MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-30 19:50:07 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
83 Commits 1 Branch 1 Tag 2.2 MiB
TypeScript 56.4%
C# 40%
PowerShell 1.7%
JavaScript 0.6%
Dockerfile 0.5%
Other 0.7%
7d60b77c62
Go to file
Maksym Sadovnychyy 7d60b77c62 (feature): backend controllers review init
2025-11-05 22:08:03 +01:00
src (feature): backend controllers review init 2025-11-05 22:08:03 +01:00
.gitattributes Add .gitignore and .gitattributes. 2019-06-29 18:06:54 +02:00
.gitignore (feature): front end layout improve 2024-06-12 22:25:03 +02:00
LICENSE.md License and Readme added 2019-11-01 01:33:16 +01:00
pipeline.json (feature): pipeline update 2025-05-25 12:43:52 +02:00
README.md (feature): first release 2024-08-11 18:36:07 +02:00

README.md

LetsEncrypt C# Client by Maks-IT.com

Simple client to obtain Let's Encrypt HTTPS certificates developed with .net core and curently works only with http challange

Versions History

  • 29 Jun, 2019 - V1.0
  • 01 Nov, 2019 - V2.0 (Dependency Injection pattern impelemtation)
  • 31 May, 2024 - V3.0 (Webapi and containerization)
  • 11 Aug, 2024 - V3.1 (Release)

Haproxy configuration

sudo mkdir /etc/haproxy/certs

sudo nano /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# Frontend for HTTP traffic on port 80
#---------------------------------------------------------------------
frontend http_frontend
    bind *:80
    acl acme_path path_beg /.well-known/acme-challenge/

    # Redirect all HTTP traffic to HTTPS except ACME challenge requests
    redirect scheme https if !acme_path

    # Use the appropriate backend based on hostname if it's an ACME challenge request
    use_backend acme_backend if acme_path

#---------------------------------------------------------------------
# Backend to handle ACME challenge requests
#---------------------------------------------------------------------
backend acme_backend
    server local_acme 127.0.0.1:8080

#---------------------------------------------------------------------
# Frontend for HTTPS traffic (port 443) with SNI and strict-sni
#---------------------------------------------------------------------
frontend https_frontend
    bind *:443 ssl crt /etc/haproxy/certs strict-sni

    http-request capture req.hdr(host) len 64

    # Define ACLs for routing based on hostname
    acl host_git hdr(host) -i git.maks-it.com
    acl host_cr hdr(host) -i cr.maks-it.com

    # Use appropriate backend based on SNI hostname
    use_backend git_backend if host_git
    use_backend cr_backend if host_cr

#---------------------------------------------------------------------
# Backend for git.maks-it.com
#---------------------------------------------------------------------
backend git_backend
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Forwarded-Host %[hdr(host)]
    server git_server gitsrv0002.corp.maks-it.com:3000

#---------------------------------------------------------------------
# Backend for cr.maks-it.com
#---------------------------------------------------------------------
backend cr_backend
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Forwarded-Host %[hdr(host)]
    server cr_server hcrsrv0001.corp.maks-it.com:80

#---------------------------------------------------------------------
# letsencrypt load balancer
#---------------------------------------------------------------------
frontend letsencrypt
    bind *:8080
    mode http
    acl path_well_known_acme path_beg /.well-known/acme-challenge/
    acl path_swagger path_beg /swagger/
    acl path_api path_beg /api/

    use_backend letsencrypt_server if path_well_known_acme
    use_backend letsencrypt_server if path_swagger
    use_backend letsencrypt_server if path_api
    default_backend letsencrypt_app

backend letsencrypt_server
    mode http
    server server1 127.0.0.1:9000 check

backend letsencrypt_app
    mode http
    server app1 127.0.0.1:3000 check

MaksIT agent installation

From your home directory

git clone https://github.com/MAKS-IT-COM/certs-ui.git

cd certs-ui/src/Agent

sudo sh ./build_and_deploy.sh

Maks IT LetsEncrypt server installation

From your home directory

git clone https://github.com/MAKS-IT-COM/certs-ui.git

cd certs-ui/src

podman-compose -f docker-compose.final.yml up