kpatch
lego
| kpatch | lego | |
|---|---|---|
| 3 | 56 | |
| 1,421 | 7,324 | |
| 1.0% | 1.9% | |
| 6.1 | 8.9 | |
| 6 days ago | 10 days ago | |
| C | Go | |
| GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kpatch
- Kpatch: Dynamic Linux Kernel Patching
-
Self hosting in 2023 and why you should do that
All Linux kernel livepatch stuff are paid services, as I understand it, the Linux kernel live patches aren't possible to just produce automatically, it requires a team with enough Linux kernel knowledge to make it work and usually such teams want to get paid.
Also, I think that the base Linux kpatch tools are open source, but the infrastructure that RedHat/SUSE/Canonical/etc use to provide them are not. However, I think the Gentoo folks do have some open infra code.
https://github.com/dynup/kpatch
-
Ubuntu Pro
Kpatch is fully open
https://github.com/dynup/kpatch
But if you mean the Kernel patch packages themselves, then you are right, looks like there are no free patch packages that one can just download and use.
lego
-
Take a look at traefik, even if you don't use containers
This is one area where I've found nixos to be really helpful. I can set this up with just adding some lines to the configuration.nix (which uses [lego](https://github.com/go-acme/lego) and letsencrypt in the backend):
```nix
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
-
Running one’s own root Certificate Authority in 2023
This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego
-
I am once again asking that "web" and "fullstack" developers...
My favorite method of obtaining certificates is with lets encrypt and LEGO
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
- Anyone using WireGuard with a domain name? Any ideas to lower the bills?
- Acme.sh runs arbitrary commands from a remote server
-
How do you renew SSL certificates?
Depend on host's capability... - lego - dehydrated - caddy - in case it already works as a web server, it will automatically issue and renew certs
- Automating LE renewals with dns-01?
-
LeGo CertHub v0.9.0 with Docker Support
u/gregtwallace maybe in the short term until you write your own, you could provide a hook into one of the many ACME client implementations which do DNS-01 and support the majority of major DNS provider APIs out of the box? That would make your (really great!) project much more widely usable.
What are some alternatives?
caddy-dynamicdns - Caddy app that keeps your DNS records (A/AAAA) pointed at itself.
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
elivepatch-client - Flexible Distributed Linux Kernel Live Patching
acme.sh - A pure Unix shell script implementing ACME client protocol
linux - Linux kernel source tree
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
elivepatch-server - Flexible Distributed Linux Kernel Live Patching
autocert - [mirror] Go supplementary cryptography libraries
DnsTube - Access your computer from anywhere. DnsTube is a Windows .NET dynamic DNS client for Cloudflare.
acmetool - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
ACL - A simple but powerful Access Control List manager