mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-31 04:00:03 +01:00

Go to file

Maksym Sadovnychyy 5c204e2c1d (feature): httpClient service update, layout improvemnts, better rest std		2024-06-16 23:48:41 +02:00
src	(feature): httpClient service update, layout improvemnts, better rest std	2024-06-16 23:48:41 +02:00
.gitattributes	Add .gitignore and .gitattributes.	2019-06-29 18:06:54 +02:00
.gitignore	(feature): front end layout improve	2024-06-12 22:25:03 +02:00
LICENSE.md	License and Readme added	2019-11-01 01:33:16 +01:00
README.md	(feature): sever side agent implementation	2024-06-05 22:19:34 +02:00

README.md

LetsEncrypt C# Client by Maks-IT.com

Simple client to obtain Let's Encrypt HTTPS certificates developed with .net core and curently works only with http challange

Versions History

29 Jun, 2019 - V1.0
01 Nov, 2019 - V2.0 (Dependency Injection pattern impelemtation)
31 May, 2024 - V3.0 (Webapi and containerization)

Haproxy configuration

# Create the user with a normal shell
sudo useradd -m -s /bin/bash acme

# Set the user's password
sudo passwd acme

sudo passwd acme

sudo mkdir /etc/haproxy/certs
chown acme:root /etc/haproxy/certs

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # Adjust the maxconn value based on your server\'s capacity
    maxconn 2048

    # SSL certificates directory
    # ca-base /etc/ssl/certs
    #crt-base /etc/ssl/private

    # Default SSL certificate (used if no SNI match)
    #ssl-default-bind-crt /etc/haproxy/certs/default.pem

    # turn on stats unix socket
    # stats socket /var/lib/haproxy/stats level admin mode 660
    #stats socket /var/run/haproxy/admin.sock level admin mode 660 user haproxy group haproxy

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM


#---------------------------------------------------------------------
# common defaults that all the \'listen\' and \'backend\' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


#---------------------------------------------------------------------
# Frontend configuration for handling multiple domains with SNI
#---------------------------------------------------------------------
frontend web
    bind :80
    bind :443 ssl crt /etc/haproxy/certs/ strict-sni

    # Handling for ACME challenge paths
    acl acme_challenge path_beg /.well-known/acme-challenge/
    use_backend acme_challenge_backend if acme_challenge



#---------------------------------------------------------------------
# Backend configuration for ACME challenge
#---------------------------------------------------------------------
backend acme_challenge_backend
    server acme_challenge 127.0.0.1:8080

MaksIT agent

openssl rand -base64 32

sudo rpm -Uvh https://packages.microsoft.com/config/centos/8/packages-microsoft-prod.rpm
sudo dnf install -y dotnet-sdk-8.0

Copy sources to

sudo mkdir -p /opt/maks-it-agent

dotnet build --configuration Release
dotnet publish -c Release -o /opt/maks-it-agent

sudo nano /etc/systemd/system/maks-it-agent.service

[Unit]
Description=Maks-IT Agent
After=network.target

[Service]
WorkingDirectory=/opt/maks-it-agent
ExecStart=/usr/bin/dotnet /opt/maks-it-agent/Agent.dll --urls "http://*:5000"
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-servicereloader
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now maks-it-agent.service
sudo systemctl status maks-it-agent.service