TLS

Debian behind TLS Proxy

Linux, Security

Behind Corp Proxy

let’s assume you’re behing a Corp Proxy which enforce TLS Inspection, you don’t have the Proxy Cert and you want to Upgrade your Boxes …

… and of course, you do this in the LAB and for Research only and not your Productiv Environment!

TLS Inspection enabled

apt-get upate
W: Failed to fetch https://packages.sury.org/php/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted.
The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: xx.xx.xx.xx yyyy]

Disable TLS Check

touch /etc/apt/apt.conf.d/99verify-peer.conf
echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }"

Update

apt-get update
apt-get upgrade
Any Comments ?

sha256: 40c39ed441b4690a8644cd63bfd2e6987f06a70c4f922eca14de5dcc27d4fb35

Caddy

Docker

Run Simple Secure Webserver in 20 sec

assuming you have Docker Instance and wanna run a Secure Webserver in a few Seconds ? Here is an Example how todo it …

Fireup Docker

start a fresh and empty Container with Alpine Linux. Get a Shell. Docker will be removed when you leave the shell (–rm)

docker run -it --rm -p 80:80 -p 443:443 --name alpine-ssl alpine /bin/sh

Set FQDN

this should point to your ip address …

Docker - Traefik - Wildcard Cert

Docker

Intro

TLS is must, but do you wanna generate a own Certificate for each Service you Provide ? Specially, when you have a *.domain.tld Record set ?

Trafik is able to handle that for you. Let’s Encrypt offers the possibility to use DNS Validation for Wildcard Domains. Here is a list of Providers that can automate DNS Verfication.

Helpful URL

Fully Example with Docker Compose, Traefik, Digital Ocean

Prepare Env

cd /where/ever/you/want
mkdir data
touch data/acme.json

Variables

we need a few Variables. Let’s put them in a .env file and docker-compose will use them when called.