WIP: testing bright and resume copying content
This commit is contained in:
@@ -1,78 +1,13 @@
|
||||
import { promises as fsp } from 'fs'
|
||||
|
||||
export async function DummyPostString() {
|
||||
const ReactDOMServer = (await import('react-dom/server')).default
|
||||
const component = await DummyPost()
|
||||
return ReactDOMServer.renderToStaticMarkup(component)
|
||||
let path = ""
|
||||
if ('DUMMY_HTML_DIR' in process.env && typeof process.env.DUMMY_HTML_DIR === "string") {
|
||||
path = process.env.DUMMY_HTML_DIR + "test1.html";
|
||||
}
|
||||
return await fsp.readFile(path, "utf-8")
|
||||
}
|
||||
|
||||
export async function DummyPostSlug() {
|
||||
return "dummy-post"
|
||||
}
|
||||
|
||||
export async function DummyPost() {
|
||||
return(
|
||||
<div>
|
||||
<h1 className="title">Nginx + SSL Client Certificate Verification: Manage access to a site</h1>
|
||||
<p className="paragraph">Access control is a fundamental part of security. Most entities rely on
|
||||
the combination of username and password, sometimes with additional multi-factor authentication
|
||||
to improve security. Some entities also use the SSL client certificate verification to manage access
|
||||
to specific resources. One of the use cases where SSL client certificate verification fits perfectly is
|
||||
managing access to internet-facing development or staging servers. In this post, I'll share how
|
||||
to set up the certificates and configure nginx to verify users based on their certificates.</p>
|
||||
<h1>Preparing the certificates</h1>
|
||||
<p className="paragraph">There are two certificates we are going to create. The first one is the root
|
||||
certificate. It will be placed in the Nginx server. The second one is the client certificate. It will
|
||||
be installed in the client machine/browsers.</p>
|
||||
<h2>Root CA</h2>
|
||||
<p className="paragraph">For generating a root CA, execute these two steps:</p>
|
||||
<h3>Generate RSA Key</h3>
|
||||
<p className="code">openssl genrsa -aes256 -out ca.key 4096</p>
|
||||
<h3>Create Root CA crt file.</h3>
|
||||
<p className="code">openssl req -new -x509 -days 3650 -key ca.key -out ca.crt</p>
|
||||
<h2>Setup CA configuration</h2>
|
||||
<p className="paragraph">This is an optional step, but if you want to be able to revoke access you
|
||||
previously granted, you need to do this step.</p>
|
||||
<p className="paragraph">Create a file named ca.cnf in the same directory as the ca.key and ca.crt.</p>
|
||||
<p className="code">[ ca ]
|
||||
default_ca = gca
|
||||
|
||||
[ crl_ext ]
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ gca ]
|
||||
dir = ./
|
||||
new_certs_dir = $dir
|
||||
unique_subject = no
|
||||
certificate = $dir/ca.crt
|
||||
database = $dir/certindex
|
||||
private_key = $dir/ca.key
|
||||
serial = $dir/certserial
|
||||
default_days = 365
|
||||
default_md = sha256
|
||||
policy = gca_policy
|
||||
x509_extensions = gca_extensions
|
||||
crlnumber = $dir/crlnumber
|
||||
default_crl_days = 365
|
||||
|
||||
[ gca_policy ]
|
||||
commonName = supplied
|
||||
stateOrProvinceName = supplied
|
||||
countryName = optional
|
||||
emailAddress = optional
|
||||
organizationName = supplied
|
||||
organizationUnitName = optional
|
||||
|
||||
[ gca_extensions ]
|
||||
basicConstraints = CA:false
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always
|
||||
keyUsage = digitalSignature,keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
crlDistributionPoints = URI:http://example.com/root.crl
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 = example.com
|
||||
DNS.2 = *.example.com</p>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
Reference in New Issue
Block a user