minikube makes it easy to spin up a local Kubernetes cluster on macOS, and adding an Ingress is convenient with its built-in Addons. In this article, I want to take it one step further and show how to expose the Ingress via TLS (secure https) using a custom key/certificate chain.
minikube makes it easy to spin up a local Kubernetes cluster, and adding an Ingress is convenient with its built-in Addons. In this article, I want to take it one step further and show how to use a custom key/certificate to expose a service using TLS (secure https).
If you need to quickly standup a secure HTTPS server on a machine, perhaps to validate that a client is sending the proper method or parameters, the socat utility can assist. In this article we will use “socat.local” as the FQDN of our certificate and host. Maybe you already have a pem key+certificate for this … Linux: socat used as secure HTTPS web server
If you have unmanaged GCP VM instances running services on insecure ports (e.g. Apache HTTP on port 80), one way to secure the public external traffic is to create an external GCP HTTPS load balancer. Conceptually, we want to expose a secure front to otherwise insecure services. While the preferred method would be to secure … GCP: global external HTTPS LB for securely exposing insecure VM services
If you have unmanaged GCP VM instances running services on insecure ports (e.g. Apache HTTP on port 80), one way to secure the internal communication coming from other internal pods/apps is to create an internal GCP HTTPS load balancer. Conceptually, we want to expose a secure front to otherwise insecure services. While the preferred method … GCP: internal HTTPS LB for securely exposing insecure VM services
Using ldapsearch to query against the insecure port of a Windows Domain Controller is straightforward. However, it can be challenging to get all the pieces in place for a production environment where the secure port must be used and the root CA certificate is typically not from a public CA. Assuming the standard insecure port … Ubuntu: using ldapsearch to query against a secure Windows Domain Controller
SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors. This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.
When automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations. While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice. # not best practice!!! testdb_user: mysql_user.present: – name: frank – password: “test3rdb” – … SaltStack: Keeping Salt Pillar data encrypted using GPG
By default, LuCI, the web admin interface for OpenWrt is not HTTPS enabled. This may not be a critical issue for you since it is a LAN facing service, but the type of infrastructure information being exchanged combined with the fact that it is usually accessed over WiFi protocols might make you want to consider … OpenWrt: Enabling HTTPS for the LuCI Web Admin Interface