easy-rsa VS nginx-proxy

Easy-rsa to the rescue. Been using it for a while, works great and makes life easier :)

Link: https://github.com/OpenVPN/easy-rsa

Summary from that page:

easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).

No, OpenVPN relies on the CA trust model. Anyone signed by the CA has access, unless they have been revoked (CRL): https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Renew-and-Revoke.md

Then make do with the CLI. There might be some tooling to help you, e.g. https://github.com/OpenVPN/easy-rsa

Hey folks. I'm one of the authors for Mastering OpenVPN, the author of Troubleshooting OpenVPN, and the maintainer of EasyRSA. In light of Apollo and other 3rd party apps going dark on the 30th, I figured I'd "turn in my notice" on Reddit and do the normal sysadmin data dump/brown bag before I'm gone. I've really enjoyed this group and hope things get sorted in the long run.

Correct. That applies to OpenVPN. There's a tool that OpenRSA maintains that help with creating those certificates, EasyRSA: https://github.com/OpenVPN/easy-rsa

Regarding the keys, csr and certificates it's pretty easy to manage them with easy-rsa (https://github.com/OpenVPN/easy-rsa)

$ git clone https://github.com/OpenVPN/easy-rsa.git

Depending on your use case, either https://github.com/FiloSottile/mkcert or https://github.com/OpenVPN/easy-rsa

If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa

I have an express API that runs on EC2 and I am using nginx-proxy

If Traefik is not your thing Im happily using https://github.com/nginx-proxy/nginx-proxy and sslip.io for local docker compose development.

And then even plain nginx to proxy to non docker services...

(And ipv6 for really short urls. E.g. `example.com.--1.sslip.io` etc)

I wanted to share with you an exciting new tool that simplifies the process of interacting with the NGINX Proxy Manager API. It's a TypeScript tool that generates API requests based on environment variables within a Docker container. This tool is heavy influenced by the https://github.com/nginx-proxy/nginx-proxy but it works with npm.

I use an automatically configuring reverse proxy - there's several to choose from, but the nginx-docker image is really nice, and comes with another image to do automatic SSL with certbot (if you wanted to host things externally).

Docker runs on the 3B+ so you could use this [Github] or the one I have deployed here [NGINX Proxy Manager site] amongst others.

- and this

docker compose + wildcard dns + reverse proxy that covers all widecard subdomains + https://github.com/nginx-proxy/nginx-proxy (not to be confused with nginx itself) then setup a container for each app and set a subdomain for it, you can add ssl if you have a public domain or use self signed certs (but you need to distribute it to all machines and devices)

setting up letsencrypt with nginx-proxy and acme-companion

We use the nginx-proxy docker image. Auto-configuring reverse proxy with support for certbot. Never been easier - just put your domain and certbot details in your container env, and it does the rest.

I just use the nginx-proxy image, makes it all super easy, auto-configuring, and all domain/cert information is stored against the project rather than the proxy.