PKI templates

Reviewed-on: #1

.gitignore

@@ -0,0 +1 @@
+.DS_Store

dockerized/nextcloud-aio/compose.yaml

@@ -0,0 +1,34 @@
+version: "3.8"                                
+
+#Imported from https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615
+
+services:
+  caddy:
+    image: caddy:alpine
+    restart: unless-stopped
+    container_name: caddy
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./certs:/certs
+      - ./config:/config
+      - ./data:/data
+      - ./sites:/srv
+    network_mode: "host"
+
+  nextcloud:
+    image: nextcloud/all-in-one:latest
+    restart: unless-stopped
+    container_name: nextcloud-aio-mastercontainer
+    ports:
+      - "8080:8080"
+    environment:
+      - APACHE_PORT=11000
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    depends_on:
+      - caddy
+
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer

dockerized/nextcloud-aio/docker_run.sh

@@ -0,0 +1,16 @@
+#! /usr/bin/bash
+echo "Installing denpendency packages..."
+
+docker run \
+--init \
+--sig-proxy=false \
+--name nextcloud-aio-mastercontainer \
+--restart always \
+--publish 8080:8080 \
+--env APACHE_PORT=11000 \
+--env APACHE_IP_BINDING=0.0.0.0 \
+--env APACHE_ADDITIONAL_NETWORK="" \
+--env SKIP_DOMAIN_VALIDATION=false \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest

dockerized/simple_site/Dockerfile

@@ -0,0 +1,14 @@
+FROM node:14
+
+WORKDIR /app
+
+COPY server.js .
+COPY index.html .
+#COPY images ./images
+COPY package.json .
+
+RUN npm install
+
+EXPOSE 3000
+
+CMD ["node","server.js"]

dockerized/simple_site/README.md

@@ -0,0 +1,16 @@
+### Simple Site
+Simple dockerized application using Node.js behind NGINX in order to securely serve a static webapp
+
+**NB: compose uses build, thus is not suitable for swarm**
+
+#### Details 
+
+Dockerized app : 
+	Node.js 
+		application server.js (listens to 3000)
+		serves index.html
+		depending from packages
+
+Compose :
+	Defined 3 services from Dockerized app
+	Configured NGINX (listens to 8081) to proxy

dockerized/simple_site/docker-compose.yaml

@@ -0,0 +1,48 @@
+version: '3'
+
+networks:
+  cluster:
+    driver: bridge
+
+services:
+
+# 3 versions of the same app responding to host's 3001-3
+  app1:
+    build: .
+    environment:
+      - APP_NAME=App1
+    ports:
+      - "3000"
+    networks:
+      - cluster
+
+  app2:
+    build: .
+    environment:
+      - APP_NAME=App2
+    ports:
+      - "3000"
+    networks:
+      - cluster
+
+  app3:
+    build: .
+    environment:
+      - APP_NAME=App3
+    ports:
+      - "3000"
+    networks:
+      - cluster
+
+
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '8081:80'
+      volumes: 
+        - ./nginx/config.conf:/etc/nginx/nginx.conf:ro
+      healthcheck:
+        test: ["CMD", "service", "nginx", "status"]
+      networks:
+        - cluster

dockerized/simple_site/index.html

@@ -0,0 +1,114 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Beautiful Landing Page</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            line-height: 1.6;
+            margin: 0;
+            padding: 0;
+            background-color: #f0f0f0;
+            color: #333;
+        }
+        header {
+            background: url('images/career-quiz.png') no-repeat center center/cover;
+            color: #fff;
+            padding: 100px 0;
+            height: 150px;
+            text-align: center;
+        }
+        header h1 {
+            font-size: 3em;
+            margin: 0;
+        }
+        header p {
+            font-size: 1.2em;
+        }
+        nav {
+            background: #333;
+            color: #fff;
+            display: flex;
+            justify-content: space-around;
+            padding: 15px 0;
+        }
+        nav a {
+            color: #fff;
+            text-decoration: none;
+            font-weight: bold;
+        }
+        .container {
+            padding: 20px;
+        }
+        .grid {
+            display: flex;
+            gap: 20px;
+            flex-wrap: wrap;
+        }
+        .card {
+            background: #fff;
+            border-radius: 8px;
+            box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+            flex: 1;
+            min-width: 280px;
+            max-width: 300px;
+            padding: 15px;
+        }
+        .card img {
+            border-radius: 8px;
+            width: 100%;
+            height: auto;
+        }
+        footer {
+            background: #333;
+            color: #fff;
+            text-align: center;
+            padding: 20px 0;
+            margin-top: 20px;
+        }
+    </style>
+</head>
+
+<body>
+    <header>
+    </header>
+    <nav>
+        <a href="#home">Home</a>
+        <a href="#about">Best Courses</a>
+        <a href="#services">Fun Tutorials</a>
+        <a href="#contact">About TechWorld with Nana</a>
+    </nav>
+    <div class="container">
+        <h2>TechWorld with Nana Programs</h2>
+        <div class="grid">
+            <div class="card">
+                <img src="images/devops.png?crop=entropy&fit=crop&w=400&h=200" alt="Service 1">
+                <h3>DevOps Bootcamp</h3>
+                <p>Finally learn with structured guided course, all DevOps tools together</p>
+            </div>
+            <div class="card">
+                <img src="images/it-beginners.png?crop=entropy&fit=crop&w=400&h=200" alt="Service 2">
+                <h3>Software Development LifeCycle Course</h3>
+                <p>Learn the entire software Development lifecycle, from developing, to testing, to provisioning server and deploying</p>
+            </div>
+            <div class="card">
+                <img src="images/devsecops.png?crop=entropy&fit=crop&w=400&h=200" alt="Service 3">
+                <h3>DevSecOps Bootcamp</h3>
+                <p>If you wanna become a DevOps engineer on steroids, you can face this advanced bootcamp</p>
+            </div>
+        </div>
+    </div>
+    <footer>
+        <p>&copy; TechWorld with Nana. All Rights Reserved.</p>
+        <p>Follow us on:
+            <a href="#" style="color: #3b5998;">Linkedin</a> |
+            <a href="#" style="color: #00aced;">Twitter</a> |
+            <a href="#" style="color: #e4405f;">Instagram</a>
+        </p>
+    </footer>
+</body>
+
+</html>

dockerized/simple_site/nginx/config.conf

@@ -0,0 +1,59 @@
+# Main context (this is the global configuration)
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+
+    # Upstream block to define the Node.js backend servers
+    # Servers name come from compose definition
+
+    upstream nodejs_cluster {
+        server app1:3000;
+        server app2:3000;
+        server app3:3000;
+    }
+
+
+    #TODO manage certs
+    # server {
+    #     listen 443 ssl;  # Listen on port 443 for HTTPS
+    #     server_name localhost;
+
+    #     # SSL certificate settings
+    #     ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
+    #     ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
+
+    #     # Proxying requests to Node.js cluster
+    #     location / {
+    #         proxy_pass http://nodejs_cluster;
+    #         proxy_set_header Host $host;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #     }
+    # }
+
+    # Optional server block for HTTP to HTTPS redirection
+    server {
+        listen 80;  # Listen on port 80 for HTTP
+        server_name *.sselab.ddns.net;
+
+        
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+}

dockerized/simple_site/package.json

@@ -0,0 +1,16 @@
+{
+    "name": "simple_site",
+    "version": "1.0.0",
+    "description": "A Node.js application serving a static HTML file, used for load balancing with NGINX.",
+    "main": "server.js",
+    "scripts": {
+      "start": "node server.js"
+    },
+    "author": "Fabio Sinibaldi",
+    "license": "MIT",
+    "dependencies": {
+      "express": "^4.17.1",
+      "path": "^0.12.7"
+    }
+  }
+  

dockerized/simple_site/server.js

@@ -0,0 +1,18 @@
+const express = require('express');
+const path = require('path');
+const app = express();
+const port = 3000;
+
+// Defined in compose file
+const appName = process.env.APP_NAME
+
+app.use('/images', express.static(path.join(__dirname, 'images')));
+
+app.use('/', (req, res) => {
+    res.sendFile(path.join(__dirname, 'index.html'));
+    console.log(`Request served by ${appName}`);
+});
+
+app.listen(port, () => {
+    console.log(`${appName} is listening on port ${port}`);
+});

templates/PKI/README.md

@@ -0,0 +1,17 @@
+# PKI
+
+### Templates
+Some utils files in order to have a ready solution in order to generate bundles. 
+
+**NB** via console is trivial : 
+
+Public CRT
+'cat SSE\ Lab\ Root\ CA_crt.pem >> certificate-bundle.pem
+cat SSE\ Lab\ Intermediate\ CA_crt.pem >> certificate-bundle.pem
+cat RUP\ Services_crt.pem >> certificate-bundle.pem'
+
+Private Key
+'cat RUP\ Services_prv.pem >> certificate-bundle.key'
+
+
+	

templates/PKI/certificate-bundle(structure).pem

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+Root CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Intermediate CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----

templates/PKI/certificate-bundle(template).pem

@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDA4
+MjRaFw0zNTAzMDMxMDA4MjRaMIGQMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEPMA0GA1UECwwGU1NFTGFi
+MSowKAYJKoZIhvcNAQkBFhtmYWJpby5zaW5pYmFsZGlAaXN0aS5jbnIuaXQxFzAV
+BgNVBAMMDnNzZWxhYi1yb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAnXup44PPzPSTDRkLBMGuUtXUk344tNZDn6h+rxXGlSw0T6qGrGPCAhqI
+6IuOkCE/wp/Sv1KEFp2OamPiEwA0mTIoOi2ACaNg7fhOHUNpgw2dpeaiVd6WCmY6
+MkLMcAH4jFlnOI/RnjkV01Yz3KGj7tpztd3wqD84INasRH+6zlZqiKG0HIxjlAUx
+eHOop2rOTzUSsiOZyaW3dlQNtup7ndkFGZYd6aN50Kd1tbOZGHBldFwonNQN/59I
+xUAsgX2BGQ97K1BoFN3bor3MwK9oKbjHY72/kPIN1IrblcreejyElq3Gt+B4UJ+R
+XZO7A/lCzqykNLJax3wQkU3ZfKk6ywIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQq
+FihPUE5zZW5zZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1Ud
+DgQWBBTYTk488gvOsh5qJ/VbKYxZRbQ/NzAfBgNVHSMEGDAWgBTYTk488gvOsh5q
+J/VbKYxZRbQ/NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAQEAH8sMS8XHZh4Jg6vBvwU1mufi9KeTW1MQP8p8FXV4hBZy
+jSPpeEyqJo4fms70AY9zqomjxIikKgBRnIi/pyJ5U3oKOrktHiXlzugeVIptR37P
+mUBPu/7yO1ttNdwKbX8OjSxR/BnJtP/rVwcKn2KnF0CQWHEsEpgTd+ayIEl7OEvJ
+icuN2//H71ytu/Le7tl+Ib6ZuoVA+n6JQenSOOWd31UUNNe8mANj0bzkHTaoIDzS
+oqhN9vfQ61E3p8E1X3IA3q8rggrJudR+fngwH7TeKtd2STP2nXtHYlhDBfVlUG6x
+riZKtbFI0oiwF0BFyV4dah2i6N98phZ5V23Iz7t0PA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDEw
+MjZaFw0yODAzMDQxMDEwMjZaMIGHMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEqMCgGCSqGSIb3DQEJARYb
+ZmFiaW8uc2luaWJhbGRpQGlzdGkuY25yLml0MR8wHQYDVQQDDBZzc2VsYWItaW50
+ZXJtZWRpYXRlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+3H
+Vz7jnaGGew6LjeFhE5Dr+iIID+SdclrkB/ljz5ey3q4Rnsso4xnKVdyITSUinDee
+RiPk+R2h7mhGlL9Z25JpykV+exwzM5hPrU0GVaus9QljL9TCAsN82M6ww6R0+m1s
+vQp6/Y5oax/Mi/6K3dHqcjKEZ8GbHUns8xZtZ8sPCboyV1IFeAjfBIJYfr94CRqy
+A/H2JcY348fM3XMDzDhZXEydeMeaM8bQhtQml0IwRs3L1ZHFppNXjvQLW2IbF8EW
+VQNlTY7UwWpjsGDC3+3vrV0yOyE1hpi4YU3zcq9ds+HeVw4fUNEWCoDaEEah9wnX
+4O2yVxm+R31WEia3sQIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQqFihPUE5zZW5z
+ZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRE3BNE
+555kVhkB6C1XKtrYY+QlZzAfBgNVHSMEGDAWgBTYTk488gvOsh5qJ/VbKYxZRbQ/
+NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVbuglqJ2/vDBkFunvQa0SdR/OaL9cRtbfGqhYpc3sZVO2tDh7aKSrr9o
+7EeLFL+GKt9f8IqKMMTC33Ac/m+Ne6wvyv6sqpbTo84gdVlVV/YjWt9spEUivHa4
+TLxEhi7KeO2DmhMGYWI/ogTaNKWboUmZZ4PoBS0Z3Rz6I97UcPB89AcKLGAW0dtC
+fAQSHYVQ0Egm4Qf8ICJBcdwdnjffSUk3kkVcKg4qr+5kjVACjRJfqOm7PDrh2jmA
+gnMxtST45WTgWlWa4cS+/Bb9KreQCdfcN1xevOzOJSVecVYT40N8n8nwhCIkMPAM
+1QzsP1M6grD89nHeECK4LEpLTdBhvw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----