TLS

Debian behind TLS Proxy

Behind Corp Proxy let’s assume you’re behing a Corp Proxy which enforce TLS Inspection, you don’t have the Proxy Cert and you want to Upgrade your Boxes … … and of course, you do this in the LAB and for Research only and not your Productiv Environment! TLS Inspection enabled apt-get upate W: Failed to fetch https://packages.sury.org/php/dists/bookworm/InRelease Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.

Caddy

Run Simple Secure Webserver in 20 sec assuming you have Docker Instance and wanna run a Secure Webserver in a few Seconds ? Here is an Example how todo it … Fireup Docker start a fresh and empty Container with Alpine Linux. Get a Shell. Docker will be removed when you leave the shell (–rm) docker run -it --rm -p 80:80 -p 443:443 --name alpine-ssl alpine /bin/sh Set FQDN this should point to your ip address …

Docker - Traefik - Wildcard Cert

Intro TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ? Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication. Helpful URL https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ https://www.digitalocean.com/community/tutorials/how-to-use-traefik-v2-as-a-reverse-proxy-for-docker-containers-on-ubuntu-20-04 https://www.carluccio.de/reverse-proxy-traefik-mit-wildcard-zertifikaten/ https://linuxblog.xyz/posts/traefik-2-docker-compose/ https://medium.com/@KagundaJM/proxy-buffalo-app-with-traefik-and-lets-encrypt-on-digitalocean-505060edef4c Fully Example with Docker Compose, Traefik, Digital Ocean Prepare Env cd /where/ever/you/want mkdir data touch data/acme.