servercert
docker-swag
servercert | docker-swag | |
---|---|---|
4 | 296 | |
124 | 2,561 | |
4.8% | 2.9% | |
4.7 | 9.1 | |
2 days ago | 7 days ago | |
CSS | Dockerfile | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
servercert
-
Does my site need HTTPS?
This is permitted: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
But it hasn't really caught on; a lot of registrars don't seem to want the complexity of being (or integrating with) a CA, and vice versa.
-
Let's Encrypt: Issue with TLS-ALPN-01 Validation Method
It is unfortunate. It's required: https://github.com/cabforum/servercert/blob/main/docs/BR.md#...
-
MarkMonitor left 60k domains for the taking
No, they don't have to MitM the CA's domain validation request. While they have brief control over the website, they use domain validation method 3.2.2.4.18 (Agreed-Upon Change to Website v2)[1] or 3.2.2.4.19 (Agreed-Upon Change to Website - ACME)[2] to legitimately complete domain validation by making a change to the website.
[1] https://github.com/cabforum/servercert/blob/cda0f92ee70121fd...
-
A safer default for navigation: HTTPS
The article you linked to is kind of confused and I'm not sure I blame them. This stuff is really complex!
According to the proposal[0], leaf certificates are prohibited from being signed with a validity window of more than 397 days by a CA/B[1] compliant Certificate authority. This is very VERY different from the cert not being valid. It means that a CA could absolutely make you a certificate that violated these rules. If a CA signed a certificate with a longer window, they would risk having their root CA removed from the CA/B trust store which would make their root certificate pretty much worthless.
To validate this, you can look at the CA certificates that Google has[2] that are set to expire in 2036 (scroll down to "Download CA certificates" and expand the "Root CAs" section) several of which have been issued since that CA/B governance change.
As of right now, as far as I know, Chrome will continue to trust certificates that are signed with a larger window. I've not heard anything about browsers enforcing validity windows or anything like that, but would be delighted to find out the ways that I'm wrong if you can point me to a link.
Further, your home made root certificate will almost certainly not be accepted by CA/B into their trust store (and it sounds like you wouldn't want that) which means you're not bound by their governance. Feel free to issue yourself a certificate that lasts 1000 years and certifies that you're made out of marshmallows or whatever you want. As long as you install the public part of the CA into your devices it'll work great and your phone/laptop/whatever will be 100% sure you're made out of puffed sugar.
I guess I have to disclose that I'm an xoogler who worked on certificate issuance infrastructure and that this is my opinion, that my opinons are bad and I should feel bad :zoidberg:.
[0] https://github.com/cabforum/servercert/pull/138/commits/2b06...
docker-swag
- Take a look at traefik, even if you don't use containers
- Armar mi propio server
-
Guide: Setting up Local DNS WITH PORTS
I have a NAS on .0.181 and a swag container (on a different port than nginx) on .0.180 that points to my public facing services. For obvious reasons, I don't want my public domain to point to any other ports/addresses on my home network. Additionally, as elegant as swag is, it requires authentication and so won't work for simple local DNS. I now have one local domain for each server and an nginx instance on each that resolves to my different services on each.
-
SWAG + Nextcloud AIO + OnlyOffice + Openproject: Fullchain cert connections required. I have the data but I'm not sure how to plug this all together...
OP is even linking the Github... https://github.com/linuxserver/docker-swag
-
Reverse Proxied services not accessible on LAN
I have an UnRAID server with a few services (Jellyfin, Nextcloud, etc.) running on it behind Linux Servers' SWAG reverse proxy container, which is built on Nginx and Let's Encrypt. This is pointed to a DuckDNS link, which is then pointed at my domain with a CNAME. So I can access Jellyfin, for example, at jellyfin.mydomain.com. A few weeks ago, due to seemingly unrelated issues, I got a new modem/router, an Arris SURFboard G34. For the first few weeks, everything was working as before. But now, when on my LAN, I can't get to my services at the proxied domain. It times out every time. There are no errors in SWAG's logs, nothing seems amiss in the router's web interface, and the services are available both at their IP:port address and, when not on my LAN, I can access them at the domain no problem.
- Fail2Ban โ Daemon to ban hosts that cause multiple authentication errors
- Mealie and Swag sut issues
- Can't get Swag instance page
- Site marked dangerous
- Reverse proxy, where to start?
What are some alternatives?
cert-gen - Generate CA and self-signed SSL certificates usable in your browser for local development.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
authentik - The authentication glue you need.
devcert - Local HTTPS development made easy
traefik-examples - docker-compose configurations examples for traefik
devcert-cli - A CLI wrapper for devcert, to manage development SSL/TLS certificates and domains
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
authelia - The Single Sign-On Multi-Factor portal for web apps
Navidrome Music Server - ๐งโ๏ธ Modern Music Server and Streamer compatible with Subsonic/Airsonic
Jellyfin - The Free Software Media System