MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-31 04:00:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
c6dbf6d195
maksit-certs-ui/README.md
Maksym Sadovnychyy b30d7903a5 (feature): first release
2024-08-11 18:36:07 +02:00

168 lines
4.9 KiB
Markdown
Raw Blame History

# LetsEncrypt C# Client by Maks-IT.com
Simple client to obtain Let's Encrypt HTTPS certificates developed with .net core and curently works only with http challange
## Versions History
* 29 Jun, 2019 - V1.0
* 01 Nov, 2019 - V2.0 (Dependency Injection pattern impelemtation)
* 31 May, 2024 - V3.0 (Webapi and containerization)
* 11 Aug, 2024 - V3.1 (Release)
## Haproxy configuration
```bash
sudo mkdir /etc/haproxy/certs
```
```bash
sudo nano /etc/haproxy/haproxy.cfg
```
```ini
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# Frontend for HTTP traffic on port 80
#---------------------------------------------------------------------
frontend http_frontend
bind *:80
acl acme_path path_beg /.well-known/acme-challenge/
# Redirect all HTTP traffic to HTTPS except ACME challenge requests
redirect scheme https if !acme_path
# Use the appropriate backend based on hostname if it's an ACME challenge request
use_backend acme_backend if acme_path
#---------------------------------------------------------------------
# Backend to handle ACME challenge requests
#---------------------------------------------------------------------
backend acme_backend
server local_acme 127.0.0.1:8080
#---------------------------------------------------------------------
# Frontend for HTTPS traffic (port 443) with SNI and strict-sni
#---------------------------------------------------------------------
frontend https_frontend
bind *:443 ssl crt /etc/haproxy/certs strict-sni
http-request capture req.hdr(host) len 64
# Define ACLs for routing based on hostname
acl host_git hdr(host) -i git.maks-it.com
acl host_cr hdr(host) -i cr.maks-it.com
# Use appropriate backend based on SNI hostname
use_backend git_backend if host_git
use_backend cr_backend if host_cr
#---------------------------------------------------------------------
# Backend for git.maks-it.com
#---------------------------------------------------------------------
backend git_backend
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Host %[hdr(host)]
server git_server gitsrv0002.corp.maks-it.com:3000
#---------------------------------------------------------------------
# Backend for cr.maks-it.com
#---------------------------------------------------------------------
backend cr_backend
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Host %[hdr(host)]
server cr_server hcrsrv0001.corp.maks-it.com:80
#---------------------------------------------------------------------
# letsencrypt load balancer
#---------------------------------------------------------------------
frontend letsencrypt
bind *:8080
mode http
acl path_well_known_acme path_beg /.well-known/acme-challenge/
acl path_swagger path_beg /swagger/
acl path_api path_beg /api/
use_backend letsencrypt_server if path_well_known_acme
use_backend letsencrypt_server if path_swagger
use_backend letsencrypt_server if path_api
default_backend letsencrypt_app
backend letsencrypt_server
mode http
server server1 127.0.0.1:9000 check
backend letsencrypt_app
mode http
server app1 127.0.0.1:3000 check
```
## MaksIT agent installation
From your home directory
```bash
git clone https://github.com/MAKS-IT-COM/certs-ui.git
```
```bash
cd certs-ui/src/Agent
```
```bash
sudo sh ./build_and_deploy.sh
```
## Maks IT LetsEncrypt server installation
From your home directory
```bash
git clone https://github.com/MAKS-IT-COM/certs-ui.git
```
```bash
cd certs-ui/src
```
```bash
podman-compose -f docker-compose.final.yml up
```
Reference in New Issue View Git Blame Copy Permalink