diff --git a/content/blog/acme_infrastructure_in_private_lan.md b/content/blog/acme_infrastructure_in_private_lan.md new file mode 100644 index 0000000..37cd069 --- /dev/null +++ b/content/blog/acme_infrastructure_in_private_lan.md @@ -0,0 +1,33 @@ +--- +title: "Infrastructure for ACME (LetsEncrypt) certificates in a private LAN" +date: 2024-04-10 +draft: false +'blog/tags': +- sysadmin +- Échirolles +--- + +[LetsEncrypt](https://letsencrypt.org) --- the non-profit certification +authority that certifies a vast portion of the web --- doesn't really needs +introduction anymore. They provide free SSL certificates, and even better, they +do so using their standardized automated protocol, ACME +([RFC 8555](https://datatracker.ietf.org/doc/html/rfc8555)). + +When a client requests a certificate through ACME for a domain, it will be +handed a token --- a random string --- by the server. This token (the +challenge) must be temporarily served by the client to prove that it indeed +controls the domain. This automated validation uses either `http-01` or +`dns-01` challenges. The former requires the client to serve the token via http +at a certain URL. The latter requires the client to register a `TXT` DNS entry +under the domain bearing the token. The `http-01` process is clearly easier to +implement, and makes ACME straightforward in many cases. + +Assume, however, that the machine trying to obtain a certificate is in a +private LAN --- it has no public IP address, or should remain completely +firewalled from the Internet, including the ACME server. In this case, the +`http-01` challenge cannot be used, and `dns-01` must be used instead. Many +articles online give instructions on how to make Certbot or other ACME clients +update DNS records. However, I am really not comfortable with giving all of my +applicative servers write-access to my DNS zones. + + diff --git a/content/blog/test01.md b/content/blog/test01.md deleted file mode 100644 index 9481abd..0000000 --- a/content/blog/test01.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Test 1 -date: 2023-04-01 -draft: true -"blog/tags": -- test -- misc ---- - -Bonjour, ceci est un test. diff --git a/content/blog/test02.md b/content/blog/test02.md deleted file mode 100644 index e37c6e2..0000000 --- a/content/blog/test02.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Test 2 -date: 2023-05-02 -draft: true -"blog/tags": -- test -- second ---- - -Bonjour, ceci est également un test. diff --git a/content/blog/test_long.md b/content/blog/test_long.md deleted file mode 100644 index 612be5d..0000000 --- a/content/blog/test_long.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Ceci, par rapport aux autres, est un test avec un titre d'une longueur fort surprenante. -date: 2023-05-12 -draft: true -"blog/tags": -- test ---- - -Bonjour, ceci est également un test. diff --git a/scss/_blog.scss b/scss/_blog.scss index 10b74b9..10c6965 100644 --- a/scss/_blog.scss +++ b/scss/_blog.scss @@ -97,4 +97,12 @@ padding-left: 15px; margin-left: 25px; } + + :not(pre) > code { + background-color: $icode_bg_color; + padding: 2px 4px; + border-radius: 4px; + font-size: 85%; + color: $icode_fg_color; + } } diff --git a/scss/_params.scss b/scss/_params.scss index c1211ec..8fec1bb 100644 --- a/scss/_params.scss +++ b/scss/_params.scss @@ -5,6 +5,8 @@ $link_color: #07a; $fg_color: #555; $fg_color_light: #555555bb; $head_bg_color: #060033; +$icode_fg_color: $fg_color; +$icode_bg_color: #e1e1e1; $resp_small: 1350px; $resp_vsmall: 1000px; diff --git a/static/css/style.css b/static/css/style.css index 81b0f7f..13d58f2 100644 --- a/static/css/style.css +++ b/static/css/style.css @@ -69,6 +69,13 @@ padding-left: 15px; margin-left: 25px; } +.blog :not(pre) > code { + background-color: #e1e1e1; + padding: 2px 4px; + border-radius: 4px; + font-size: 85%; + color: #555; } + html { background-color: white; }