cloudinit
letsencrypt

cloudinit | letsencrypt | |
---|---|---|
31 | 21 | |
3,110 | 31,894 | |
2.0% | 0.4% | |
9.7 | 9.3 | |
3 days ago | 9 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cloudinit
-
Tell HN: Ubuntu 24.04 force enables password auth, need to disable differently
This comes from the `ssh_pwauth` setting in cloud-init. Docs: https://cloudinit.readthedocs.io/en/latest/reference/modules...
The PR https://github.com/canonical/cloud-init/pull/1618 implemented using a "sshd_config.d" file.
-
Setting Up The Home Lab: Setting up Kubernetes Using Ansible
In my previous article I went over how to set up VMs in Proxmox VE using Terraform to deploy the VMs and Cloud-Init to provision them. In this article I'll discuss using Ansible playbooks to do further provisioning of VMs.
-
Setting Up The Home Lab: Terraform and Cloud-Init
In my last article I talked about getting Terraform set up on Proxmox VE. In this article I want to talk about how I got Cloud-Init set up to use with my Terraform templates.
-
Multipass + Cloud-Init
Multipass is a mini-cloud on your workstation using native hypervisors of all the supported plaforms (Windows, macOS and Linux). Multipass can launch and run virtual machines and configure them with cloud-init like a public cloud.
-
Setting up the home lab: Terraform
And there you have it! In my next article I'll show you how to provision your VMs using Cloud-Init
-
Industry Standard for Cloud Instance Initialization: Cloud-Init
[1] Cloud-Init: https://github.com/canonical/Cloud-Init [2] AutoMQ: https://github.com/AutoMQ/automq [3] Introduction to Cloud-Init: https://cloudinit.readthedocs.io/en/latest/explanation/introduction.html#how-does-Cloud-Init-work
-
Custom RAM boot PXE Linux
Newer versions of OS use cloud init -> https://cloud-init.io/
-
The Reluctant Sysadmin's Guide to Securing a Linux Server
Overall, I think in an article that focuses on cloud computing (specifically AWS) there's too much time being spent in the local command line of a server.
It's an especially revealing sentence when the authors says that "Most attacks won’t be against what we’ve covered in this guide, but against the applications you install next. Properly done, containers can limit the impact."
If we are running containerized applications and we are already in the cloud, why are we futzing around on the command line of a Linux box? Why are we not using a cload orchestrator that abstracts the OS from the equation entirely?
If we do have a need to be on a bare Linux box, all of this OS configuration is better handled with cloud init [1], a configuration management tool like Ansible, and/or by building an image with Packer.
I know that seems like overkill for a small hobby reluctant sysadmin project type of deal but it's very little extra effort once you get used to the workflow. I would even recommend putting this infrastructure in Terraform even though, again, it seems like overkill at first.
Someone else in the comments mentioned that it's easier to just start with a hardened image from the AWS Marketplace, and I also agree with that idea. Find a free hardened image and make that the base for your system.
[1] https://cloud-init.io
- Is the linux community done circlejerking for Red Hat or are we just going to forget about recent news in a week?
-
nmtui changes don't survive reboot?
Found this related article: "cloud-init re-generates network config every reboot overwriting manual admin changes on CentOS." https://github.com/canonical/cloud-init/issues/2983
letsencrypt
-
ACME with Google Domains using a DNS Zone in GCS DNS
This seems to be not implemented in certbot, yet: https://github.com/certbot/certbot/issues/6566
-
OpenSpeedTest in docker through DSM Reverse Proxy - incorrect upload speeds
If you do go with NPM or Traefik, under the covers it's using certbot to request/renew your certificates through Let's Encrypt using the DNS-01 challenge, meaning you can get wildcard certs and don't have to futz around with port forwards. Again I'd think Caddy has similar functionality, I just have not used it personally. Raw NGINX you probably don't want to try out yet considering it requires manually doing the configs
- Certbot run.bat file identified as batloader trojan by windows defender. Windows defender alerted me of a trojan which appears to simply be the startup batch script for certbot. Currently running full system scan, but I suspect it to be a false positive. Any ideas?
-
Snap Store administrators removed signal-desktop from Ubuntu Snap
certbot won't be missed. The code quality is pretty poor.
https://github.com/certbot/certbot/issues 5000 bugs and it most of it can be replaced by much smaller tools
-
Good Use Of Golang?
Here’s a good code reference (Python and rust): https://github.com/certbot/certbot
-
Let's Encrypt Certbot Not Working on FreeBSD
I am trying to migrate off of Linux and back to FreeBSD, but I hit a problem today. The Let's Encrypt Certbot is not installing. A bit surprising, given how important it is. So I thought I would notify the community Here is my bug report. https://github.com/certbot/certbot/issues/9394
-
How to update Certbot on Debian 11
Last release: https://github.com/certbot/certbot/releases (on 28th August 2022 = 1.29.0)
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
Right? It’s so ridiculous how you’re supposed to use Snap to install certbot. The (well, one of..) GitHub discussion is just beyond the pale:
https://github.com/certbot/certbot/issues/8345#issuecomment-...
-
Let’s Encrypt Receives the Levchin Prize for Real-World Cryptography
It goes way beyond, since Let's Encrypt influence the ecosystem a lot and the standards that are used.
If you use Let's Encrypt, you are likely using Certbot, which means that everybody uses a tool that a central authority strongly recommends to you.
I wonder how they generate the key, for example, it may be using secp256r1: https://github.com/certbot/certbot/blob/5c111d0bd1206d864d7c...
-
Setting up nginx+letsencrypt as a reverse proxy
# nginx-ingress-https.conf events { } http { include mime.types; server { listen 443 ssl; listen [::]:443 ssl; server_name sg.horlick.me; ssl_certificate /etc/letsencrypt/live/sg.horlick.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sg.horlick.me/privkey.pem; # taken from https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_dhparam /etc/ssl/certs/dhparam.pem; sendfile on; tcp_nopush on; tcp_nodelay on; location / { proxy_pass http://host.docker.internal:9090/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } }
What are some alternatives?
Ansible - Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
lego - Let's Encrypt/ACME client and library written in Go
Cloud-Init - unofficial mirror of Ubuntu's cloud-init
acme.sh - A pure Unix shell script implementing ACME client protocol
honcho - Honcho: a python clone of Foreman. For managing Procfile-based applications.
netboot.xyz - Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.
supervisor - Supervisor process control system for Unix (supervisord)
Fabric - Simple, Pythonic remote execution and deployment.
SaltStack - Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
Fabtools - Tools for writing awesome Fabric files
dehydrated-bigip-ansible - Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
