Automating Certificate Renewal with PowerDNS & Step CA

I’ve been looking for a way to get an Internal CA Certificate onto my TrueNAS WebUI. I also had the idea that this would allow me to setup and use the inbuilt S3 service from TrueNAS however I have now learned that this is being depricated. Proxmox makes this quite easy and integrates seamlessly with Step CA using ACME. Unfortunaately the builtin ACME client on TrueNAS is a bit limited and using the default http-01 challenge for ACME is not possible. ACME.sh provides quite a few alternatives now, including DNS alias challenge handling (which I may still look into) but for now, I have landed on the following solition/workaround/hack:

Anycast Reverse Proxy with ExaBGP, USG and HAProxy

My background is as a systems dude. I’ve always wanted to be a network dude and I certainly know layer 2 stuff, IPv4 stuff, pretty well. When it comes to layer 3 networking though, my knowledge has always been vague. Probably fair to say the same for IPv6.. vague! So this “lab” is an opporuntity to learn a bit more about both of these topics. I guess like anything in this field, once you know a little bit about a piece of technolgy, you come to realise how much more there is to know. For me, BGP is that piece of technology.

Step CA

I think it would be nice to get rid of the pesky certificate warnings on my Proxmox and PBS GUI’s. There will be other benefits too that I can’t think of right now.

It's been a while

Yeh it sure has been a while. This is what happens when you have kids I guess, all the non essentials of life fall by the way side.

Some things i’ve been doing in the Home Lab lately that I hope to document:

  • 3 node HAProxy Cluster to Reverse Proxy Web Traffic
  • Converting all of my Homelab deployments into Ansible Playbooks
  • Semaphore / SemUI Integrations using HMAC auth Summary here

Unifi Internal DNS

When I moved into my new house, I had a bit of a green fields opportunity where I could start again with my Unifi SDA configuration. One of the things I set out to do was to seperate device types into different vlans for say IOT vs Guest vs Servers use cases. As a result of this, the IP addressing scheme started to get more complicated. To address the complication, internal hosts needed to be resolvable by name.

Pagination


© 2021. All rights reserved.

Powered by Hydejack v9.1.6