crappyrules
/
mistborn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch '38-tls' into 'master' 

Resolve "Stricter TLS requirements for iOS"

Closes #38

See merge request cyber5k/mistborn!34
merge-requests/39/merge
Steven Foerster 5 years ago
parent
fe36dff1b9 b417f466c8
commit
c96df527e6
3 changed files with 17 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      README.md
  2. 4
      scripts/install.sh
  3. 10
      scripts/subinstallers/openssl.sh

8
README.md
Unescape View File

@ -50,6 +50,9 @@ Tested Operating Systems (in order of thoroughness): @@ -50,6 +50,9 @@ Tested Operating Systems (in order of thoroughness):
- Debian 10 (Buster)
- Raspbian Buster
Tested Browsers:
- Firefox
The default tests are run on DigitalOcean Droplets: 2GB RAM, 1 CPU, 50GB hard disk.
The Mistborn docker images exist for these architectures:
@ -265,6 +268,8 @@ These are the default credentials to use in the services you choose to use: @@ -265,6 +268,8 @@ These are the default credentials to use in the services you choose to use:
| Cockpit | cockpit | {{default mistborn password}} |
| Nextcloud | mistborn | {{default mistborn password}} |
You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/`
# Gateway Setup
Mistborn will generate the Wireguard configuration script for the Gateway. From a base Ubuntu/Debian/Raspbian operating system the following packages are recommended to be installed beforehand:
@ -457,6 +462,9 @@ Many features and refinements are in the works at various stages including: @@ -457,6 +462,9 @@ Many features and refinements are in the works at various stages including:
- Internal network scan tool and feedback
- Anomaly detection in network traffic
# Follow
You can find recent bugfixes, functional additions, some extra documentation and more at the Cyber5K Patreon page: [https://www.patreon.com/cyber5k](https://www.patreon.com/cyber5k)
# Contact
Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com)

4
scripts/install.sh
Unescape View File

@ -209,8 +209,8 @@ cp ./compose/production/traefik/traefik.toml.template ./compose/production/traef @@ -209,8 +209,8 @@ cp ./compose/production/traefik/traefik.toml.template ./compose/production/traef
# setup tls certs
source ./scripts/subinstallers/openssl.sh
sudo rm -rf ../mistborn_volumes/base/tls
sudo mv ./tls ../mistborn_volumes/base/
#sudo rm -rf ../mistborn_volumes/base/tls
#sudo mv ./tls ../mistborn_volumes/base/
# enable and run setup to generate .env
sudo systemctl enable Mistborn-setup.service

10
scripts/subinstallers/openssl.sh
Unescape View File

@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
#!/bin/bash
KEY_FOLDER="./tls/"
KEY_FOLDER="/opt/mistborn_volumes/base/tls/"
CRT_FILE="cert.crt"
KEY_FILE="cert.key"
@ -11,11 +11,15 @@ KEY_PATH="$KEY_FOLDER/$KEY_FILE" @@ -11,11 +11,15 @@ KEY_PATH="$KEY_FOLDER/$KEY_FILE"
sudo -E apt-get install -y openssl
# make folder
mkdir -p $KEY_FOLDER
sudo -E mkdir -p $KEY_FOLDER
# clean old crt and key
sudo -E rm -f ${KEY_FOLDER}/*
# generate crt and key
openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost"
sudo -E openssl req -x509 -sha256 -nodes -days 397 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -addext "subjectAltName = DNS:*.mistborn" -addext extendedKeyUsage=serverAuth -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost"
# set permissions
sudo -E chown -R mistborn:mistborn ${KEY_FOLDER}
chmod 644 $CRT_PATH
chmod 600 $KEY_PATH

Write Preview
Loading…
Cancel
Save