github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 18:19:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release/0.8.3'

Browse Source
This commit is contained in:
Arjan H
2018-11-17 11:43:35 +01:00
parent 3e2a73dbbf 58e0aa6f37
commit 6e3f6aa52c
1 changed files with 59 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
README.md
View File

@@ -4,7 +4,15 @@ A private Certificate Authority for internal (lab) use, based on the open source
![08-dashboard](https://user-images.githubusercontent.com/44847421/48658726-ebd4c400-ea46-11e8-8cb1-43584dbc3719.jpg)
## About
## Table of Contents
- [Background](#background)
- [Install](#install)
- [Usage](#usage)
- [Contributing](#contributing)
- [License](#license)
## Background
More and more websites and applications are served over HTTPS, where all traffic between your browser and the web server is encrypted. With standard HTTP the (form) data is unencrypted and open to eavesdroppers and hackers listening to communications between the user and the website. Therefore the Chrome browser now even warns about unsafe plain HTTP sites to nudge users towards HTTPS.
@@ -22,7 +30,7 @@ Also if you are developing your own client application or integrating one into y
Getting Boulder up and running has quite a learning curve though and that is where **LabCA** comes in. It is a self-contained installation with a nice web GUI built on top of Boulder so you can quickly start using it. All regular management tasks can be done from the web interface. It is best installed in a Virtual Machine and uses Debian Linux as a base.
## Installation
## Install
LabCA is best run on its own server / virtual machine to prevent any issues caused by conflicting applications. On a freshly installed Linux machine (currently only tested with Debian 9) run this command as root user:
@@ -30,19 +38,64 @@ LabCA is best run on its own server / virtual machine to prevent any issues caus
curl -sSL https://raw.githubusercontent.com/hakwerk/labca/master/install | bash
```
## Updating
The first-time install will take a while, depending on the power of your server and your internet speed. On my machine it takes about 12 minutes. It will install the latest versions of some packages, download the relevant programs and configure everything. If all goes well it should look like this:
On the Linux machine run this command as root user to update the installation:
<img src="https://user-images.githubusercontent.com/44847421/48658718-dc557b00-ea46-11e8-8596-00709fad9197.jpg" width="300">
### Setup
After the base install you must go through the setup in your browser. To give an idea of the setup process, see these screenshots:
<img src="https://user-images.githubusercontent.com/44847421/48658719-df506b80-ea46-11e8-9c51-08157a9a8b49.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658720-e0819880-ea46-11e8-9fda-8498ca28177d.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658721-e24b5c00-ea46-11e8-99ff-f30e0ba3ffe0.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658722-e4151f80-ea46-11e8-8b8b-6a0e57620d8c.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658723-e6777980-ea46-11e8-99ac-da046807973f.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658725-e9726a00-ea46-11e8-814f-4b25e5fc17aa.jpg" width="300">
Once the setup is completed, please make a backup of your Root and Issuer certificates! They can be exported from the "Certificates" tab of the Manage page. On the "Backup" tab you can also create a backup of the relevant data on the server. The backup files should be synchronized to an external location, but that is out of scope of this document.
### Update
Until issue #1 is implemented, updates can only be done from the Linux shell. On the server run this command as root to update the installation:
```sh
~labca/labca/install
```
## NOTE
## Usage
Once LabCA has been setup you should go through the admin pages and e.g. configure the email details for outgoing notifications. Now your instance is ready to provide HTTPS certificates for your internal applications.
### Admin
The admin section is only accessible to the user account created at the start of the setup. The [dashboard](https://user-images.githubusercontent.com/44847421/48658726-ebd4c400-ea46-11e8-8cb1-43584dbc3719.jpg) gives an overview of the current status of your LabCA instance. Via the menu you can navigate to the details of your ACME objects such as the certificates, to several system logfiles and to the various management tasks such as backup/restore, email settings and changing your password.
These screenshots give a preview of the admin section:
<img src="https://user-images.githubusercontent.com/44847421/48658727-ee371e00-ea46-11e8-93a6-40e9f37dd3ba.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658728-f0997800-ea46-11e8-8d37-9244086b09d4.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658729-f2633b80-ea46-11e8-8fcb-78c273cf914f.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658730-f4c59580-ea46-11e8-9d26-8ec6da00c3ad.jpg" width="300">
### ACME Client
To request and automatically renew certificates for your applications, you need one of the many standard ACME clients that are out there. Just make sure to configure the server hostname to be your LabCA instance.
Some of the commonly used clients are:
* [certbot](https://github.com/certbot/certbot)
* [acme-tiny](https://github.com/diafygi/acme-tiny)
* [dehydrated](https://github.com/lukas2511/dehydrated)
* ...
### Public Pages
The end users in your organization / lab can visit the public pages of you LabCA instance to get some basic information, and to download the root certificate that needs to be installed on each device that should trust the certificates generated by the LabCA instance. To give you and idea of what that looks like:
<img src="https://user-images.githubusercontent.com/44847421/48658731-f727ef80-ea46-11e8-985c-1ea64f340220.jpg" width="300"> <img src="https://user-images.githubusercontent.com/44847421/48658733-fa22e000-ea46-11e8-9fb1-901fddc9ee12.jpg" width="300">
### NOTE
Although LabCA tries to be as robust as possible, use it at your own risk. If you depend on it, make sure that you know what you are doing!
# License
## Contributing
Feel free to dive in! [Open an issue](https://github.com/hakwerk/labca/issues/new) or submit PRs.
## License
"Commons Clause" License Condition v1.0