the Agent is fully independent from the MaksIT.CertsUI server and communicates via standard **HTTP APIs**. This means you can implement the Agent in **any programming language or framework** that supports HTTP endpoints (such as **C#**, **Go**, **Python**, **Rust**, **Node.js**, etc.). The only requirements are:
- Ability to **receive certificate files via HTTP**
- Ability to **write files** to the proxys certificate directory
- Ability to **reload or restart** the proxy process
**Security:**
Communication between the Agent and the **MaksIT.CertsUI** server is secured using a **shared API key**. This ensures that only authorized servers can deploy certificates and trigger proxy reloads, protecting your edge infrastructure from unauthorized access.
> **Warning:** Never commit secrets or API keys to version control. Always use strong, unique secrets and passwords.
This flexibility allows you to integrate the Agent into diverse environments and choose the best technology stack for your edge server.
#### MaksIT.CertsUI WebUI
The **MaksIT.CertsUI WebUI** is a user-friendly web interface designed to simplify the management of Let's Encrypt certificates within your infrastructure. With the WebUI, administrators can easily view, import, and export the certificate cache, streamlining certificate operations without the need for direct command-line interaction.
**Key Features:**
- **Certificate Management Dashboard:**
Provides a clear overview of all managed certificates, their status, and expiration dates.
- **Import/Export Certificate Cache:**
Easily back up or restore your certificate cache. This feature allows you to move certificates between environments or recover from failures without reissuing certificates from Let's Encrypt.
- **Redeploy Cached Certificates:**
Instantly redeploy existing (cached) certificates to your edge agents or proxies. This avoids unnecessary requests to Let's Encrypt, reducing rate limit concerns and ensuring rapid recovery or migration.
- **No Need for Reissuance:**
By leveraging the cache import/export and redeploy features, you can restore or migrate certificates without triggering new ACME challenges or consuming additional Let's Encrypt issuance quotas.
- **Secure Access:**
The WebUI is accessible only via username and password authentication, ensuring that only authorized users can manage certificates.
The WebUI is designed for operational efficiency and security, making certificate lifecycle management straightforward for both small and large deployments.
#### MaksIT.CertsUI WebAPI
The **MaksIT.CertsUI Webapi** is the core backend service responsible for orchestrating all certificate management operations in the MaksIT.CertsUI solution. It implements the ACME protocol to interact with Let's Encrypt, handles HTTP-01 challenges, manages the certificate cache, and coordinates certificate deployment to edge agents.
**Main Responsibilities:**
- **ACME Protocol Handling:**
Communicates with Let's Encrypt to request, renew, and revoke certificates using the official ACME protocol.
- **Challenge Management:**
Receives and responds to HTTP-01 challenge requests, enabling domain validation even when the edge proxy is behind NAT.
- **Certificate Cache Management:**
Stores issued certificates securely and provides endpoints for importing, exporting, and redeploying cached certificates.
- **Agent Coordination:**
Sends certificates to edge agents (such as the MaksIT.CertsUI Agent) and instructs them to reload or restart the proxy service to activate new certificates.
- **API Security:**
All API endpoints are protected by authentication mechanisms (such as API keys), ensuring that only authorized agents and users can perform sensitive operations.
- **Integration with WebUI:**
Serves as the backend for the MaksIT.CertsUI WebUI, enabling administrators to manage certificates through a secure and intuitive web interface.
The Webapi is designed for deployment in secure environments such as Kubernetes clusters, centralizing certificate management while keeping HTTPS termination and certificate storage at the network edge.
#### Flow Overview
1. **ACME Challenge Routing:**
- The Edge Proxy (HAProxy/Nginx), running behind NAT, listens for HTTP requests on port80.
- Requests to `/.well-known/acme-challenge/` are forwarded via HTTP to the LetsEncrypt Client running in the Kubernetes cluster.
2. **LetsEncrypt Client (Kubernetes):**
- Handles ACME challenge requests, responds to Let's Encrypt for domain validation, and manages certificate issuance.
- The Web UI provides management for certificate operations.
3. **Certificate Deployment:**
- After successful validation and certificate issuance, the LetsEncrypt Client sends the new certificates to the Agent (Edge WebAPI) running on the same machine as the Edge Proxy.
- The Agent stores the certificates in the directory used by the proxy (e.g., `/etc/haproxy/certs`).
4. **Proxy Reload:**
- The LetsEncrypt Client instructs the Agent to reload or restart the Edge Proxy, ensuring the new certificates are used for HTTPS traffic.
5. **HTTPS Serving:**
- The Edge Proxy serves HTTPS traffic to backend applications using the updated certificates.
**Key Points:**
- The Edge Proxy and Agent are deployed together on the edge server, while the LetsEncrypt Client and Web UI run in Kubernetes.
- All ACME challenge and certificate management logic is centralized in Kubernetes, while certificate storage and HTTPS termination remain at the edge.
- This architecture supports secure automation even when the edge server is not directly accessible from the public internet.
> **Note:** Currently, only HTTP-01 challenges and a single Kubernetes replica are supported by this solution.
---
## HAProxy configuration
```bash
sudo mkdir /etc/haproxy/certs
@ -21,7 +216,7 @@ sudo mkdir /etc/haproxy/certs
sudo nano /etc/haproxy/haproxy.cfg
```
```ini
```cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
@ -76,7 +271,7 @@ frontend http_frontend
# Backend to handle ACME challenge requests
#---------------------------------------------------------------------
backend acme_backend
server local_acme 127.0.0.1:8080
#server local_acme 172.16.0.5:8080
#---------------------------------------------------------------------
# Frontend for HTTPS traffic (port 443) with SNI and strict-sni
@ -87,55 +282,36 @@ frontend https_frontend
http-request capture req.hdr(host) len 64
# Define ACLs for routing based on hostname
acl host_git hdr(host) -i git.maks-it.com
acl host_cr hdr(host) -i cr.maks-it.com
acl host_homepage hdr(host) -i maks-it.com
# Use appropriate backend based on SNI hostname
use_backend git_backend if host_git
use_backend cr_backend if host_cr
use_backend homepage_backend if host_homepage
default_backend homepage_backend
#---------------------------------------------------------------------
# Backend for git.maks-it.com
# Backend for maks-it.com
#---------------------------------------------------------------------
backend git_backend
backend homepage_backend
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Host %[hdr(host)]
server git_server gitsrv0002.corp.maks-it.com:3000
#---------------------------------------------------------------------
# Backend for cr.maks-it.com
#---------------------------------------------------------------------
backend cr_backend
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Host %[hdr(host)]
server cr_server hcrsrv0001.corp.maks-it.com:80
#---------------------------------------------------------------------
# letsencrypt load balancer
#---------------------------------------------------------------------
frontend letsencrypt
bind *:8080
mode http
acl path_well_known_acme path_beg /.well-known/acme-challenge/
acl path_swagger path_beg /swagger/
acl path_api path_beg /api/
use_backend letsencrypt_server if path_well_known_acme
use_backend letsencrypt_server if path_swagger
use_backend letsencrypt_server if path_api
default_backend letsencrypt_app
backend letsencrypt_server
mode http
server server1 127.0.0.1:9000 check
backend letsencrypt_app
mode http
server app1 127.0.0.1:3000 check
server homepage_server 172.16.0.10:8080
```
## MaksIT agent installation
### Explanation
* ACME Challenge Handling:
The http_frontend listens on port 80 and checks if the request path starts with /.well-known/acme-challenge/. These requests are required by Let's Encrypt for domain validation and are forwarded to the acme_backend. All other HTTP requests are redirected to HTTPS.
* HTTPS Frontend:
The https_frontend listens on port 443, uses SNI (Server Name Indication) to serve the correct certificate, and routes requests to the appropriate backend based on the hostname.
* Backends:
* acme_backend should point to your ACME challenge responder (such as your LetsEncrypt client).
* homepage_backend is an example backend for your main site, forwarding requests to your application server.
* Certificate Storage:
Place your SSL certificates in /etc/haproxy/certs. Each certificate file should contain the full certificate chain and private key.
## MaksIT.CertsUI Agent installation
Agent should be installed on same machine with your reverse proxy.
From your home directory
@ -147,23 +323,613 @@ git clone https://github.com/MAKS-IT-COM/certs-ui.git
cd certs-ui/src/Agent
```
Edit `appsettings.json` configuration:
```json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Configuration": {
"ApiKey": "<your-agent-key>",
"CertsPath": "<your-certs-dir-path>"
}
}
```
**Note:**
Replace `<your-auth-secret>` with your shared API key and `<your-certs-dir-path>` with the path to your certificates directory (e.g., `/etc/haproxy/certs` as referenced in `haproxy.cfg`).
> **Warning:** Never commit secrets or API keys to version control. Always use strong, unique secrets and passwords.
If you are using a **RHEL-based** distribution, you can deploy the agent with:
```bash
sudo sh ./build_and_deploy.sh
```
This script will create the `maks-it-agent` service and open port `5000` for communication.
## Maks IT LetsEncrypt server installation
From your home directory
---
## MaksIT.CertsUI Server Installation on Linux with Podman Compose
Podman Compose usage to orchestrate multiple **MaksIT.CertsUI** services on Linux.
### Prerequisites
- [Podman](https://podman.io/getting-started/installation)
- Create these folders:
- `/opt/Compose/MaksIT.CertsUI/acme`
- `/opt/Compose/MaksIT.CertsUI/cache`
- `/opt/Compose/MaksIT.CertsUI/data`
- `/opt/Compose/MaksIT.CertsUI/tmp`
- `/opt/Compose/MaksIT.CertsUI/configMap`
- `/opt/Compose/MaksIT.CertsUI/secrets`
- `/opt/Compose/MaksIT.CertsUI/client`
Bash command to use:
```bash
git clone https://github.com/MAKS-IT-COM/certs-ui.git
mkdir -p /opt/Compose/MaksIT.CertsUI/acme \
/opt/Compose/MaksIT.CertsUI/cache \
/opt/Compose/MaksIT.CertsUI/data \
/opt/Compose/MaksIT.CertsUI/tmp \
/opt/Compose/MaksIT.CertsUI/configMap \
/opt/Compose/MaksIT.CertsUI/secrets \
/opt/Compose/MaksIT.CertsUI/client
```
Create the following files in the appropriate folders:
**1. Create the file `/opt/Compose/MaksIT.CertsUI/secrets/appsecrets.json` with this command:**
```bash
cat > /opt/Compose/MaksIT.CertsUI/secrets/appsecrets.json <<EOF
{
"Configuration": {
"Auth": {
"Secret": "<your-auth-secret>",
"Pepper": "<your-pepper>"
},
"Agent": {
"AgentKey": "<your-agent-key>"
}
}
}
EOF
```
**Note:**
Replace placeholder values `<your-auth-secret>`, `<your-pepper>`, `<your-agent-key>`, with secure, your environment-specific values.
Make sure `<your-agent-key>` matches the key configured in your agent deployment.
**2. Create the file `/opt/Compose/MaksIT.CertsUI/configMap/appsettings.json` with this command:**
```bash
cat > /opt/Compose/MaksIT.CertsUI/configMap/appsettings.json <<EOF
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"Configuration": {
"Auth": {
"Issuer": "<your-issuer>",
"Audience": "<your-audience>",
"Expiration": 15,
"RefreshExpiration": 180
},
"Agent": {
"AgentHostname": "http://<your-agent-hostname>",
"AgentPort": 5000,
"ServiceToReload": "haproxy"
},
"Production": "https://acme-v02.api.letsencrypt.org/directory",
"Staging": "https://acme-staging-v02.api.letsencrypt.org/directory",
"CacheFolder": "/cache",
"AcmeFolder": "/acme",
"DataFolder": "/data",
"SettingsFile": "/data/settings.json"
}
}
EOF
```
**Note:**
Replace all JWT-related placeholder values `<your-issuer>`, `<your-audience>` and `<your-agent-hostname>` with your environment-specific values.
**3. Create the file `/opt/Compose/MaksIT.CertsUI/client/config.js` with this command:**
```bash
cat > /opt/Compose/MaksIT.CertsUI/configMap/appsettings.json <<EOF
window.RUNTIME_CONFIG = {
API_URL: "http://<your-server-hostname>/api"
};
EOF
```
**Note:**
- Replace placeholder value `<your-server-hostname>` to tell the client where **MaksIT.CertsUI** server is running
### Running the Project with Podman Compose
In the project root (`/opt/Compose/MaksIT.CertsUI`), create a new file named `docker-compose.yml` with the following content:
```yaml
services:
reverse-proxy:
image: cr.maks-it.com/certs-ui/reverseproxy:latest
container_name: reverse-proxy
ports:
- "8080:8080"
depends_on:
- certs-ui-client
- certs-ui-server
networks:
- certs-ui-network
certs-ui-client:
image: cr.maks-it.com/certs-ui/client:latest
container_name: certs-ui-client
volumes:
- /opt/Compose/MaksIT.CertsUI/client/config.js:/app/dist/config.js:ro
networks:
- certs-ui-network
certs-ui-server:
image: cr.maks-it.com/certs-ui/server:latest
container_name: certs-ui-server
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTP_PORTS=5000
volumes:
- /opt/Compose/MaksIT.CertsUI/acme:/acme
- /opt/Compose/MaksIT.CertsUI/cache:/cache
- /opt/Compose/MaksIT.CertsUI/data:/data
- /opt/Compose/MaksIT.CertsUI/tmp:/tmp
- /opt/Compose/MaksIT.CertsUI/configMap/appsettings.json:/configMap/appsettings.json:ro
- /opt/Compose/MaksIT.CertsUI/secrets/appsecrets.json:/secrets/appsecrets.json:ro
networks:
- certs-ui-network
networks:
certs-ui-network:
driver: bridge
```
**Note:**
- Adjust volume paths if changed
```bash
podman compose -f docker-compose.yml up --build
```
This command builds and starts the following services:
- **reverse-proxy**: Exposes both `certs-ui-client` and `certs-ui-server` on the same hostname.
- **certs-ui-client**: The WebUI for managing certificates.
- **certs-ui-server**: The backend server handling ACME logic and certificate management.
**Stop the services:**
Press `Ctrl+C` in the terminal, then run:
```bash
podman compose -f docker-compose.yml down
```
---
## MaksIT.CertsUI Server Installation on Windows with Docker Compose
Use Docker Compose to orchestrate multiple **MaksIT.CertsUI** services on Windows.
### Prerequisites
- [Docker Desktop](https://www.docker.com/products/docker-desktop/) (includes Docker Compose)
- Create these folders:
- `C:\Compose\MaksIT.CertsUI\acme`
- `C:\Compose\MaksIT.CertsUI\cache`
- `C:\Compose\MaksIT.CertsUI\data`
- `C:\Compose\MaksIT.CertsUI\tmp`
- `C:\Compose\MaksIT.CertsUI\configMap`
- `C:\Compose\MaksIT.CertsUI\secrets`
Powershell command to use:
```powershell
New-Item -Path `
'C:\Compose\MaksIT.CertsUI\acme', `
'C:\Compose\MaksIT.CertsUI\cache', `
'C:\Compose\MaksIT.CertsUI\data', `
'C:\Compose\MaksIT.CertsUI\tmp', `
'C:\Compose\MaksIT.CertsUI\configMap', `
'C:\Compose\MaksIT.CertsUI\secrets' `
-ItemType Directory -Force
```
### Secrets and Configuration
Create the following files in the appropriate folders:
**1. Create the file `C:\Compose\MaksIT.CertsUI\secrets\appsecrets.json` with this command:**
```powershell
Set-Content -Path 'C:\Compose\MaksIT.CertsUI\secrets\appsecrets.json' -Value @'
{
"Configuration": {
"Auth": {
"Secret": "<your-auth-secret>",
"Pepper": "<your-pepper>"
},
"Agent": {
"AgentKey": "<your-agent-key>"
}
}
}
'@
```
**Note:**
Replace placeholder values `<your-auth-secret>`, `<your-pepper>`, `<your-agent-key>`, with secure, your environment-specific values.
Make sure `<your-agent-key>` matches the key configured in your agent deployment.
**2. Create the file `C:\Compose\MaksIT.CertsUI\configMap\appsettings.json` with this command:**
```powershell
Set-Content -Path 'C:\Compose\MaksIT.CertsUI\configMap\appsettings.json' -Value @'
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"Configuration": {
"Auth": {
"Issuer": "<your-issuer>",
"Audience": "<your-audience>",
"Expiration": 15,
"RefreshExpiration": 180
},
"Agent": {
"AgentHostname": "http://<your-agent-hostname>",
"AgentPort": 5000,
"ServiceToReload": "haproxy"
},
"Production": "https://acme-v02.api.letsencrypt.org/directory",
"Staging": "https://acme-staging-v02.api.letsencrypt.org/directory",
"CacheFolder": "/cache",
"AcmeFolder": "/acme",
"DataFolder": "/data",
"SettingsFile": "/data/settings.json"
}
}
'@
```
**Note:**
Replace all JWT-related placeholder values `<your-issuer>`, `<your-audience>` and `<your-agent-hostname>` with your environment-specific values.
**3. Create the file `C:\Compose\MaksIT.CertsUI\client\config.js` with this command:**
```powershell
Set-Content -Path 'C:\Compose\MaksIT.CertsUI\client\config.js' -Value @'
window.RUNTIME_CONFIG = {
API_URL: "http://<your-server-hostname>:8080/api"
};
'@
```
**Note:**
- Replace placeholder value `<your-server-hostname>` to tell the client where **MaksIT.CertsUI** server is running
### Running the Project with Docker Compose
In the project root (`C:\Compose\MaksIT.CertsUI`), create a new file named `docker-compose.yml` with the following content:
```powershell
Set-Content -Path 'C:\Compose\MaksIT.CertsUI\docker-compose.yml' -Value @'
services:
reverse-proxy:
image: cr.maks-it.com/certs-ui/reverseproxy:latest
container_name: reverse-proxy
ports:
- "8080:8080"
depends_on:
- certs-ui-client
- certs-ui-server
networks:
- certs-ui-network
certs-ui-client:
image: cr.maks-it.com/certs-ui/client:latest
container_name: certs-ui-client
volumes:
- C:\Compose\MaksIT.CertsUI\client\config.js:/app/dist/config.js:ro
networks:
- certs-ui-network
certs-ui-server:
image: cr.maks-it.com/certs-ui/server:latest
container_name: certs-ui-server
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTP_PORTS=5000
volumes:
- C:\Compose\MaksIT.CertsUI\acme:/acme
- C:\Compose\MaksIT.CertsUI\cache:/cache
- C:\Compose\MaksIT.CertsUI\data:/data
- C:\Compose\MaksIT.CertsUI\tmp:/tmp
- C:\Compose\MaksIT.CertsUI\configMap\appsettings.json:/configMap/appsettings.json:ro
- C:\Compose\MaksIT.CertsUI\secrets\appsecrets.json:/secrets/appsecrets.json:ro
networks:
- certs-ui-network
networks:
certs-ui-network:
driver: bridge
'@
```
**Note:**
- Adjust volume paths if changed
```powershell
docker compose -f docker-compose.yml up --build
```
This command builds and starts the following services:
- **reverse-proxy**: Exposes both `certs-ui-client` and `certs-ui-server` on the same hostname.
- **certs-ui-client**: The WebUI for managing certificates.
- **certs-ui-server**: The backend server handling ACME logic and certificate management.
**Stop the services:**
Press `Ctrl+C` in the terminal, then run:
```powershell
docker compose -f docker-compose.yml down
```
---
## MaksIT.CertsUI Server installation on Kubernetes
### 1. Add MaksIT Helm Repository
The MaksIT.CertsUI Helm chart is available from the MaksIT container registry. Add the MaksIT Helm repository to your Helm client:
```bash
helm repo add maksit https://cr.maks-it.com/chartrepo/charts
helm repo update
```
### 2. Prepare Namespace, Secrets, and ConfigMap
Before installing the Helm chart, create a dedicated namespace and provide the required secrets and configuration for the MaksIT.CertsUI Webapi.
**Step 1: Create Namespace**
```bash
kubectl create namespace certs-ui
```
**Step 2: Create the Secret (`appsecrets.json`)**
Replace the placeholder values with your actual secrets. This secret contains authentication and agent keys required by the Webapi.
```json
{
"Auth": {
"Secret": "<your-auth-secret>",
"Pepper": "<your-pepper>"
},
"Agent": {
"AgentKey": "<your-agent-key>"
}
}
```
```bash
cd certs-ui/src
kubectl create secret generic certs-ui-server-secrets \
--from-literal=appsecrets.json='{
"Auth": {
"Secret": "<your-auth-secret>",
"Pepper": "<your-pepper>"
},
"Agent": {
"AgentKey": "<your-agent-key>"
}
}' \
-n certs-ui
```
**Note:**
Replace placeholder values `<your-auth-secret>`, `<your-pepper>`, `<your-agent-key>`, with secure, your environment-specific values.
Make sure `<your-agent-key>` matches the key configured in your agent deployment.
**Step 3: Create the ConfigMap (`appsettings.json`)**
Edit the values as needed for your environment. This configmap contains application settings for logging, authentication, agent configuration, and ACME endpoints.
```json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"Configuration": {
"Auth": {
"Issuer": "<your-issuer>",
"Audience": "<your-audience>",
"Expiration": 15,
"RefreshExpiration": 180
},
"Agent": {
"AgentHostname": "http://<your-agent-hostname>",
"AgentPort": 5000,
"ServiceToReload": "haproxy"
},
"Production": "https://acme-v02.api.letsencrypt.org/directory",
"Staging": "https://acme-staging-v02.api.letsencrypt.org/directory",
"CacheFolder": "/cache",
"AcmeFolder": "/acme",
"DataFolder": "/data",
"SettingsFile": "/data/settings.json"
}
}
```
```bash
podman-compose -f docker-compose.final.yml up
kubectl create configmap certs-ui-server-configmap \
--from-literal=appsettings.json='{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"Configuration": {
"Auth": {
"Issuer": "<your-issuer>",
"Audience": "<your-audience>",
"Expiration": 15,
"RefreshExpiration": 180
},
"Agent": {
"AgentHostname": "http://<your-agent-hostname>",
"AgentPort": 5000,
"ServiceToReload": "haproxy"
},
"Production": "https://acme-v02.api.letsencrypt.org/directory",
"Staging": "https://acme-staging-v02.api.letsencrypt.org/directory",
"CacheFolder": "/cache",
"AcmeFolder": "/acme",
"DataFolder": "/data",
"SettingsFile": "/data/settings.json"
}
}' \
-n certs-ui
```
**Note:**
Replace all JWT-related placeholder values `<your-issuer>`, `<your-audience>` and `<your-agent-hostname>` with your environment-specific values.
### 3. Create a Minimal Custom Values File
Below is a minimal example of a `custom-values.yaml` for most users. It disables image pull secrets by default (since the chart and images are public), sets the storage class for persistent volumes, and configures the reverse proxy service. You can further customize this file as needed for your environment.
```yaml
global:
imagePullSecrets: [] # Keep empty
components:
server:
persistence:
storageClass: local-path
reverseproxy:
service:
type: LoadBalancer
port: 8080
targetPort: 8080
# Remove or comment out the next two lines to let your cloud provider assign a dynamic IP
# loadBalancerIP: "172.16.0.5"
# annotations:
# lbipam.cilium.io/ips: "172.16.0.5"
externalTrafficPolicy: Local
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
```
### 4. Install the Helm Chart
Install the MaksIT.CertsUI chart using your custom values file:
```bash
helm install certs-ui maksit/certs-ui -n certs-ui -f custom-values.yaml
```
---
## MaksIT.CertsUI Interface Overview
The **MaksIT.CertsUI** interface provides a user-friendly web dashboard for managing Let's Encrypt certificates in your environment. Below is a step-by-step guide to getting started with the WebUI:
1. **First Login:**
Open the client in your browser.
**Default credentials:**
- Username: `admin`
- Password: `password`
> **Important:** Change the default password immediately after logging in for the first time for security.
![LoginScreen](/assets/chrome_IvvCTtYcbi.png)
2. **Change the Default Password:**
Click on the **admin** username in the top right corner and select **Edit User**.
![LogoutOfcanvas](/assets/chrome_KJw6epn11q.png)
Go to **Change password**.
![ChangePassword](/assets/chrome_YYr4z77ROv.png)
Enter a strong, alphanumeric password with special characters.
![InsertNewPassword](/assets/chrome_hTAVSZW6fb.png)
3. **Verify Agent Connectivity:**
Before registering certificates, ensure the agent is properly configured and available.
Go to **Utilities** and click **Test agent**. If everything is set up correctly, a "Hello World!" toast notification will appear.
![Utilities](/assets/chrome_j5MltyeUfB.png)
4. **Register a New Account:**
Proceed to register a new account and fill in the required fields.
*Tip: Start with a few hostnames and gradually add 3 or 4 at a time.*
![Register](/assets/chrome_vPdHf2afpO.png)
5. **View and Manage Certificates:**
If registration is successful, your new account will be created and you will see a list of obtained certificates along with their expiration dates.
![Home](/assets/chrome_ydyMattQYU.png)
The WebUI streamlines certificate management, making it easy to change credentials, verify agent status, and monitor certificate lifecycles.
---
## Contact
For any inquiries or contributions, feel free to reach out:
- **Email**: maksym.sadovnychyy@gmail.com
- **Author**: Maksym Sadovnychyy (MAKS-IT)
---
> **Tip:** For the latest updates, documentation, and source code, visit the [GitHub repository](https://github.com/MAKS-IT-COM/certs-ui).

BIN
assets/chrome_IvvCTtYcbi.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
assets/chrome_KJw6epn11q.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 107 KiB

BIN
assets/chrome_RPsKiPwaDC.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

BIN
assets/chrome_YYr4z77ROv.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
assets/chrome_hTAVSZW6fb.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
assets/chrome_j5MltyeUfB.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
assets/chrome_vPdHf2afpO.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
assets/chrome_ydyMattQYU.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

2
src/Agent/Agent.csproj
View File

@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\Models\MaksIT.Models.csproj" />
<ProjectReference Include="..\MaksIT.Models\MaksIT.Models.csproj" />
</ItemGroup>
<ItemGroup>

2
src/Deploy-Helm.bat
View File

@ -5,3 +5,5 @@ cd /d %~dp0
REM Invoke the PowerShell script (Release-NuGetPackage.ps1) in the same directory
powershell -ExecutionPolicy Bypass -File "%~dp0Deploy-Helm.ps1"
pause

1
src/Deploy-Helm.ps1
View File

@ -3,7 +3,6 @@ $projectName = "certs-ui"
$namespace = "certs-ui"
$chartPath = "./helm"
$harborUrl = "cr.maks-it.com"
$loadBalancerIP = "172.16.0.5"
# Retrieve and decode username:password from environment variable (Base64)
try {

2
src/LetsEncrypt.sln
View File

@ -13,7 +13,7 @@ Project("{E53339B2-1760-4266-BCC7-CA923CBCF16C}") = "docker-compose", "docker-co
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Agent", "Agent\Agent.csproj", "{871BDED3-C6AE-437D-9B45-3AA3F184D002}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "MaksIT.Models", "Models\MaksIT.Models.csproj", "{6814169B-D4D0-40B2-9FA9-89997DD44C30}"
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "MaksIT.Models", "MaksIT.Models\MaksIT.Models.csproj", "{6814169B-D4D0-40B2-9FA9-89997DD44C30}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ReverseProxy", "ReverseProxy\ReverseProxy.csproj", "{BE051147-7AB7-4358-9C24-5CB40FAFF4FC}"
EndProject

0
src/Models/Agent/Requests/CertsUploadRequest.cs → src/MaksIT.Models/Agent/Requests/CertsUploadRequest.cs
View File

0
src/Models/Agent/Requests/ServiceReloadRequest.cs → src/MaksIT.Models/Agent/Requests/ServiceReloadRequest.cs
View File

0
src/Models/Agent/Responses/HelloWorldResponse.cs → src/MaksIT.Models/Agent/Responses/HelloWorldResponse.cs
View File

0
src/Models/LetsEncryptServer/Account/Requests/PatchAccountRequest.cs → src/MaksIT.Models/LetsEncryptServer/Account/Requests/PatchAccountRequest.cs
View File

0
src/Models/LetsEncryptServer/Account/Requests/PatchHostnameRequest.cs → src/MaksIT.Models/LetsEncryptServer/Account/Requests/PatchHostnameRequest.cs
View File

0
src/Models/LetsEncryptServer/Account/Requests/PostAccountRequest.cs → src/MaksIT.Models/LetsEncryptServer/Account/Requests/PostAccountRequest.cs
View File

0
src/Models/LetsEncryptServer/Account/Responses/GetAccountResponse.cs → src/MaksIT.Models/LetsEncryptServer/Account/Responses/GetAccountResponse.cs
View File

0
src/Models/LetsEncryptServer/Account/Responses/GetHostnameResponse.cs → src/MaksIT.Models/LetsEncryptServer/Account/Responses/GetHostnameResponse.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/ConfigureClientRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/ConfigureClientRequest.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/GetCerificatesRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/GetCerificatesRequest.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/GetOrderRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/GetOrderRequest.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/InitRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/InitRequest.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/NewOrderRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/NewOrderRequest.cs
View File

0
src/Models/LetsEncryptServer/CertsFlow/Requests/RevokeCertificatesRequest.cs → src/MaksIT.Models/LetsEncryptServer/CertsFlow/Requests/RevokeCertificatesRequest.cs
View File

0
src/Models/LetsEncryptServer/Identity/Login/LoginRequest.cs → src/MaksIT.Models/LetsEncryptServer/Identity/Login/LoginRequest.cs
View File

0
src/Models/LetsEncryptServer/Identity/Login/LoginResponse.cs → src/MaksIT.Models/LetsEncryptServer/Identity/Login/LoginResponse.cs
View File

0
src/Models/LetsEncryptServer/Identity/Login/RefreshTokenRequest.cs → src/MaksIT.Models/LetsEncryptServer/Identity/Login/RefreshTokenRequest.cs
View File

0
src/Models/LetsEncryptServer/Identity/Logout/LogoutRequest.cs → src/MaksIT.Models/LetsEncryptServer/Identity/Logout/LogoutRequest.cs
View File

0
src/Models/LetsEncryptServer/Identity/User/PatchUserRequest.cs → src/MaksIT.Models/LetsEncryptServer/Identity/User/PatchUserRequest.cs
View File

0
src/Models/LetsEncryptServer/Identity/User/UserResponse.cs → src/MaksIT.Models/LetsEncryptServer/Identity/User/UserResponse.cs
View File

0
src/Models/MaksIT.Models.csproj → src/MaksIT.Models/MaksIT.Models.csproj
View File

4
src/MaksIT.WebUI/.env.prod Normal file
View File

@ -0,0 +1,4 @@
VITE_APP_TITLE=MaksIT.CertsUI
VITE_COMPANY=MaksIT
VITE_COMPANY_URL=https://maks-it.com
VITE_API_URL=http://172.16.0.5:8080/api

16
src/MaksIT.WebUI/Dockerfile.prod
View File

@ -1 +1,15 @@
FROM node:24
FROM node:24 AS build
WORKDIR /app
COPY ["MaksIT.WebUI/package.json", "MaksIT.WebUI/package-lock.json", "./"]
COPY ["MaksIT.WebUI/.env.prod", "./.env.prod"]
RUN npm ci
COPY ["MaksIT.WebUI/", "./"]
RUN npm run build
FROM nginx:1.27-alpine AS production
WORKDIR /app
COPY --from=build /app/dist ./dist
COPY ["MaksIT.WebUI/nginx.conf", "/etc/nginx/conf.d/default.conf"]
EXPOSE 5173
CMD ["nginx", "-g", "daemon off;"]

1
src/MaksIT.WebUI/index.html
View File

@ -8,6 +8,7 @@
</head>
<body>
<div id="root"></div>
<script src="/config.js"></script>
<script type="module" src="/src/main.tsx"></script>
</body>
</html>

11
src/MaksIT.WebUI/nginx.conf Normal file
View File

@ -0,0 +1,11 @@
server {
listen 5173;
server_name _;
root /app/dist;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}

1644
src/MaksIT.WebUI/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

50
src/MaksIT.WebUI/package.json
View File

@ -1,55 +1,55 @@
{
"name": "maksit-vault",
"name": "maksit-certs-ui",
"private": true,
"version": "0.0.0",
"type": "module",
"scripts": {
"dev": "vite",
"build": "tsc -b && vite build",
"build": "tsc -b && vite build --mode prod",
"lint": "eslint .",
"preview": "vite preview"
},
"dependencies": {
"@reduxjs/toolkit": "^2.8.2",
"@reduxjs/toolkit": "^2.10.1",
"@tanstack/react-table": "^8.21.3",
"axios": "^1.11.0",
"axios": "^1.13.2",
"client-zip": "^2.5.0",
"date-fns": "^4.1.0",
"jwt-decode": "^4.0.0",
"lodash": "^4.17.21",
"lucide-react": "^0.536.0",
"lucide-react": "^0.553.0",
"qrcode.react": "^4.2.0",
"react": "^19.1.1",
"react-dom": "^19.1.1",
"react": "^19.2.0",
"react-dom": "^19.2.0",
"react-pdf": "^10.2.0",
"react-redux": "^9.2.0",
"react-router-dom": "^7.7.1",
"react-router-dom": "^7.9.6",
"react-virtualized": "^9.22.6",
"uuid": "^11.1.0",
"zod": "^4.0.14"
"uuid": "^13.0.0",
"zod": "^4.1.12"
},
"devDependencies": {
"@eslint/js": "^9.32.0",
"@eslint/js": "^9.39.1",
"@tailwindcss/aspect-ratio": "^0.4.2",
"@tailwindcss/container-queries": "^0.1.1",
"@tailwindcss/forms": "^0.5.10",
"@tailwindcss/line-clamp": "^0.4.4",
"@tailwindcss/typography": "^0.5.16",
"@tailwindcss/vite": "^4.1.11",
"@tailwindcss/typography": "^0.5.19",
"@tailwindcss/vite": "^4.1.17",
"@types/lodash": "^4.17.20",
"@types/react": "^19.1.9",
"@types/react-dom": "^19.1.7",
"@types/react": "^19.2.5",
"@types/react-dom": "^19.2.3",
"@types/react-resizable": "^3.0.8",
"@types/react-virtualized": "^9.22.2",
"@vitejs/plugin-react-swc": "^3.11.0",
"eslint": "^9.32.0",
"@types/react-virtualized": "^9.22.3",
"@vitejs/plugin-react-swc": "^4.2.2",
"eslint": "^9.39.1",
"eslint-plugin-react": "^7.37.5",
"eslint-plugin-react-hooks": "^5.2.0",
"eslint-plugin-react-refresh": "^0.4.20",
"globals": "^16.3.0",
"tailwindcss": "^4.1.11",
"typescript": "^5.8.0",
"typescript-eslint": "^8.38.0",
"vite": "^7.0.6"
"eslint-plugin-react-hooks": "^7.0.1",
"eslint-plugin-react-refresh": "^0.4.24",
"globals": "^16.5.0",
"tailwindcss": "^4.1.17",
"typescript": "^5.9.3",
"typescript-eslint": "^8.46.4",
"vite": "^7.2.2"
}
}

3
src/MaksIT.WebUI/public/config.js Normal file
View File

@ -0,0 +1,3 @@
window.RUNTIME_CONFIG = {
API_URL: "http://172.16.0.5:8080/api"
};

10
src/MaksIT.WebUI/src/AppMap.tsx
View File

@ -13,6 +13,14 @@ import { LetsEncryptTermsOfServicePage } from './pages/LetsEncryptTermsOfService
import { UserPage } from './pages/UserPage'
declare global {
interface Window {
RUNTIME_CONFIG?: {
API_URL?: string;
};
}
}
interface LayoutWrapperProps {
children: ReactNode
}
@ -250,7 +258,7 @@ interface ApiRoute {
}
const GetApiRoute = (apiRoute: ApiRoutes): ApiRoute => {
const apiUrl = import.meta.env.VITE_API_URL
const apiUrl = window.RUNTIME_CONFIG?.API_URL || import.meta.env.VITE_API_URL
const [method, route] = apiRoute.split('|')

42
src/MaksIT.WebUI/src/components/DataTable/DataTable.tsx
View File

@ -87,7 +87,7 @@ const DataTable = <T extends Record<string, unknown>,>(props: DataTableProps<T>)
const gridRef = useRef<MultiGrid>(null)
const [selectedRowIndex, setSelectedRowIndex] = useState<number | null>(null)
const [filterValues, setFilterValues] = useState<Record<string, Record<string, string>>>({})
const filterValues = useRef<Record<string, Record<string, string>>>({})
const [colWidths, setColWidths] = useState<number[]>(() => {
const defaultWidths = [DEFAULT_ACTION_WIDTH, ...columns.map(() => DEFAULT_COL_WIDTH)]
@ -138,28 +138,28 @@ const DataTable = <T extends Record<string, unknown>,>(props: DataTableProps<T>)
columnId: string,
filters: string
) => {
setFilterValues((prev) => {
const newValues = {
...prev,
[filterId]: {
...prev[filterId],
[columnId]: filters,
},
}
const prev = filterValues.current
const newValues = {
...prev,
[filterId]: {
...prev[filterId],
[columnId]: filters,
},
}
filterValues.current = newValues
const linqQueries = Object.fromEntries(
Object.entries(newValues).map(([fid, cols]) => {
const q = Object.values(cols)
.filter((v) => v)
.map((v) => `(${v})`)
.join(' && ')
return [fid, q]
})
)
const linqQueries = Object.fromEntries(
Object.entries(newValues).map(([fid, cols]) => {
const q = Object.values(cols)
.filter((v) => v)
.map((v) => `(${v})`)
.join(' && ')
return [fid, q]
})
)
debouncedOnFilterChange?.(linqQueries)
return newValues
})
debouncedOnFilterChange?.(linqQueries)
}
const handlePreviousPage = () => onPreviousPage?.(pageNumber - 1)

29
src/MaksIT.WebUI/src/entities/CacheAccount.ts
View File

@ -1,6 +1,3 @@
import { PatchAccountRequest } from '../models/letsEncryptServer/account/requests/PatchAccountRequest'
import { PatchOperation } from '../models/PatchOperation'
import { CacheAccountHostname } from './CacheAccountHostname'
export interface CacheAccount {
@ -13,29 +10,3 @@ export interface CacheAccount {
isEditMode: boolean
isStaging: boolean
}
const toPatchAccountRequest = (account: CacheAccount): PatchAccountRequest => {
return {
description: { op: PatchOperation.None, value: account.description },
isDisabled: { op: PatchOperation.None, value: account.isDisabled },
contacts: account.contacts.map((contact, index) => ({
index: index,
op: PatchOperation.None,
value: contact
})),
hostnames: account.hostnames?.map((hostname, index) => ({
hostname: {
index: index,
op: PatchOperation.None,
value: hostname.hostname
},
isDisabled: {
index: index,
op: PatchOperation.None,
value: hostname.isDisabled
}
}))
}
}
export { toPatchAccountRequest }

11
src/MaksIT.WebUI/src/forms/Home.tsx
View File

@ -1,7 +1,6 @@
import { FC, useCallback, useEffect, useState } from 'react'
import { FormContainer, FormContent, FormFooter, FormHeader } from '../components/FormLayout'
import { ButtonComponent, CheckBoxComponent, RadioGroupComponent, SelectBoxComponent } from '../components/editors'
import { CacheAccount } from '../entities/CacheAccount'
import { GetAccountResponse } from '../models/letsEncryptServer/account/responses/GetAccountResponse'
import { deleteData, getData, postData } from '../axiosConfig'
import { ApiRoutes, GetApiRoute } from '../AppMap'
@ -27,16 +26,6 @@ const Home: FC = () => {
loadData()
}, [loadData])
const handleAccountUpdate = (updatedAccount: CacheAccount) => {
// setAccounts(
// accounts.map((account) =>
// account.accountId === updatedAccount.accountId
// ? updatedAccount
// : account
// )
// )
}
const handleDeleteAccount = (accountId: string) => {
deleteData<void>(
GetApiRoute(ApiRoutes.ACCOUNT_DELETE)

7
src/MaksIT.WebUI/src/forms/Users/EditUser/index.tsx
View File

@ -1,23 +1,16 @@
import { FC, useState } from 'react'
import { FormContainer, FormContent, FormHeader } from '../../../components/FormLayout'
import { ButtonComponent } from '../../../components/editors'
import { UserResponse } from '../../../models/identity/user/UserResponse'
import { ChangePassword } from './ChangePassword'
interface EditUserProps {
userId: string;
onSubmitted?: (entity: UserResponse) => void
cancelEnabled?: boolean
onCancel?: () => void
}
const EditUser : FC<EditUserProps> = (props) => {
const {
userId,
onSubmitted,
cancelEnabled = false,
onCancel
} = props
const [showChangePassword, setShowChangePassword] = useState(false)

3
src/MaksIT.WebUI/src/forms/Utilities.tsx
View File

@ -6,6 +6,7 @@ import { deleteData, getBinary, getData, postFile } from '../axiosConfig'
import { addToast } from '../components/Toast/addToast'
import { extractFilenameFromHeaders, saveBinaryToDisk } from '../functions'
import { downloadZip } from 'client-zip'
import { HelloWorldResponse } from '../models/Agent/HelloWorldResponse'
const Utilities: FC = () => {
@ -13,7 +14,7 @@ const Utilities: FC = () => {
const [files, setFiles] = useState<File[]>([])
const hadnleTestAgent = () => {
getData(GetApiRoute(ApiRoutes.AGENT_TEST).route)
getData<HelloWorldResponse>(GetApiRoute(ApiRoutes.AGENT_TEST).route)
.then((response) => {
if (!response) return

3
src/MaksIT.WebUI/src/models/Agent/HelloWorldResponse.ts Normal file
View File

@ -0,0 +1,3 @@
export interface HelloWorldResponse {
message: string
}

11
src/MaksIT.WebUI/src/models/identity/login/LoginRequest.ts
View File

@ -1,4 +1,4 @@
import { object, RefinementCtx, Schema, string, ZodIssueCode } from 'zod'
import { object, RefinementCtx, Schema, string } from 'zod'
export interface LoginRequest {
username: string
@ -8,10 +8,9 @@ export interface LoginRequest {
}
const LoginRequestSchemaRefine = (data: LoginRequest, ctx: RefinementCtx) => {
if (data.username === '') {
ctx.addIssue({
code: ZodIssueCode.custom,
code: 'custom',
message: 'Username cannot be empty',
path: ['username']
})
@ -19,7 +18,7 @@ const LoginRequestSchemaRefine = (data: LoginRequest, ctx: RefinementCtx) => {
if (data.password === '') {
ctx.addIssue({
code: ZodIssueCode.custom,
code: 'custom',
message: 'Password cannot be empty',
path: ['password']
})
@ -27,13 +26,11 @@ const LoginRequestSchemaRefine = (data: LoginRequest, ctx: RefinementCtx) => {
if (data.twoFactorCode && data.twoFactorRecoveryCode) {
ctx.addIssue({
code: ZodIssueCode.custom,
code: 'custom',
message: 'Cannot have both twoFactorCode and twoFactorRecoveryCode',
path: ['twoFactorCode', 'twoFactorRecoveryCode']
})
}
return data
}
export const LoginRequestSchema: Schema<LoginRequest> = object({

2
src/MaksIT.Webapi/Controllers/CacheController.cs
View File

@ -24,7 +24,7 @@ public class CacheController(ICacheService cacheService) : ControllerBase {
[HttpPost("cache/upload")]
//[RequestSizeLimit(200_000_000)]
public async Task<IActionResult> PostCache([FromForm] IFormFile file) {
public async Task<IActionResult> PostCache(IFormFile file) {
if (file is null || file.Length == 0) return BadRequest("No file.");
using var ms = new MemoryStream();

2
src/MaksIT.Webapi/MaksIT.Webapi.csproj
View File

@ -25,7 +25,7 @@
<ItemGroup>
<ProjectReference Include="..\LetsEncrypt\LetsEncrypt.csproj" />
<ProjectReference Include="..\Models\MaksIT.Models.csproj" />
<ProjectReference Include="..\MaksIT.Models\MaksIT.Models.csproj" />
</ItemGroup>
</Project>

16
src/MaksIT.Webapi/Program.cs
View File

@ -69,16 +69,28 @@ builder.Services.AddHostedService<AutoRenewal>();
builder.Services.AddHostedService<Initialization>();
#endregion
// Add CORS services to the container and configure to allow any origin
builder.Services.AddCors(options => {
options.AddPolicy("AllowAllOrigins", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
var app = builder.Build();
app.UseMiddleware<ErrorHandlingMiddleware>();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment()) {
app.UseSwagger();
app.UseSwaggerUI();
app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
}
app.UseMiddleware<ErrorHandlingMiddleware>();
// Use CORS policy in the pipeline
app.UseCors("AllowAllOrigins");
app.UseAuthorization();

59
src/Release-DockerImage.ps1
View File

@ -1,59 +0,0 @@
# Set variables
$projectName = "certs-ui"
$harborUrl = "cr.maks-it.com" # e.g., "harbor.yourdomain.com"
$tag = "latest" # Customize the tag as needed
# Retrieve and decode username:password from environment variable (Base64 encoded)
try {
$decoded = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($Env:CR_MAKS_IT))
} catch {
throw "Failed to decode CR_MAKS_IT as Base64. Ensure it's base64('username:password'). Error: $_"
}
# Split decoded credentials
$creds = $decoded -split ':', 2
if ($creds.Count -ne 2) {
throw "Invalid decoded CR_MAKS_IT format. Expected 'username:password'."
}
$harborUsername = $creds[0]
$harborPassword = $creds[1]
# Authenticate with Harbor
Write-Output "Logging into $harborUrl as $harborUsername..."
$loginResult = $harborPassword | docker login $harborUrl -u $harborUsername --password-stdin 2>&1
if ($LASTEXITCODE -ne 0 -or ($loginResult -notmatch "Login Succeeded")) {
throw "Docker login failed for $harborUrl.`n$loginResult"
}
# List of services to build and push with the current context
$services = @{
"reverseproxy" = "ReverseProxy/Dockerfile"
"server" = "LetsEncryptServer/Dockerfile"
"client" = "ClientApp/Dockerfile.prod"
}
$contextPath = "."
foreach ($service in $services.Keys) {
$dockerfilePath = $services[$service]
$imageName = "$harborUrl/$projectName/${service}:${tag}"
# Build the Docker image
Write-Output "Building image $imageName from $dockerfilePath..."
docker build -t $imageName -f $dockerfilePath $contextPath
if ($LASTEXITCODE -ne 0) {
throw "Docker build failed for $imageName"
}
# Push the Docker image
Write-Output "Pushing image $imageName..."
docker push $imageName
if ($LASTEXITCODE -ne 0) {
throw "Docker push failed for $imageName"
}
}
# Logout after pushing images
docker logout $harborUrl | Out-Null
Write-Output "Completed successfully."

4
src/Release-DockerImage.bat → src/Release.bat
View File

@ -4,4 +4,6 @@ REM Change directory to the location of the script
cd /d %~dp0
REM Invoke the PowerShell script (Release-NuGetPackage.ps1) in the same directory
powershell -ExecutionPolicy Bypass -File "%~dp0Release-DockerImage.ps1"
powershell -ExecutionPolicy Bypass -File "%~dp0Release.ps1"
pause

105
src/Release.ps1 Normal file
View File

@ -0,0 +1,105 @@
# HINT: To create a tag for the last commit in git, use:
# git tag 1.2.3
# git push origin 1.2.3
# Replace '1.2.3' with your desired tag name.
# Set variables
$projectName = "certs-ui"
$harborUrl = "cr.maks-it.com" # e.g., "harbor.yourdomain.com"
# Ensure we are on main branch and up to date
git checkout main
git pull
# Get the latest tag reachable from main
$tag = git describe --tags --abbrev=0
if (-not $tag) {
throw "No tags found on main branch."
}
$tags = @($tag, "latest")
Write-Output "Using tags: $($tags -join ', ')"
# Retrieve and decode username:password from environment variable (Base64 encoded)
try {
$decoded = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($Env:CR_MAKS_IT))
} catch {
throw "Failed to decode CR_MAKS_IT as Base64. Ensure it's base64('username:password'). Error: $_"
}
# Split decoded credentials
$creds = $decoded -split ':', 2
if ($creds.Count -ne 2) {
throw "Invalid decoded CR_MAKS_IT format. Expected 'username:password'."
}
$harborUsername = $creds[0]
$harborPassword = $creds[1]
# Authenticate with Harbor
Write-Output "Logging into $harborUrl as $harborUsername..."
$loginResult = $harborPassword | docker login $harborUrl -u $harborUsername --password-stdin 2>&1
if ($LASTEXITCODE -ne 0 -or ($loginResult -notmatch "Login Succeeded")) {
throw "Docker login failed for $harborUrl.`n$loginResult"
}
# List of services to build and push with the current context
$services = @{
"reverseproxy" = "ReverseProxy/Dockerfile"
"server" = "MaksIT.Webapi/Dockerfile"
"client" = "MaksIT.WebUI/Dockerfile.prod"
}
$contextPath = "."
foreach ($service in $services.Keys) {
$dockerfilePath = $services[$service]
$baseImageName = "$harborUrl/$projectName/${service}"
foreach ($t in $tags) {
$imageName = "$baseImageName`:$t"
Write-Output "Building image $imageName from $dockerfilePath..."
docker build -t $imageName -f $dockerfilePath $contextPath
if ($LASTEXITCODE -ne 0) {
throw "Docker build failed for $imageName"
}
Write-Output "Pushing image $imageName..."
docker push $imageName
if ($LASTEXITCODE -ne 0) {
throw "Docker push failed for $imageName"
}
}
}
# --- Helm Chart Release Section ---
# Package the Helm chart
$chartDir = "helm"
$chartPackageOutput = helm package $chartDir
$chartPackage = $null
if ($chartPackageOutput -match "Successfully packaged chart and saved it to: (.+\.tgz)") {
$chartPackage = $Matches[1]
}
if (-not $chartPackage) {
throw "Helm chart packaging failed. Output: $chartPackageOutput"
}
# Push the Helm chart to the same Harbor project/repo as Docker images
$helmRepoUrl = "oci://$harborUrl/$projectName/charts"
Write-Output "Pushing Helm chart $chartPackage to $helmRepoUrl..."
helm push $chartPackage $helmRepoUrl --username $harborUsername --password $harborPassword
if ($LASTEXITCODE -ne 0) {
throw "Helm chart push failed."
}
if ($chartPackage) {
Remove-Item $chartPackage -Force
Write-Output "Cleaned up $chartPackage"
}
docker logout $harborUrl | Out-Null
Write-Output "Completed successfully."
# Logout after pushing images

8
src/ReleaseAndDeploy.bat
View File

@ -4,11 +4,11 @@ setlocal
REM Get the directory of the current script
set "SCRIPT_DIR=%~dp0"
REM Run the first batch file
call "%SCRIPT_DIR%Release-DockerImage.bat"
REM Invoke the PowerShell script (Release-NuGetPackage.ps1) in the same directory
powershell -ExecutionPolicy Bypass -File "%~dp0Release.ps1"
REM Run the second batch file
call "%SCRIPT_DIR%Deploy-Helm.bat"
REM Invoke the PowerShell script (Release-NuGetPackage.ps1) in the same directory
powershell -ExecutionPolicy Bypass -File "%~dp0Deploy-Helm.ps1"
echo All scripts completed.
pause

46
src/docker-compose.final.yml
View File

@ -1,46 +0,0 @@
services:
letsencrypt-app:
image: ${DOCKER_REGISTRY-}letsencrypt-app
build:
context: .
dockerfile: ClientApp/Dockerfile
container_name: letsencrypt-app
environment:
- ASPNETCORE_ENVIRONMENT=Production
- LETSENCRYPT_SERVER=http://websrv0001.corp.maks-it.com
ports:
- "3000:3000"
network_mode: "host"
letsencrypt-server:
image: ${DOCKER_REGISTRY-}letsencrypt-server
build:
context: .
dockerfile: LetsEncryptServer/Dockerfile
container_name: letsencrypt-server
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_HTTP_PORTS=9000
- LETSENCRYPT_SERVER_PRODUCTION=https://acme-v02.api.letsencrypt.org/directory
- LETSENCRYPT_SERVER_STAGING=https://acme-staging-v02.api.letsencrypt.org/directory
- MAKS_IT_AGENT_HOSTNAME=http://websrv0001.corp.maks-it.com
- MAKS-IT_AGENT_PORT=5000
- MAKS-IT_AGENT_KEY=UGnCaElLLJClHgUeet/yr7vNvPf13b1WkDJQMfsiP6I=
- MAKS-IT_AGENT_SERVICE=haproxy
volumes:
- ./docker-compose/LetsEncryptServer/acme:/app/acme
- ./docker-compose/LetsEncryptServer/cache:/app/cache
ports:
- "9000:9000"
network_mode: "host"
curl-test:
image: curlimages/curl:latest
container_name: curl-test
command: >
curl --location http://websrv0001.corp.maks-it.com:5000/HelloWorld
--header "x-api-key: UGnCaElLLJClHgUeet/yr7vNvPf13b1WkDJQMfsiP6I="
restart: "no"
network_mode: "host"

11
src/helm/templates/deployments.yaml
View File

@ -11,7 +11,7 @@ metadata:
{{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }}
spec:
replicas: {{ default 1 $comp.replicas }}
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: {{ $root.Release.Name }}
@ -46,6 +46,15 @@ spec:
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- if eq $compName "client" }}
- name: VITE_API_URL
value: >
{{- if eq $root.Values.components.reverseproxy.service.type "LoadBalancer" -}}
http://{{ $root.Values.components.reverseproxy.service.loadBalancerIP }}:{{ $root.Values.components.reverseproxy.service.port }}
{{- else -}}
http://{{ include "certs-ui.fullname" $root }}-reverseproxy:{{ $root.Values.components.reverseproxy.service.port }}
{{- end }}
{{- end }}
{{- $p := default dict $comp.persistence -}}
{{- $vols := default (list) $p.volumes -}}
{{- $hasVols := gt (len $vols) 0 -}}

2
src/helm/templates/pvc.yaml
View File

@ -17,7 +17,7 @@ spec:
resources:
requests:
storage: {{ default "1Gi" $vol.pvc.size }}
storageClassName: {{ default "local-path" $vol.pvc.storageClass }}
storageClassName: {{ default $.Values.components.server.persistence.storageClass $vol.pvc.storageClass | quote }}
{{- end }}
{{- end }}
{{- end }}

14
src/helm/values.yaml
View File

@ -4,7 +4,6 @@ global:
components:
server:
replicas: 1
image:
registry: cr.maks-it.com
repository: certs-ui/server
@ -21,13 +20,13 @@ components:
port: 5000
targetPort: 5000
persistence:
storageClass: local-path
volumes:
- name: acme
mountPath: /acme
type: pvc
pvc:
create: true
storageClass: local-path
size: 50Mi
accessModes: [ReadWriteOnce]
- name: cache
@ -35,7 +34,6 @@ components:
type: pvc
pvc:
create: true
storageClass: local-path
size: 50Mi
accessModes: [ReadWriteOnce]
- name: data
@ -43,7 +41,6 @@ components:
type: pvc
pvc:
create: true
storageClass: local-path
size: 50Mi
accessModes: [ReadWriteOnce]
secretsFile:
@ -99,7 +96,6 @@ components:
forceUpdate: false
client:
replicas: 1
image:
registry: cr.maks-it.com
repository: certs-ui/client
@ -108,16 +104,14 @@ components:
env:
- name: ASPNETCORE_ENVIRONMENT
value: Development
- name: NEXT_PUBLIC_API_BASE_URL
value: http://certs-ui-server:5000
service:
enabled: true
type: ClusterIP
port: 3000
targetPort: 3000
port: 5173
targetPort: 5173
reverseproxy:
replicas: 1
image:
registry: cr.maks-it.com
repository: certs-ui/reverseproxy