From 7f000d27b71344a35f6d52597c693c998a680e26 Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Thu, 27 Jul 2023 16:21:39 +0200 Subject: [PATCH] Finished part 4 --- .../P3_Certificate_Manager/Issuer.yaml | 3 - .../P4_Local_CA/Issuer.yaml | 42 ++++ .../P4_Local_Certs/Secret.yaml | 8 + .../P4_Local_Certs/ca.filter.home.cer | 32 +++ .../P4_Local_Certs/ca.filter.home.key | 52 +++++ .../P4_Local_Certs/tls.crt | 1 + .../P4_Local_Certs/tls.key | 1 + Migrations/Forget_Traefik_2023/README.md | 200 +++++++++++++++--- 8 files changed, 310 insertions(+), 29 deletions(-) create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_CA/Issuer.yaml create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_Certs/Secret.yaml create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.cer create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.key create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.crt create mode 100644 Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.key diff --git a/Migrations/Forget_Traefik_2023/P3_Certificate_Manager/Issuer.yaml b/Migrations/Forget_Traefik_2023/P3_Certificate_Manager/Issuer.yaml index 0394adf..4a1b61a 100644 --- a/Migrations/Forget_Traefik_2023/P3_Certificate_Manager/Issuer.yaml +++ b/Migrations/Forget_Traefik_2023/P3_Certificate_Manager/Issuer.yaml @@ -18,7 +18,6 @@ spec: solvers: - http01: ingress: -# ingressClassName: istio class: istio podTemplate: metadata: @@ -29,9 +28,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: filterhome-domain-cert-public -# namespace: istio-ingress namespace: istio-system -# namespace: istio-ingress spec: secretName: filterhome-domain-cert-public duration: 20h # 90d diff --git a/Migrations/Forget_Traefik_2023/P4_Local_CA/Issuer.yaml b/Migrations/Forget_Traefik_2023/P4_Local_CA/Issuer.yaml new file mode 100644 index 0000000..184f447 --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_CA/Issuer.yaml @@ -0,0 +1,42 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: ca-issuer + namespace: cert-manager +spec: + ca: + secretName: local-ca +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: local-wildcard-certificate + namespace: istio-system +spec: + secretName: domain-cert-local + privateKey: + rotationPolicy: Always + algorithm: RSA + encoding: PKCS1 + size: 4096 + duration: 20h # 1 Year + renewBefore: 2h #9 months + subject: + organizations: + - FilterHome + commonName: filterhome + isCA: false + usages: + - server auth + - client auth + dnsNames: +# - demoapi.default +# - demoapi.default.svc +# - demoapi.default.svc.cluster +# - demoapi.default.svc.cluster.local + - "filter.home" + - "*.filter.home" +# - jelly.filter.home + issuerRef: + name: ca-issuer + kind: ClusterIssuer \ No newline at end of file diff --git a/Migrations/Forget_Traefik_2023/P4_Local_Certs/Secret.yaml b/Migrations/Forget_Traefik_2023/P4_Local_Certs/Secret.yaml new file mode 100644 index 0000000..01aaf06 --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_Certs/Secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: local-ca + namespace: cert-manager +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZnRENDQTJpZ0F3SUJBZ0lVT3YrL25TS1ZLSXIxZlNxblArMno0eDRNT0ZVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NURUxNQWtHQTFVRUJoTUNSVk14RERBS0JnTlZCQWdNQTBKQlVqRVRNQkVHQTFVRUNnd0tSbWxzZEdWeQpTRzl0WlRFWE1CVUdBMVVFQXd3T1kyRXVabWxzZEdWeUxtaHZiV1V3SGhjTk1qTXdOekkzTVRNek5ERTNXaGNOCk1qTXdPREF4TVRNek5ERTNXakJKTVFzd0NRWURWUVFHRXdKRlV6RU1NQW9HQTFVRUNBd0RRa0ZTTVJNd0VRWUQKVlFRS0RBcEdhV3gwWlhKSWIyMWxNUmN3RlFZRFZRUUREQTVqWVM1bWFXeDBaWEl1YUc5dFpUQ0NBaUl3RFFZSgpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLQ1JvdUMvWWxkam83dno2QmVzeFpZVzlSNHY4Q2JxCjNOQkdsalFEeHUxTnVnT0hqU0tmQ1NRSFRlOUY0VitnM1pqREtxTnl6V08xVmVDSmdJYVdKQWE1M1JDdGFTUUYKYkVTWXNrUG83TkNXY1RpaWY1VFhhUnlWL24yMkRpdWU5R3AwUVZ0TnVZai95ZEw4akZ2V0w5Q2Q4SGVUcXVhbgovZkFzcEhHaGlwK3FmWjlRekkrQnUzR09EeEpKMi9xQnhyWDdGT1J3OFRwOWRSU2R2dWc0NGRFbG1WNXp1WWNZCmZJY1lTZVp1MFZmV3lXZWR0SjFZaGVBaWVELzJVczBOeG5rbG9wNlQ5N3cvRUpDdjlhNkhrTlNaaWNJYkd1Q2IKaXM3OS9DVmNqWjRndEdQWWg5SlgwS1JDa1VHcEhabSs4cFFTVUJBNWxOUG9nMUQvdVRCc1Y5c0dwMDBWc2VmYwpaVkhOVEVzeXdYREtFZDhzUFRmZ3UyTGtBeGpNRjRscjlTSk4vZ094YjVOWTFTR1R6R2U1NmlPMDN0VDJPc1prClU0Y01FOEZLRTVsZVNwTGZzalZ0UndkcEhRelF0eHBmU2x4eFNYa2Q3OXhLOTlTWHRFdC9WMlorbEx3d005TVEKWmxxYTFsbEFoaXg5aEIydktMNDlmQVdMQXBVU0UySCtRc3o3clUwdDdrZmVsbGJDZWJsK3hLQUhHcEFNQ0pTNgp2Y3p5ZDU2azFPNm5sV3lqTkRET3JoT1JJUHFRNTY1UFdMNXFhMm5WWXU2VlVHMjJONmdGTDVya1RjOGFTZHNyCjUvQmhLYm5kTHROQTdrQ2xrcnMyVjFsdjUxbkJQbnpkRFJ1MWdQK0ZkM3pZNFB5d3crV3JOZ0grWUZCemxlckcKejlwZlZwYWt1dDZmQWdNQkFBR2pZREJlTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBRwpBUUgvQWdFQk1Ca0dBMVVkRVFRU01CQ0NEbU5oTG1acGJIUmxjaTVvYjIxbE1CMEdBMVVkRGdRV0JCUThLSWNOClF4S2JzL2pnTnA3MS9RaDE3WElwVHpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVNKVzNROXJNbmtkQWNBU04KYnU4QnBVa1NLbE84ZjRaS3E0aEhlMWNlaWJVVUxLVzdMdG9ROVBXUjdJOEVTQ2lLTi9qWVc1eE5lejdHQ2xTQgoxcnNncEFuMTRKaWZkZTJoZlZ4ZllsYjRIOW13ejJqejY4Mk9FMnZhK3ZPNy9BNUQyVmpRZ1ZXdlNkYW0rUkNyCkFBandIZHpvWUIzOFovNjFaWDdLRFExTWw0MVhOK05TYWc2Ty9yaEpxUG13MUF4Z3JMa2s2Y2YrbFkvbU5zR0cKSVNlQm85UC9qcXAxNkJCZk9YOTlEQlZpd1gwNVlRcDRweUxpMENZRHlidStPUEhOMzdISG8zTVdkb0tabm9mZQo0TkJORmhtQUtScG1PaXdJb1REUm05Zm9IZWJFcXZ4N3d6VzlJZzRqRXpkTFlrWE1aMzhTZDBlc0tibWFpWHdzCkkwUVcxN0J3SXhlY241ZUdScFRSQ0RyZ2M5ZGFvUXEvQVkraEduZ1VwakdTcmNnMEUvNWoyQ2NZL2RpVEZpZHgKQ0dTNUxxY0FYbFN0eWh3VnErR1NrazJVTjRybExVSU1DbklzYTYxOWo2WEIwdXVuTVlpdUZpYmVlVVIwdGtrUQpmbU5hWUF2UXNLZEdBSVlvcUdJZUVpM21acjBYU1NjYU1HNXUzZXdXN1FkaDczWHN3L3Q0Rlh4d3RPNzQ1YnhSCjFvQkVPaEpxYU90NmhBN0xJQ1F4YTYwTUNqYzdFNzBPdFhFZ1VmVGlZWEhqTmFkYmhLbGZ0aGZZQkdXY002R20KM0RIYTJSUm5oUlBORWhxTnhzK1RFQjdUdHFuQ0lPZThOckxNZFVvM09mT1FHc25adE16Mlc4WDh4RnhDN0J2TApDOFAwNG1vdGxEZ0JhaXQ0NEtqeWpPSTA0Qk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2drYUxndjJKWFk2TzcKOCtnWHJNV1dGdlVlTC9BbTZ0elFScFkwQThidFRib0RoNDBpbndra0IwM3ZSZUZmb04yWXd5cWpjczFqdFZYZwppWUNHbGlRR3VkMFFyV2trQld4RW1MSkQ2T3pRbG5FNG9uK1UxMmtjbGY1OXRnNHJudlJxZEVGYlRibUkvOG5TCi9JeGIxaS9RbmZCM2s2cm1wLzN3TEtSeG9ZcWZxbjJmVU15UGdidHhqZzhTU2R2NmdjYTEreFRrY1BFNmZYVVUKbmI3b09PSFJKWmxlYzdtSEdIeUhHRW5tYnRGWDFzbG5uYlNkV0lYZ0luZy85bExORGNaNUphS2VrL2U4UHhDUQpyL1d1aDVEVW1ZbkNHeHJnbTRyTy9md2xYSTJlSUxSajJJZlNWOUNrUXBGQnFSMlp2dktVRWxBUU9aVFQ2SU5RCi83a3diRmZiQnFkTkZiSG4zR1ZSelV4TE1zRnd5aEhmTEQwMzRMdGk1QU1ZekJlSmEvVWlUZjREc1crVFdOVWgKazh4bnVlb2p0TjdVOWpyR1pGT0hEQlBCU2hPWlhrcVMzN0kxYlVjSGFSME0wTGNhWDBwY2NVbDVIZS9jU3ZmVQpsN1JMZjFkbWZwUzhNRFBURUdaYW10WlpRSVlzZllRZHJ5aStQWHdGaXdLVkVoTmgva0xNKzYxTkxlNUgzcFpXCndubTVmc1NnQnhxUURBaVV1cjNNOG5lZXBOVHVwNVZzb3pRd3pxNFRrU0Q2a09ldVQxaSthbXRwMVdMdWxWQnQKdGplb0JTK2E1RTNQR2tuYksrZndZU201M1M3VFFPNUFwWks3TmxkWmIrZFp3VDU4M1EwYnRZRC9oWGQ4Mk9EOApzTVBscXpZQi9tQlFjNVhxeHMvYVgxYVdwTHJlbndJREFRQUJBb0lDQUJFM0hCbnhtd2NZa1R6OURSVEF1dHg1Ck1LV2dhU1NiQ0xxeDNyZkw4ZCtPZGxPYmpHZTZXbDRKQkhPVGIvTHpTZDd2aWRwRlhEMEUrNlNieVhKa2xZODkKRFRVVkNwRkluWStMT1kycll2eUlMTEp3UmJKOUYvRnZLWDVyN3dBQlJsNUZnWjVhNm5vRVJxeSsxQU9pcHJTOAp3a1BueXFwNU4zSXhMeDVadmdXWlgyZWQzNWpCUllvS3U1WHY0a3hzN3BPalRGMmp1RkZYa3g1M1BUa2pwQjVxCjVCTXE0Q2phV0x1WlFJOGFzWW96NXBzYjN2b0J2RFRJTFZGYVJRMWtIVFB1ODQwQiswMHRDOGNmZm4xTVhweFUKcTk3cVRncm4wazJZRUprbTM2NGsvb0kzL0hQeVkxWEJKMWE5WFlXVzRlWTdRbWRDN1RCOUhOc3AxNzZYMXlGaQplVEVKUDcrd2k2Z2dSY1I0eFpSODlyUXhkd3dhUnlJanFjQTc3V0h0RW5lSVI4ZVBFM01pZDZzUmh1Z2dYdkk1Ck1JQnQ0YlYxeFZwVndkbzhQZGRhU0h4dTE5c2sxdHJVN3BRbEFQT1Ntb3ZtTldxcm1adFpldkJ3S1ovQmVnUDUKRmxadEYrK01zdzcrbmVodFhmcmpjeDIrakNyZmZLckJJVHM0WEdBQmZrZDNYbzJtdGxJYUJlTGVCYks0a2poegpVcnIzaGZuM1J0Q0QvSUhGR1cwRVNxbnY0R2x2UDMxSVltbHF4QjJNay9XczlEaGx5N1B2K2pIelVTdml6N04xClducjVQZkZmZlJGY3RLWTRjekZ1Rkl0NlB6OEdPTUxGKzBKOEJpRlYwaXBkOGlVckFiblNaWitTZ0tjcjE1UlAKbFRQTGg0cEJGVlpESXV2azdYWWxBb0lCQVFEWDRhWEUrTW9Tek1CRi84TnZMVE01S1lQSzhnSWFkQXZCbTJXTApCVTBDSTJOaXE5c2tDRTBkWjJYSWJHbkNoeWtIMHNxY25IVXlzbmdoNDdBQklMT1F1c25iT3RTUkZJa083NEVHCkFhZnB3enUxV1g5eDBhQ3NzU1U1S2J0OFlSdDdXT1h3R08zMHd2WkMzTWdQLzNQbjNLblEzQXA2OU9GOFh0S28KUmhRUVh4Sk94K00xVUNpc0h3MGJ5QmM4MUs5bTZRWGE1ZGRUVitITHMvYnZlYzZWSmNPMENBZ29PUU5GVDJSUgpoejJhTHYwU0luakFxYkx2OGRxWE5IdGxBMEM0eGJiTTZzeUFVcURrRUE5N1hnZFNyU0dYOTl3aXhmMGUyOFN6ClJ3UWpwclc2R2xvd0k5YmhpcTllNjQ4MUN3Q3RzRWFTdDk5LzE3aEJFT1ZTemZPVkFvSUJBUUMrYUl3aldsK08KdFBHa2hjSXFXeWh1Mm9HcVh1RzE2Vk9rNmZRbmF2VDRDcGl4QkJaWFEwNkt3R1plZFRvcG9EUEgwVVRVZ092TQoxN2tPSkF0endXR1FKQUhPSnRNSkhxcmh1MldwUW1NbnJ1NXRxcTdrVjlZSjJvMnFJM1Z0L210bDlRdlBaeTUyClBwTEtPOS9nT3U0VytZTVN5UWpPNmZDUTJvR1lRRS9HSVZiNFBXc1hSd2pMMVU3djlaTE15WmZIOUQrRElhRUgKL0oxMjJDTytEbkplREIyQWRPTU9jUGE1ZFU3ZUs4T2Zqc2F2ZmdmZW1SSnFOdjRJNlRuc3JqRC9pbGVHUStrQQpJUng5Y2lwTDUyMGFQNjRaUVdyUmZEcTNVQmpBVjBkU2VhN2Mrb0hPRzVDdlBMb1JzaGd0djAxWWt6UzNPdGthCmtseW1UdWpDVS94akFvSUJBSEdxMndpeVlsdXh1VTlpRXJvWUY0OXlmM1U5SmNSZDg4NjJEcW83V1VmVjhEK0UKODNhdWRFUVdMQzV5ZnVFeEgzYUNFN0tRWXRrVnhWRTZ2SEpya0lDVkNUSEljU0lPcVBmWFBaMDNBLzEra1pLMApFL21QQWNYTDVDaU1BNjdDeHFDVXQwVkxLd2VrRzl3cXVhQkt4ZkdBYTEyUWJtZzlSZmloU05QWFNqc3dnOGc5ClVUSENDaGhPcFMxS2xvbXVCc2p0eXVwdCtJbG1qWG9mUU5ibzBOQVJPVkV5cFhEZ1RBdVRlT1BBakx3Qkg3a0wKczM3bUcxUmhpTkh5alVJcmkwbCt1UGgrYkx6b1JOU3diQ1p0NVBjd042NzNqODR6WjBwM05zT2FrZUJmcC9IYwpiRDVLc0pyQzFnSHBqOWJDKzFGNHJrQVVWcmJPazdLV3ZkaHlubDBDZ2dFQkFJK3ZOeWtxZG5lckpicEFVYkJDCnovVXZJTEFmSDNaMTEyL1lPQzFTc2Y5SGg4ZjB6S01YSUhybUM1bjJIbWp4QW9Jajhpdm1DWXF2czI3dlZsRUkKdWdYYWxoNHFBQkNldXRiUzRqbGk1bzQ0bktYWEtsa1h5Mlh1TGY4WStQR0REeXFHUzE0OGY3d3RKZnBFU29IYwpGblR4M3E1YlZERklLZ2cxUzV4SDA2c3cxMzlHWWJ6VUZ0Z3laSG9CdDhDZjA5REpDUEI4ZlJjWTB2NnV4ZklTCjFzMFBtV2VwVFBwRjFubEhBN2YyRUk0a1lOeG5YNnJqbWhqYTNNSit0UDVjeUk3ZHA0U2pWSDJMZndOUEZvbm0KM3RieS9QOEQ5WWFWbDMxampQb0FJc3NqRmdpZFpUelNZbEZLb3lMZFlRK01qK0pxVzFwMXB3VTlNM3N3aXNheQpOLzhDZ2dFQWZQZDM2R24ydmVFUkx1ZUlCVjRaNjlHVDFqL2xnT2xjMGdRU1lUMW9RQ21BM1dLOFMwUEZHTlJGCm9Td1NKa2Z3TDIzaXkvRUFibVdieTNGVndablBQLzA3Q3NPMDZmbzhFU0VzbDI2MWZqMTBDU3ZMMnpPN3plL3kKcWZtYWNxYnZMQ2lqTGRjak1CYStxRStzMzNFQ3RwZGZ3WFZJanY1MU5hcDVNelBFTVVMbFdJWEVKWXZyakdNRwplOWdUdlVvM1lzMkF0ZTNHTXA1V0tLY2lYSTd6akEzcHdpQ25ielhGNGRXN1VkUTZpYnhjbnFLUDZPYzNVZVBoCkZpRGQ1YlNiU3BIc1ZVV3BtWnQwMm9vZ21LVDRzcEZYM2dESHBFbUpJVFlqNXBWTzRDN25LOWJ0RFNackV2aksKRHVrU1Q1RHY4Wi9pVGV6WUNZbFhuZEZEdTlBZjVnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= diff --git a/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.cer b/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.cer new file mode 100644 index 0000000..a2a083e --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.cer @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFgDCCA2igAwIBAgIUOv+/nSKVKIr1fSqnP+2z4x4MOFUwDQYJKoZIhvcNAQEL +BQAwSTELMAkGA1UEBhMCRVMxDDAKBgNVBAgMA0JBUjETMBEGA1UECgwKRmlsdGVy +SG9tZTEXMBUGA1UEAwwOY2EuZmlsdGVyLmhvbWUwHhcNMjMwNzI3MTMzNDE3WhcN +MjMwODAxMTMzNDE3WjBJMQswCQYDVQQGEwJFUzEMMAoGA1UECAwDQkFSMRMwEQYD +VQQKDApGaWx0ZXJIb21lMRcwFQYDVQQDDA5jYS5maWx0ZXIuaG9tZTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKCRouC/Yldjo7vz6BesxZYW9R4v8Cbq +3NBGljQDxu1NugOHjSKfCSQHTe9F4V+g3ZjDKqNyzWO1VeCJgIaWJAa53RCtaSQF +bESYskPo7NCWcTiif5TXaRyV/n22Diue9Gp0QVtNuYj/ydL8jFvWL9Cd8HeTquan +/fAspHGhip+qfZ9QzI+Bu3GODxJJ2/qBxrX7FORw8Tp9dRSdvug44dElmV5zuYcY +fIcYSeZu0VfWyWedtJ1YheAieD/2Us0Nxnklop6T97w/EJCv9a6HkNSZicIbGuCb +is79/CVcjZ4gtGPYh9JX0KRCkUGpHZm+8pQSUBA5lNPog1D/uTBsV9sGp00Vsefc +ZVHNTEsywXDKEd8sPTfgu2LkAxjMF4lr9SJN/gOxb5NY1SGTzGe56iO03tT2OsZk +U4cME8FKE5leSpLfsjVtRwdpHQzQtxpfSlxxSXkd79xK99SXtEt/V2Z+lLwwM9MQ +Zlqa1llAhix9hB2vKL49fAWLApUSE2H+Qsz7rU0t7kfellbCebl+xKAHGpAMCJS6 +vczyd56k1O6nlWyjNDDOrhORIPqQ565PWL5qa2nVYu6VUG22N6gFL5rkTc8aSdsr +5/BhKbndLtNA7kClkrs2V1lv51nBPnzdDRu1gP+Fd3zY4Pyww+WrNgH+YFBzlerG +z9pfVpakut6fAgMBAAGjYDBeMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG +AQH/AgEBMBkGA1UdEQQSMBCCDmNhLmZpbHRlci5ob21lMB0GA1UdDgQWBBQ8KIcN +QxKbs/jgNp71/Qh17XIpTzANBgkqhkiG9w0BAQsFAAOCAgEASJW3Q9rMnkdAcASN +bu8BpUkSKlO8f4ZKq4hHe1ceibUULKW7LtoQ9PWR7I8ESCiKN/jYW5xNez7GClSB +1rsgpAn14Jifde2hfVxfYlb4H9mwz2jz682OE2va+vO7/A5D2VjQgVWvSdam+RCr +AAjwHdzoYB38Z/61ZX7KDQ1Ml41XN+NSag6O/rhJqPmw1AxgrLkk6cf+lY/mNsGG +ISeBo9P/jqp16BBfOX99DBViwX05YQp4pyLi0CYDybu+OPHN37HHo3MWdoKZnofe +4NBNFhmAKRpmOiwIoTDRm9foHebEqvx7wzW9Ig4jEzdLYkXMZ38Sd0esKbmaiXws +I0QW17BwIxecn5eGRpTRCDrgc9daoQq/AY+hGngUpjGSrcg0E/5j2CcY/diTFidx +CGS5LqcAXlStyhwVq+GSkk2UN4rlLUIMCnIsa619j6XB0uunMYiuFibeeUR0tkkQ +fmNaYAvQsKdGAIYoqGIeEi3mZr0XSScaMG5u3ewW7Qdh73Xsw/t4FXxwtO745bxR +1oBEOhJqaOt6hA7LICQxa60MCjc7E70OtXEgUfTiYXHjNadbhKlfthfYBGWcM6Gm +3DHa2RRnhRPNEhqNxs+TEB7TtqnCIOe8NrLMdUo3OfOQGsnZtMz2W8X8xFxC7BvL +C8P04motlDgBait44KjyjOI04BM= +-----END CERTIFICATE----- diff --git a/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.key b/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.key new file mode 100644 index 0000000..2365cf5 --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_Certs/ca.filter.home.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgkaLgv2JXY6O7 +8+gXrMWWFvUeL/Am6tzQRpY0A8btTboDh40inwkkB03vReFfoN2Ywyqjcs1jtVXg +iYCGliQGud0QrWkkBWxEmLJD6OzQlnE4on+U12kclf59tg4rnvRqdEFbTbmI/8nS +/Ixb1i/QnfB3k6rmp/3wLKRxoYqfqn2fUMyPgbtxjg8SSdv6gca1+xTkcPE6fXUU +nb7oOOHRJZlec7mHGHyHGEnmbtFX1slnnbSdWIXgIng/9lLNDcZ5JaKek/e8PxCQ +r/Wuh5DUmYnCGxrgm4rO/fwlXI2eILRj2IfSV9CkQpFBqR2ZvvKUElAQOZTT6INQ +/7kwbFfbBqdNFbHn3GVRzUxLMsFwyhHfLD034Lti5AMYzBeJa/UiTf4DsW+TWNUh +k8xnueojtN7U9jrGZFOHDBPBShOZXkqS37I1bUcHaR0M0LcaX0pccUl5He/cSvfU +l7RLf1dmfpS8MDPTEGZamtZZQIYsfYQdryi+PXwFiwKVEhNh/kLM+61NLe5H3pZW +wnm5fsSgBxqQDAiUur3M8neepNTup5VsozQwzq4TkSD6kOeuT1i+amtp1WLulVBt +tjeoBS+a5E3PGknbK+fwYSm53S7TQO5ApZK7NldZb+dZwT583Q0btYD/hXd82OD8 +sMPlqzYB/mBQc5Xqxs/aX1aWpLrenwIDAQABAoICABE3HBnxmwcYkTz9DRTAutx5 +MKWgaSSbCLqx3rfL8d+OdlObjGe6Wl4JBHOTb/LzSd7vidpFXD0E+6SbyXJklY89 +DTUVCpFInY+LOY2rYvyILLJwRbJ9F/FvKX5r7wABRl5FgZ5a6noERqy+1AOiprS8 +wkPnyqp5N3IxLx5ZvgWZX2ed35jBRYoKu5Xv4kxs7pOjTF2juFFXkx53PTkjpB5q +5BMq4CjaWLuZQI8asYoz5psb3voBvDTILVFaRQ1kHTPu840B+00tC8cffn1MXpxU +q97qTgrn0k2YEJkm364k/oI3/HPyY1XBJ1a9XYWW4eY7QmdC7TB9HNsp176X1yFi +eTEJP7+wi6ggRcR4xZR89rQxdwwaRyIjqcA77WHtEneIR8ePE3Mid6sRhuggXvI5 +MIBt4bV1xVpVwdo8PddaSHxu19sk1trU7pQlAPOSmovmNWqrmZtZevBwKZ/BegP5 +FlZtF++Msw7+nehtXfrjcx2+jCrffKrBITs4XGABfkd3Xo2mtlIaBeLeBbK4kjhz +Urr3hfn3RtCD/IHFGW0ESqnv4GlvP31IYmlqxB2Mk/Ws9Dhly7Pv+jHzUSviz7N1 +Wnr5PfFffRFctKY4czFuFIt6Pz8GOMLF+0J8BiFV0ipd8iUrAbnSZZ+SgKcr15RP +lTPLh4pBFVZDIuvk7XYlAoIBAQDX4aXE+MoSzMBF/8NvLTM5KYPK8gIadAvBm2WL +BU0CI2Niq9skCE0dZ2XIbGnChykH0sqcnHUysngh47ABILOQusnbOtSRFIkO74EG +Aafpwzu1WX9x0aCssSU5Kbt8YRt7WOXwGO30wvZC3MgP/3Pn3KnQ3Ap69OF8XtKo +RhQQXxJOx+M1UCisHw0byBc81K9m6QXa5ddTV+HLs/bvec6VJcO0CAgoOQNFT2RR +hz2aLv0SInjAqbLv8dqXNHtlA0C4xbbM6syAUqDkEA97XgdSrSGX99wixf0e28Sz +RwQjprW6GlowI9bhiq9e6481CwCtsEaSt99/17hBEOVSzfOVAoIBAQC+aIwjWl+O +tPGkhcIqWyhu2oGqXuG16VOk6fQnavT4CpixBBZXQ06KwGZedTopoDPH0UTUgOvM +17kOJAtzwWGQJAHOJtMJHqrhu2WpQmMnru5tqq7kV9YJ2o2qI3Vt/mtl9QvPZy52 +PpLKO9/gOu4W+YMSyQjO6fCQ2oGYQE/GIVb4PWsXRwjL1U7v9ZLMyZfH9D+DIaEH +/J122CO+DnJeDB2AdOMOcPa5dU7eK8OfjsavfgfemRJqNv4I6TnsrjD/ileGQ+kA +IRx9cipL520aP64ZQWrRfDq3UBjAV0dSea7c+oHOG5CvPLoRshgtv01YkzS3Otka +klymTujCU/xjAoIBAHGq2wiyYluxuU9iEroYF49yf3U9JcRd8862Dqo7WUfV8D+E +83audEQWLC5yfuExH3aCE7KQYtkVxVE6vHJrkICVCTHIcSIOqPfXPZ03A/1+kZK0 +E/mPAcXL5CiMA67CxqCUt0VLKwekG9wquaBKxfGAa12Qbmg9RfihSNPXSjswg8g9 +UTHCChhOpS1KlomuBsjtyupt+IlmjXofQNbo0NAROVEypXDgTAuTeOPAjLwBH7kL +s37mG1RhiNHyjUIri0l+uPh+bLzoRNSwbCZt5PcwN673j84zZ0p3NsOakeBfp/Hc +bD5KsJrC1gHpj9bC+1F4rkAUVrbOk7KWvdhynl0CggEBAI+vNykqdnerJbpAUbBC +z/UvILAfH3Z112/YOC1Ssf9Hh8f0zKMXIHrmC5n2HmjxAoIj8ivmCYqvs27vVlEI +ugXalh4qABCeutbS4jli5o44nKXXKlkXy2XuLf8Y+PGDDyqGS148f7wtJfpESoHc +FnTx3q5bVDFIKgg1S5xH06sw139GYbzUFtgyZHoBt8Cf09DJCPB8fRcY0v6uxfIS +1s0PmWepTPpF1nlHA7f2EI4kYNxnX6rjmhja3MJ+tP5cyI7dp4SjVH2LfwNPFonm +3tby/P8D9YaVl31jjPoAIssjFgidZTzSYlFKoyLdYQ+Mj+JqW1p1pwU9M3swisay +N/8CggEAfPd36Gn2veERLueIBV4Z69GT1j/lgOlc0gQSYT1oQCmA3WK8S0PFGNRF +oSwSJkfwL23iy/EAbmWby3FVwZnPP/07CsO06fo8ESEsl261fj10CSvL2zO7ze/y +qfmacqbvLCijLdcjMBa+qE+s33ECtpdfwXVIjv51Nap5MzPEMULlWIXEJYvrjGMG +e9gTvUo3Ys2Ate3GMp5WKKciXI7zjA3pwiCnbzXF4dW7UdQ6ibxcnqKP6Oc3UePh +FiDd5bSbSpHsVUWpmZt02oogmKT4spFX3gDHpEmJITYj5pVO4C7nK9btDSZrEvjK +DukST5Dv8Z/iTezYCYlXndFDu9Af5g== +-----END PRIVATE KEY----- diff --git a/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.crt b/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.crt new file mode 100644 index 0000000..efcc509 --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.crt @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZnRENDQTJpZ0F3SUJBZ0lVT3YrL25TS1ZLSXIxZlNxblArMno0eDRNT0ZVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NURUxNQWtHQTFVRUJoTUNSVk14RERBS0JnTlZCQWdNQTBKQlVqRVRNQkVHQTFVRUNnd0tSbWxzZEdWeQpTRzl0WlRFWE1CVUdBMVVFQXd3T1kyRXVabWxzZEdWeUxtaHZiV1V3SGhjTk1qTXdOekkzTVRNek5ERTNXaGNOCk1qTXdPREF4TVRNek5ERTNXakJKTVFzd0NRWURWUVFHRXdKRlV6RU1NQW9HQTFVRUNBd0RRa0ZTTVJNd0VRWUQKVlFRS0RBcEdhV3gwWlhKSWIyMWxNUmN3RlFZRFZRUUREQTVqWVM1bWFXeDBaWEl1YUc5dFpUQ0NBaUl3RFFZSgpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLQ1JvdUMvWWxkam83dno2QmVzeFpZVzlSNHY4Q2JxCjNOQkdsalFEeHUxTnVnT0hqU0tmQ1NRSFRlOUY0VitnM1pqREtxTnl6V08xVmVDSmdJYVdKQWE1M1JDdGFTUUYKYkVTWXNrUG83TkNXY1RpaWY1VFhhUnlWL24yMkRpdWU5R3AwUVZ0TnVZai95ZEw4akZ2V0w5Q2Q4SGVUcXVhbgovZkFzcEhHaGlwK3FmWjlRekkrQnUzR09EeEpKMi9xQnhyWDdGT1J3OFRwOWRSU2R2dWc0NGRFbG1WNXp1WWNZCmZJY1lTZVp1MFZmV3lXZWR0SjFZaGVBaWVELzJVczBOeG5rbG9wNlQ5N3cvRUpDdjlhNkhrTlNaaWNJYkd1Q2IKaXM3OS9DVmNqWjRndEdQWWg5SlgwS1JDa1VHcEhabSs4cFFTVUJBNWxOUG9nMUQvdVRCc1Y5c0dwMDBWc2VmYwpaVkhOVEVzeXdYREtFZDhzUFRmZ3UyTGtBeGpNRjRscjlTSk4vZ094YjVOWTFTR1R6R2U1NmlPMDN0VDJPc1prClU0Y01FOEZLRTVsZVNwTGZzalZ0UndkcEhRelF0eHBmU2x4eFNYa2Q3OXhLOTlTWHRFdC9WMlorbEx3d005TVEKWmxxYTFsbEFoaXg5aEIydktMNDlmQVdMQXBVU0UySCtRc3o3clUwdDdrZmVsbGJDZWJsK3hLQUhHcEFNQ0pTNgp2Y3p5ZDU2azFPNm5sV3lqTkRET3JoT1JJUHFRNTY1UFdMNXFhMm5WWXU2VlVHMjJONmdGTDVya1RjOGFTZHNyCjUvQmhLYm5kTHROQTdrQ2xrcnMyVjFsdjUxbkJQbnpkRFJ1MWdQK0ZkM3pZNFB5d3crV3JOZ0grWUZCemxlckcKejlwZlZwYWt1dDZmQWdNQkFBR2pZREJlTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBRwpBUUgvQWdFQk1Ca0dBMVVkRVFRU01CQ0NEbU5oTG1acGJIUmxjaTVvYjIxbE1CMEdBMVVkRGdRV0JCUThLSWNOClF4S2JzL2pnTnA3MS9RaDE3WElwVHpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVNKVzNROXJNbmtkQWNBU04KYnU4QnBVa1NLbE84ZjRaS3E0aEhlMWNlaWJVVUxLVzdMdG9ROVBXUjdJOEVTQ2lLTi9qWVc1eE5lejdHQ2xTQgoxcnNncEFuMTRKaWZkZTJoZlZ4ZllsYjRIOW13ejJqejY4Mk9FMnZhK3ZPNy9BNUQyVmpRZ1ZXdlNkYW0rUkNyCkFBandIZHpvWUIzOFovNjFaWDdLRFExTWw0MVhOK05TYWc2Ty9yaEpxUG13MUF4Z3JMa2s2Y2YrbFkvbU5zR0cKSVNlQm85UC9qcXAxNkJCZk9YOTlEQlZpd1gwNVlRcDRweUxpMENZRHlidStPUEhOMzdISG8zTVdkb0tabm9mZQo0TkJORmhtQUtScG1PaXdJb1REUm05Zm9IZWJFcXZ4N3d6VzlJZzRqRXpkTFlrWE1aMzhTZDBlc0tibWFpWHdzCkkwUVcxN0J3SXhlY241ZUdScFRSQ0RyZ2M5ZGFvUXEvQVkraEduZ1VwakdTcmNnMEUvNWoyQ2NZL2RpVEZpZHgKQ0dTNUxxY0FYbFN0eWh3VnErR1NrazJVTjRybExVSU1DbklzYTYxOWo2WEIwdXVuTVlpdUZpYmVlVVIwdGtrUQpmbU5hWUF2UXNLZEdBSVlvcUdJZUVpM21acjBYU1NjYU1HNXUzZXdXN1FkaDczWHN3L3Q0Rlh4d3RPNzQ1YnhSCjFvQkVPaEpxYU90NmhBN0xJQ1F4YTYwTUNqYzdFNzBPdFhFZ1VmVGlZWEhqTmFkYmhLbGZ0aGZZQkdXY002R20KM0RIYTJSUm5oUlBORWhxTnhzK1RFQjdUdHFuQ0lPZThOckxNZFVvM09mT1FHc25adE16Mlc4WDh4RnhDN0J2TApDOFAwNG1vdGxEZ0JhaXQ0NEtqeWpPSTA0Qk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K \ No newline at end of file diff --git a/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.key b/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.key new file mode 100644 index 0000000..64adfc6 --- /dev/null +++ b/Migrations/Forget_Traefik_2023/P4_Local_Certs/tls.key @@ -0,0 +1 @@ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2drYUxndjJKWFk2TzcKOCtnWHJNV1dGdlVlTC9BbTZ0elFScFkwQThidFRib0RoNDBpbndra0IwM3ZSZUZmb04yWXd5cWpjczFqdFZYZwppWUNHbGlRR3VkMFFyV2trQld4RW1MSkQ2T3pRbG5FNG9uK1UxMmtjbGY1OXRnNHJudlJxZEVGYlRibUkvOG5TCi9JeGIxaS9RbmZCM2s2cm1wLzN3TEtSeG9ZcWZxbjJmVU15UGdidHhqZzhTU2R2NmdjYTEreFRrY1BFNmZYVVUKbmI3b09PSFJKWmxlYzdtSEdIeUhHRW5tYnRGWDFzbG5uYlNkV0lYZ0luZy85bExORGNaNUphS2VrL2U4UHhDUQpyL1d1aDVEVW1ZbkNHeHJnbTRyTy9md2xYSTJlSUxSajJJZlNWOUNrUXBGQnFSMlp2dktVRWxBUU9aVFQ2SU5RCi83a3diRmZiQnFkTkZiSG4zR1ZSelV4TE1zRnd5aEhmTEQwMzRMdGk1QU1ZekJlSmEvVWlUZjREc1crVFdOVWgKazh4bnVlb2p0TjdVOWpyR1pGT0hEQlBCU2hPWlhrcVMzN0kxYlVjSGFSME0wTGNhWDBwY2NVbDVIZS9jU3ZmVQpsN1JMZjFkbWZwUzhNRFBURUdaYW10WlpRSVlzZllRZHJ5aStQWHdGaXdLVkVoTmgva0xNKzYxTkxlNUgzcFpXCndubTVmc1NnQnhxUURBaVV1cjNNOG5lZXBOVHVwNVZzb3pRd3pxNFRrU0Q2a09ldVQxaSthbXRwMVdMdWxWQnQKdGplb0JTK2E1RTNQR2tuYksrZndZU201M1M3VFFPNUFwWks3TmxkWmIrZFp3VDU4M1EwYnRZRC9oWGQ4Mk9EOApzTVBscXpZQi9tQlFjNVhxeHMvYVgxYVdwTHJlbndJREFRQUJBb0lDQUJFM0hCbnhtd2NZa1R6OURSVEF1dHg1Ck1LV2dhU1NiQ0xxeDNyZkw4ZCtPZGxPYmpHZTZXbDRKQkhPVGIvTHpTZDd2aWRwRlhEMEUrNlNieVhKa2xZODkKRFRVVkNwRkluWStMT1kycll2eUlMTEp3UmJKOUYvRnZLWDVyN3dBQlJsNUZnWjVhNm5vRVJxeSsxQU9pcHJTOAp3a1BueXFwNU4zSXhMeDVadmdXWlgyZWQzNWpCUllvS3U1WHY0a3hzN3BPalRGMmp1RkZYa3g1M1BUa2pwQjVxCjVCTXE0Q2phV0x1WlFJOGFzWW96NXBzYjN2b0J2RFRJTFZGYVJRMWtIVFB1ODQwQiswMHRDOGNmZm4xTVhweFUKcTk3cVRncm4wazJZRUprbTM2NGsvb0kzL0hQeVkxWEJKMWE5WFlXVzRlWTdRbWRDN1RCOUhOc3AxNzZYMXlGaQplVEVKUDcrd2k2Z2dSY1I0eFpSODlyUXhkd3dhUnlJanFjQTc3V0h0RW5lSVI4ZVBFM01pZDZzUmh1Z2dYdkk1Ck1JQnQ0YlYxeFZwVndkbzhQZGRhU0h4dTE5c2sxdHJVN3BRbEFQT1Ntb3ZtTldxcm1adFpldkJ3S1ovQmVnUDUKRmxadEYrK01zdzcrbmVodFhmcmpjeDIrakNyZmZLckJJVHM0WEdBQmZrZDNYbzJtdGxJYUJlTGVCYks0a2poegpVcnIzaGZuM1J0Q0QvSUhGR1cwRVNxbnY0R2x2UDMxSVltbHF4QjJNay9XczlEaGx5N1B2K2pIelVTdml6N04xClducjVQZkZmZlJGY3RLWTRjekZ1Rkl0NlB6OEdPTUxGKzBKOEJpRlYwaXBkOGlVckFiblNaWitTZ0tjcjE1UlAKbFRQTGg0cEJGVlpESXV2azdYWWxBb0lCQVFEWDRhWEUrTW9Tek1CRi84TnZMVE01S1lQSzhnSWFkQXZCbTJXTApCVTBDSTJOaXE5c2tDRTBkWjJYSWJHbkNoeWtIMHNxY25IVXlzbmdoNDdBQklMT1F1c25iT3RTUkZJa083NEVHCkFhZnB3enUxV1g5eDBhQ3NzU1U1S2J0OFlSdDdXT1h3R08zMHd2WkMzTWdQLzNQbjNLblEzQXA2OU9GOFh0S28KUmhRUVh4Sk94K00xVUNpc0h3MGJ5QmM4MUs5bTZRWGE1ZGRUVitITHMvYnZlYzZWSmNPMENBZ29PUU5GVDJSUgpoejJhTHYwU0luakFxYkx2OGRxWE5IdGxBMEM0eGJiTTZzeUFVcURrRUE5N1hnZFNyU0dYOTl3aXhmMGUyOFN6ClJ3UWpwclc2R2xvd0k5YmhpcTllNjQ4MUN3Q3RzRWFTdDk5LzE3aEJFT1ZTemZPVkFvSUJBUUMrYUl3aldsK08KdFBHa2hjSXFXeWh1Mm9HcVh1RzE2Vk9rNmZRbmF2VDRDcGl4QkJaWFEwNkt3R1plZFRvcG9EUEgwVVRVZ092TQoxN2tPSkF0endXR1FKQUhPSnRNSkhxcmh1MldwUW1NbnJ1NXRxcTdrVjlZSjJvMnFJM1Z0L210bDlRdlBaeTUyClBwTEtPOS9nT3U0VytZTVN5UWpPNmZDUTJvR1lRRS9HSVZiNFBXc1hSd2pMMVU3djlaTE15WmZIOUQrRElhRUgKL0oxMjJDTytEbkplREIyQWRPTU9jUGE1ZFU3ZUs4T2Zqc2F2ZmdmZW1SSnFOdjRJNlRuc3JqRC9pbGVHUStrQQpJUng5Y2lwTDUyMGFQNjRaUVdyUmZEcTNVQmpBVjBkU2VhN2Mrb0hPRzVDdlBMb1JzaGd0djAxWWt6UzNPdGthCmtseW1UdWpDVS94akFvSUJBSEdxMndpeVlsdXh1VTlpRXJvWUY0OXlmM1U5SmNSZDg4NjJEcW83V1VmVjhEK0UKODNhdWRFUVdMQzV5ZnVFeEgzYUNFN0tRWXRrVnhWRTZ2SEpya0lDVkNUSEljU0lPcVBmWFBaMDNBLzEra1pLMApFL21QQWNYTDVDaU1BNjdDeHFDVXQwVkxLd2VrRzl3cXVhQkt4ZkdBYTEyUWJtZzlSZmloU05QWFNqc3dnOGc5ClVUSENDaGhPcFMxS2xvbXVCc2p0eXVwdCtJbG1qWG9mUU5ibzBOQVJPVkV5cFhEZ1RBdVRlT1BBakx3Qkg3a0wKczM3bUcxUmhpTkh5alVJcmkwbCt1UGgrYkx6b1JOU3diQ1p0NVBjd042NzNqODR6WjBwM05zT2FrZUJmcC9IYwpiRDVLc0pyQzFnSHBqOWJDKzFGNHJrQVVWcmJPazdLV3ZkaHlubDBDZ2dFQkFJK3ZOeWtxZG5lckpicEFVYkJDCnovVXZJTEFmSDNaMTEyL1lPQzFTc2Y5SGg4ZjB6S01YSUhybUM1bjJIbWp4QW9Jajhpdm1DWXF2czI3dlZsRUkKdWdYYWxoNHFBQkNldXRiUzRqbGk1bzQ0bktYWEtsa1h5Mlh1TGY4WStQR0REeXFHUzE0OGY3d3RKZnBFU29IYwpGblR4M3E1YlZERklLZ2cxUzV4SDA2c3cxMzlHWWJ6VUZ0Z3laSG9CdDhDZjA5REpDUEI4ZlJjWTB2NnV4ZklTCjFzMFBtV2VwVFBwRjFubEhBN2YyRUk0a1lOeG5YNnJqbWhqYTNNSit0UDVjeUk3ZHA0U2pWSDJMZndOUEZvbm0KM3RieS9QOEQ5WWFWbDMxampQb0FJc3NqRmdpZFpUelNZbEZLb3lMZFlRK01qK0pxVzFwMXB3VTlNM3N3aXNheQpOLzhDZ2dFQWZQZDM2R24ydmVFUkx1ZUlCVjRaNjlHVDFqL2xnT2xjMGdRU1lUMW9RQ21BM1dLOFMwUEZHTlJGCm9Td1NKa2Z3TDIzaXkvRUFibVdieTNGVndablBQLzA3Q3NPMDZmbzhFU0VzbDI2MWZqMTBDU3ZMMnpPN3plL3kKcWZtYWNxYnZMQ2lqTGRjak1CYStxRStzMzNFQ3RwZGZ3WFZJanY1MU5hcDVNelBFTVVMbFdJWEVKWXZyakdNRwplOWdUdlVvM1lzMkF0ZTNHTXA1V0tLY2lYSTd6akEzcHdpQ25ielhGNGRXN1VkUTZpYnhjbnFLUDZPYzNVZVBoCkZpRGQ1YlNiU3BIc1ZVV3BtWnQwMm9vZ21LVDRzcEZYM2dESHBFbUpJVFlqNXBWTzRDN25LOWJ0RFNackV2aksKRHVrU1Q1RHY4Wi9pVGV6WUNZbFhuZEZEdTlBZjVnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= \ No newline at end of file diff --git a/Migrations/Forget_Traefik_2023/README.md b/Migrations/Forget_Traefik_2023/README.md index d232a32..286ccec 100644 --- a/Migrations/Forget_Traefik_2023/README.md +++ b/Migrations/Forget_Traefik_2023/README.md @@ -182,27 +182,31 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r ### Part 4 -- [ ] Update local DNS records accordingly. +> Completed 27/July/2023\ - [ ] Deploy locally a Certificate Authorization Service (on the SRV host.) +- [ ] Update local DNS records accordingly. + > **Notes**:\ > Since the `VirtualService` files from Part > **Additional Notes**:\ -> - https://www.reddit.com/r/selfhosted/comments/owplv5/any_self_hosted_certificate_authority/ \ -> - https://github.com/minio/certgen \ -> - https://github.com/rabbitmq/tls-gen \ -> - https://smallstep.com/blog/private-acme-server/ \ +> - https://www.reddit.com/r/selfhosted/comments/owplv5/any_self_hosted_certificate_authority/ +> - https://github.com/minio/certgen +> - https://github.com/rabbitmq/tls-gen +> - https://smallstep.com/blog/private-acme-server/ > - https://hub.docker.com/r/smallstep/step-ca - +> - https://smallstep.com/docs/tutorials/kubernetes-acme-ca/ +> - https://smallstep.com/blog/automate-docker-ssl-tls-certificates/ +> - https://systemweakness.com/create-internal-ssl-certificates-with-cert-manager-851fc886628e #### Rollback plan - As much, delete the deployed configurations. -### Part 8 +### Part 5 - [ ] Explore Pi4 Storage options. @@ -212,24 +216,30 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r - Return the acquired drives to Amazon? -### Part 9 +### Part 6 - [ ] ~~Wipe~~ (**don't wipe** just use a different drive) and recreate the current `Kluster`, this time using the Pi4 as a _master_, and the 2 Orange Pi5 as _slaves_ (this will require updating the DNS/DHCP local services). -- [ ] Deploy Istio security. > **Note**:\ -> I can make a new cluster on the Pi4, and remove the taint that prevents from scheduling pods on that node. Deploy everything inside (a well a LB with the same exact IP than the current one, and proceed to stop the Orange PI 5), then "reformat" the OPi5s with a new distro, install stuff etc, and join them to the cluster running on the Pi4. +> I can make a new cluster on the Pi4, and remove the taint that prevents from scheduling pods on that node. Deploy everything inside (a well a LB with the same exact IP than the current one, and proceed to stop the Orange PI 5), then "reformat" the OPi5s with a new distro, install stuff etc., and join them to the cluster running on the Pi4. > **Notes:**\ > https://istio.io/latest/docs/setup/platform-setup/prerequisites/ \ > https://istio.io/latest/docs/ops/deployment/requirements/ +### Part 7 + +- [ ] Deploy NFS service on the `media SRV` host. + + +### Part 8 + +- [ ] Deploy Istio security. + ### Part 10 - [ ] Update the `Current Setup` documentation with the new container and architecture rearrangement. -- [ ] Deploy NFS service on the `media SRV` host. - - [ ] Migrate some lightweight/not data heavy services from the `media SRV` to the `Kluster`. - [ ] Update the `Current Setup` documentation with the new container and architecture rearrangement. @@ -246,7 +256,7 @@ Current Issue? For X and y, I need to wait for a while for the DNS provider to r ### Part 11 -- Set wildcards certificates. +- Set wildcards certificates through `ACME DNS01` challenge. ### Extras? @@ -593,6 +603,7 @@ cd /scripts/docker/dhcpd/ && docker-compose up ``` + 
[+] Running 0/1
  ⠿ isc_dhcp Error                                                                                                                                                                                                                    1.4s
 [+] Building 4.2s (8/8) FINISHED                                                                                                                                                                                                          
@@ -833,6 +844,7 @@ cd /scripts/docker/gitea/ && docker-compose up -d
 docker-compose logs -f
 ```
 
+
 
docker-compose logs -f
 gitea-db-1  | 
 gitea-db-1  | PostgreSQL Database directory appears to contain a database; Skipping initialization
@@ -1091,7 +1103,7 @@ transfer-encoding: chunked
 ```
 
 
-### Test HTTPS access towards services works correclt
+### Test HTTPS access towards services works correctly
 
 
 ```shell
@@ -1128,13 +1140,151 @@ x-envoy-upstream-service-time: 3
 
 ## Part 4
 
+
+### Update local DNS
+
+I updated the Local DNS to point towards the new-architecture/new-resources.
+
+### Certificate Generation
+
+> **Note:**\
+> Basically I followed [this post from Medium](https://systemweakness.com/create-internal-ssl-certificates-with-cert-manager-851fc886628e). 
+
+First, let's generate a certificate, and it's key.
+
+```shell
+openssl req -x509 -newkey rsa:4096 -sha256 -days 5 -nodes \
+-keyout ca.filter.home.key -out ca.filter.home.cer \
+-subj /C=ES/ST=BAR/O=FilterHome/CN=ca.filter.home \
+-extensions ext \
+-config <(cat < [req]
+cmdsubst heredoc> distinguished_name=req
+cmdsubst heredoc> [ext]
+cmdsubst heredoc> keyUsage=critical,keyCertSign,cRLSign
+cmdsubst heredoc> basicConstraints=critical,CA:true,pathlen:1
+cmdsubst heredoc> subjectAltName=DNS:ca.filter.home
+cmdsubst heredoc> EOF
+cmdsubst> )
+........+.+..+............+++++++++++++++++++++++++++++++++++++++++++++*..+...+..........+..+...+.+.....................+.....+.......+..+.+.....+++++++++++++++++++++++++++++++++++++++++++++*.......+.........+.+..+.+.....................+......+.......................+......+......+............+..........+.....+.......+.....+..........+.....+...+...+....+...+........+....+......+.....+...................+.......................+.+.....+......+.+...+......+.....+....+.....+.+...........+....+...+...+............+..+......+.......+..+....+..............+..........+..................+..+.+......+......+........+.+......+.....+............+................+..+....+......+.........+......+........+.+.....+...+.+..+....+...+..+.+.....+...+........................................+.................+.........+................+..+......+.+..............+......+.+.....+...............+++++
+.+............+.....+++++++++++++++++++++++++++++++++++++++++++++*........+............+....................+.+..+...+...+.+...+..+..........+...+..+.+.....+.........+...+...+.......+......+..+...+.+......+++++++++++++++++++++++++++++++++++++++++++++*...+...........+.......+......+...............+..+...+.........+..........+...+..+.......+..............+....+...+........+..........+..+...+....+.....+................+..+..........+++++
+-----
+```
+
+Now we obtain the base64 contents (don't need to store, preferably **don't store the output**).
+
+```shell
+cat ca.filter.home.cer | base64 | tr -d '\n' > tls.crt
+```
+
+```shell
+cat ca.filter.home.key | base64 | tr -d '\n' > tls.key
+```
+
+
+Modify the file `Secret.yaml` and set the output from the files as value from the data fields, each one according to their filename.
+
+```shell
+kubectl apply -f P4_Local_Certs/Secret.yaml
+```
+
+```text
+secret/local-ca created
+```
+
+Let's deploy the Issuer service configuration.
+
+```shell
+kubectl apply -f P4_Local_CA/Issuer.yaml                                                           
+```
+
+```text
+clusterissuer.cert-manager.io/ca-issuer created
+certificate.cert-manager.io/local-wildcard-certificate created
+```
+
+### Monitor Certificate Provisioning process
+
+```shell
+kubectl get events -n istio-system --field-selector involvedObject.name=local-wildcard-certificate,involvedObject.kind=Certificate  --sort-by=.metadata.creationTimestamp --watch
+```
+
+```text
+LAST SEEN   TYPE     REASON      OBJECT                                   MESSAGE
+3m48s       Normal   Issuing     certificate/local-wildcard-certificate   Issuing certificate as Secret does not exist
+3m43s       Normal   Generated   certificate/local-wildcard-certificate   Stored new private key in temporary Secret resource "local-wildcard-certificate-f7g4f"
+3m43s       Normal   Requested   certificate/local-wildcard-certificate   Created new CertificateRequest resource "local-wildcard-certificate-8rndg"
+3m42s       Normal   Issuing     certificate/local-wildcard-certificate   The certificate has been successfully issued
+```
+
+### Check status of the certificate provisioned.
+
+```shell
+kubectl get -n istio-system certificate local-wildcard-certificate -o jsonpath='{.metadata.name}{"\t"}{.status.conditions[].reason}{"\t"}{.status.conditions[].message}{"\n"}'
+```
+
+```text
+local-wildcard-certificate      Ready   Certificate is up to date and has not expired
+```
+
+### Test local Gateway
+
+Now that the certificate is provisioned, let's check the status of the local gateway deployed in the [Part 3](#part-3)
+
+#### HTTP
+
+```shell
+curl jelly.filter.home/web/index.html -I
+```
+
+```text
+HTTP/1.1 200 OK
+accept-ranges: bytes
+content-type: text/html
+date: Thu, 27 Jul 2023 14:18:24 GMT
+etag: "1d975f47df7d992"
+last-modified: Sun, 23 Apr 2023 15:01:33 GMT
+server: istio-envoy
+x-response-time-ms: 0
+content-length: 7442
+x-envoy-upstream-service-time: 2
+```
+
+#### HTTPS
+
+```shell
+curl https://jelly.filter.home/web/index.html -I -k
+```
+
+```text
+HTTP/2 200 
+accept-ranges: bytes
+content-type: text/html
+date: Thu, 27 Jul 2023 14:18:59 GMT
+etag: "1d975f47df7d992"
+last-modified: Sun, 23 Apr 2023 15:01:33 GMT
+server: istio-envoy
+x-response-time-ms: 0
+content-length: 7442
+x-envoy-upstream-service-time: 2
+```
+
+> **Note:**\
+> It's extremely possible that I set HTTP to HTTPS redirect also locally, still need to decide if there is any reason for which I would like to maintain the local HTTP traffic.
+
 # I am here <----
 
-
-
-
-
-
 ---
 
 
@@ -1156,9 +1306,6 @@ x-envoy-upstream-service-time: 3
 
 
 
-
-
-
 
 
 
@@ -1238,7 +1385,7 @@ gitea.filterhome.xyz
 jelly.filterhome.xyz                                      443       -          outbound      EDS            jelly.default
 tube.filterhome.xyz                                       443       -          outbound      EDS            tube.external

 
-Alright, we got the output, but why does it say `jelly.default`? All the other entries mantain the format `$SERVICE.external`, could it be ...?
+Alright, we got the output, but why does it say `jelly.default`? All the other entries maintain the format `$SERVICE.external`, could it be ...?
 
 ```shell
 kubectl get dr -n default 
@@ -1282,16 +1429,16 @@ Did _some_ ~~lots of~~ tests in order to determine what was happening, since it
 
 This issue popped out 2 questions:
 
-- Which is the difference between LE `stagging` and `production`?
+- Which is the difference between LE `staging` and `production`?
 - Which is the difference between the default `istio: ingressgateway` and `istio: whateveriwannaputhere`.
 
-### Which is the difference between LE `stagging` and `production`?
+### Which is the difference between LE `staging` and `production`?
 
 As far I understood by reading through `The Internet`, the `staging` environment is intended for testing (duh), therefore is a lot more generous when performing the validations.
 
 How much generous? I suspect a whole a lot bunch.
 
-### Which is the difference between LE `stagging` and `production`?
+### Which is the difference between LE `staging` and `production`?
 
 Let's check the "access logs" differences when using one selector or another. 
 
@@ -1385,3 +1532,4 @@ This left me some questions, especially **how many things can be affected by thi
 
 As well the hassle of this issue, provided more reasons to use the `ACME DNS01` challenge instead of the `ACME HTTP01`, which will be configured as soon as available.  
 
+