maybe is not the correct place to ask, but what will be the process to use a “commercial” (the institute has certificate) wildcard certificate with NS8?
Thanks in advance.
This is still not implemented, but you will be able to upload the certificate from the UI just like NS7.
2 Likes
Hello, has this functionality already been implemented by chance?
Not yet, we plan to postpone it after the beta. But it should work if configured by hand.
See upstream doc: Traefik TLS Documentation - Traefik
This is the package that manages traefik inside NS8: GitHub - NethServer/ns8-traefik: NS8 Traefik configuration
i found this:
But i don’t know which is the path to:
/module/traefik/certificate/
In fact what i want is create one dns register that point to a container running behind nginx proxy manager, the idea is that NS8 works like internal dns server, but i think that is not posible yet right?
You can try like this (just tested):
ssh traefik1@localhost
cd .config/state/
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
openssl x509 -signkey domain.key -in domain.csr -req -days 365 -out domain.crt
mv domain.crt selfsigned.crt
mv domain.key selfsigned.key
systemctl --user restart traefik
NS8 doesn’t still have its own DNS module, so you will need an external DNS server to configure the records.
2 Likes
Thanks.
I’ll check it.
And just in case that you don’t know, for the case of the self-signed and own certificates maybe you can use step-ca (https://smallstep.com/docs/step-ca).
I’ve configured a test server in the next way:
git clone https://github.com/dogukancagatay/step-ca-example.git
cd step-ca-example/
mkdir -p "$PWD/data/step-ca"
sudo chown -R 1000:1000 "$PWD/data/step-ca"
docker run --rm -it -v "$PWD/data/step-ca:/home/step" smallstep/step-ca step ca init
echo <password here>| sudo tee "$PWD/data/step-ca/secrets/password"
sudo chown -R 1000:1000 "$PWD/data/step-ca/secrets/password"
docker network create traefik-net
nano docker-compose.yml (edit urls)
docker compose up -d step-ca
curl https://<domain here>:9000/health
docker compose exec step-ca step ca provisioner add acme --type ACME
docker compose restart
step ca bootstrap --ca-url [https://<domain here>:9000] --fingerprint --install
curl https://<domain here>:9000/health
step ca certificate site.myhost.local site_home_local.crt site_home_local.key
docker compose up -d traefik
docker compose up -d whoami
The true is that i don’t remember very good if the instructions are right, but that is what i have in my notes, anyway you can run almost withouth problems following the instructions in: GitHub - dogukancagatay/step-ca-example: step-ca ACME server example with Traefik
In the DNS case, what will be the setup to work with NS8 Samba AD?
- Create external DNS server
- Create NS8 Samba Domain and point to DNS server
- Point DNS clients (domain clients) to NS8
??? that right?
Thanks again.
The Samba AD is always an authoritative DNS for its own domain and it’s accessible by clients.
So in this case you do not need an extra DNS server.
What is the password for: ssh traefik@localhost?
You do not need one.
Attention, the user is traefik1 not traefik.
Sorry, was a typo, but yes, i was trying with
ssh traefik1@localhost
but i got:
What am i doing wrong?
Forget it, i will reinstall and try again, i suppose that i did something wrong.