From b417f466c8c13632e2fddbfa22dd801c92632168 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Fri, 31 Jul 2020 02:00:53 +0000 Subject: [PATCH] Resolve "Stricter TLS requirements for iOS" --- README.md | 8 ++++++++ scripts/install.sh | 4 ++-- scripts/subinstallers/openssl.sh | 10 +++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e210492..6676760 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,9 @@ Tested Operating Systems (in order of thoroughness): - Debian 10 (Buster) - Raspbian Buster +Tested Browsers: +- Firefox + The default tests are run on DigitalOcean Droplets: 2GB RAM, 1 CPU, 50GB hard disk. The Mistborn docker images exist for these architectures: @@ -265,6 +268,8 @@ These are the default credentials to use in the services you choose to use: | Cockpit | cockpit | {{default mistborn password}} | | Nextcloud | mistborn | {{default mistborn password}} | +You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/` + # Gateway Setup Mistborn will generate the Wireguard configuration script for the Gateway. From a base Ubuntu/Debian/Raspbian operating system the following packages are recommended to be installed beforehand: @@ -457,6 +462,9 @@ Many features and refinements are in the works at various stages including: - Internal network scan tool and feedback - Anomaly detection in network traffic +# Follow +You can find recent bugfixes, functional additions, some extra documentation and more at the Cyber5K Patreon page: [https://www.patreon.com/cyber5k](https://www.patreon.com/cyber5k) + # Contact Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com) diff --git a/scripts/install.sh b/scripts/install.sh index d71a6d4..2a5c4ce 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -209,8 +209,8 @@ cp ./compose/production/traefik/traefik.toml.template ./compose/production/traef # setup tls certs source ./scripts/subinstallers/openssl.sh -sudo rm -rf ../mistborn_volumes/base/tls -sudo mv ./tls ../mistborn_volumes/base/ +#sudo rm -rf ../mistborn_volumes/base/tls +#sudo mv ./tls ../mistborn_volumes/base/ # enable and run setup to generate .env sudo systemctl enable Mistborn-setup.service diff --git a/scripts/subinstallers/openssl.sh b/scripts/subinstallers/openssl.sh index c5d58eb..6862cfc 100755 --- a/scripts/subinstallers/openssl.sh +++ b/scripts/subinstallers/openssl.sh @@ -1,6 +1,6 @@ #!/bin/bash -KEY_FOLDER="./tls/" +KEY_FOLDER="/opt/mistborn_volumes/base/tls/" CRT_FILE="cert.crt" KEY_FILE="cert.key" @@ -11,11 +11,15 @@ KEY_PATH="$KEY_FOLDER/$KEY_FILE" sudo -E apt-get install -y openssl # make folder -mkdir -p $KEY_FOLDER +sudo -E mkdir -p $KEY_FOLDER + +# clean old crt and key +sudo -E rm -f ${KEY_FOLDER}/* # generate crt and key -openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost" +sudo -E openssl req -x509 -sha256 -nodes -days 397 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -addext "subjectAltName = DNS:*.mistborn" -addext extendedKeyUsage=serverAuth -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost" # set permissions +sudo -E chown -R mistborn:mistborn ${KEY_FOLDER} chmod 644 $CRT_PATH chmod 600 $KEY_PATH