Koozali.org: home of the SME Server

dehydrated - Wildcard ??

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
dehydrated - Wildcard ??
« on: August 23, 2020, 01:51:30 PM »
Are there Plans to implement Wildcards ... so for example if there are many (maybe even hundreds) Subdomains used for one TLD the to reach a seperate Ibay each that the Certificate does not overbord and rather have an elegant *.TLD in it?

thanks for all the good work!
Rudi

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: dehydrated - Wildcard ??
« Reply #1 on: August 24, 2020, 12:20:30 PM »
At the minute the Letsencrypt setup is pretty simple.

We wanted to try and get https certificates working without worrying about lots of different scenarios.

It is possible to write your own templates for a more complicated scenario if you want, but you will have too modify the dehydrated templates to split the certificates (pretty easy) and modify apache to use them.

I believe that we will be working on more complicated scenarios in v10, but currently we need to actually get v10 finished - that is much more important and we need all the help we can get.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
Re: dehydrated - Wildcard ??
« Reply #2 on: January 15, 2021, 04:57:42 PM »
I found a link: https://dokuwiki.tachtler.net/doku.php?id=tachtler:let_s_encrypt_-_wildcard_zertifikat
Here is explained how to set this thing up .. can anybody implement this os something similar into the Contrib,
or maybe for SME 10?
I am not a good coder, so i can't do that myself :-(
Anybody now?
 

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: dehydrated - Wildcard ??
« Reply #3 on: January 15, 2021, 05:06:58 PM »
I found a link: https://dokuwiki.tachtler.net/doku.php?id=tachtler:let_s_encrypt_-_wildcard_zertifikat
Here is explained how to set this thing up .. can anybody implement this os something similar into the Contrib,
or maybe for SME 10?

As per my previous.

Dehydrated works, and works for most. We are not going to do anything more complicated until after v10 is out. We are still working on it, and that is far more important right now.

It would help if you helped too.

Yes, you can install the contrib and then modify the configs yourself.

But it needs more than just a simple configuration.

Quote
I am not a good coder, so i can't do that myself :-(
Anybody now?

Time to start learning?

The templates are probably not too hard but there are other factors involved - eg modifying DNS - and you need to make sure you do not break other things.

Just following some guide online may not be right for your SME.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
Re: dehydrated - Wildcard ??
« Reply #4 on: January 15, 2021, 06:26:45 PM »
thanks reetp,
well as you shure know, all this is is quite complicated but simple to break the wrong things.
but because i have a project that needs a subdomain for every User of the Project, for one of the domains on the server, i will try to find a way. If i am successfull i will post the result and maybe even make a contrib or at least a Howto, for others with a similar challenge using SME.

And i will setup a server with SME Version 10 next week, so i can help finding bugs if this is needed as helping.
I am only good with databases and PHP :-(

no clue about perl and linux or the compleete architecture of SME under the surface.
I am learning all the time .. but i still don't get lots of the things happening on Linux.

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: dehydrated - Wildcard ??
« Reply #5 on: January 15, 2021, 08:16:50 PM »
Ask for a RocketChat account and come and talk to us.

We don't bite. You can help us.... And then maybe we can help you........

Simple :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Re: dehydrated - Wildcard ??
« Reply #6 on: January 16, 2021, 12:59:53 AM »
thanks reetp,

And i will setup a server with SME Version 10 next week, so i can help finding bugs if this is needed as helping.
I am only good with databases and PHP :-(

:-) thats 2 better than me :-)  jump in, its safe, and can even be a little fun..
--
qui scribit bis legit

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
Re: dehydrated - Wildcard ??
« Reply #7 on: January 16, 2021, 02:44:58 PM »
Ask for a RocketChat account and come and talk to us.

We don't bite. You can help us.... And then maybe we can help you........

Simple :-)

ok so please give me an RocketChat account, thanks!

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: dehydrated - Wildcard ??
« Reply #8 on: January 16, 2021, 03:09:04 PM »
ok so please give me an RocketChat account, thanks!

See my PM.

Note - the forums STILL have a place and will NOT be replaced by Rocket (before any one gets worried). They are good for general help/support/discussion.

Rocket is just an easier place to be able to chat through development in real time. It has really helped speed up development/bug testing etc as we can literally make suggestions to try there and then, in real time. it is my own instance (it is my test instance for work) - so private - and I only allow known users to register so no spam.

Quite a friendly little place too :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
Re: dehydrated - Wildcard ??
« Reply #9 on: January 16, 2021, 03:19:53 PM »
See my PM.


Got it, thanks! Never used it but looking forward ;-)

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Re: dehydrated - Wildcard ??
« Reply #10 on: January 16, 2021, 10:06:54 PM »
Rudi, if you are keen to jump in at the deep end or even the shallow one here are some notes that may help for starters..

The bible re QA - https://wiki.contribs.org/SME_Server:Documentation:QA:Verification
and
https://wiki.contribs.org/SME10.0_QA

These give the basic "do it this way so we are all on same page"

The SME10 Verification que

ALL Bugs for Verification - note contribs ones

Helpful info on Testing Setups

Handy Wiki pages

Its easy for those who do this regularly, it can be a bloody mine pit for someone who doesn't 🙂 very easy to kill a test system and no way to get out but wipe and start again, please dont be put off, if nothing else it sure educates you on the blackmagic in koozali/sme and makes you appreciate a hypervisor like Proxmox and snapshots.

1. Install current A5 iso - smeserver-10.0.alpha5-x86_64.iso

2. run a # yum update (DO NOT enable any repos) there are around 360+mb, last time I did it, awaiting, on occasion ie very very rarely smeserver-yum may also need updating first, it may be in smeupdates-testing, so a heads up a quick look under the hood can save a world of grief, BUT, be carful it may pull dependencies that need other updates, can also bork the test system.

3. Make sure to reboot/reconfig

4. Normal Test setup would be to now, select a Bug that need verifying, update the package
# yum update e-smith-base --enablerepo=smeupdates-testing (ONLY this) and follow the verification wiki

**HOWEVER** we have come such a long way with updates to the A5 iso, and I do mean multi versions of an update, a very large number of changes to system files etc, from the initial install that it is not possible to do basic testing using the basic A5 iso. You would have needed to updated a A5 iso incrementally as the updates and changes have been produced. So this stage for testing can just about be left until we release the Beta (not far away)

5. If you do a yum update --enablerepo=smeupdates-testing you will update ALL the packages that need testing, may also need the /smetest repo for some updates do it after completing above, be careful  - a danger Will Robinson moment - BUT it will bring your install to a point where you could carry out overall testing of the system or Contrib updates/import testing and verification BUT beware you could also kill it. This would also set a point where you could test any NEW updates..all good fun. It will also bring the system close to what a beta will be.. stay away from the /smedev repo unless told a particular package is there, *NEVER* update from there

Many contribs have been ported over to SME10, they are not in the sme10 contribs repo yet, you will find them in the /smetest and to a lesser degree /smedev some are unstable and need work, be warned, which is why they need to be tested, all will have a Bug raised against them, go our hardest. Install dont update from /smedev

You will also find that you may need as a minimum the epel and openfusion repos for some updates and or contribs see the /smeaddons repo for an easy way to configure

6. Not available publicly but will be in the beta is an iso that supports following

RAID should be configured as follows:

# 2 Drives - Software RAID 1
# 3 Drives - Software RAID 1 + 1 Hot-spare
# 4 Drives - Software RAID 6
# 5+ Drives - Software RAID 6 + 1 Hot-spare

something to look forward to :-)

Use the bug for feedback on testing, the lists are still a good resource as well, were the goto place
« Last Edit: January 16, 2021, 10:23:34 PM by TerryF »
--
qui scribit bis legit

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: dehydrated - Wildcard ??
« Reply #11 on: January 16, 2021, 10:12:49 PM »
Or just chat to @terry in Rocket.....
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,836
  • +6/-0
Re: dehydrated - Wildcard ??
« Reply #12 on: January 16, 2021, 10:24:30 PM »
Or just chat to @terry in Rocket.....

Only after he has his morning coffee, cranky old bastard without :-)
--
qui scribit bis legit

Offline bunkobugsy

  • *
  • 289
  • +4/-0
Re: dehydrated - Wildcard ??
« Reply #13 on: January 17, 2021, 04:06:32 AM »
wrong thread
« Last Edit: January 17, 2021, 04:16:47 AM by bunkobugsy »

Offline Rudi

  • **
  • 41
  • +0/-0
    • IT Consultant & Develpoment
Re: dehydrated - Wildcard ??
« Reply #14 on: January 17, 2021, 11:07:25 AM »
Rudi, if you are keen to jump in at the deep end or even the shallow one here are some notes that may help for starters ...

Use the bug for feedback on testing, the lists are still a good resource as well, were the goto place

I hope i will be a good help.
First try is upcoming Thursday night, where i will be at my Serverlocation most of the night anyway for maintainance. So reinstalling several times whould be no problem :-)