Terraform Container NAS

    Terraform

    Following up from my recent post on a NAS device I had built and used for Linux containers, I had built using a Synology NAS. I have since added more memory to the device, maxing out the memory that the vendor supported 16GB. I have seen unsupported configuration with 20GB on the internet, I have not ventured into this area yet.

    I have also migrated what resources and containers I had in Docker to be managed by Terraform, HashiCorp’s Infrastructure as Code (IaC) tool. Which was a lot of re-creating of what I already had created, Docker volumes, images, and containers.

    I backed up current volume data to restore. Grafana and InfluxDB. Now all Docker resources are done through Terraform configuration and kept in source repository.

    Apr 10, 2021 · Filed in: Terraform, Docker, Linux, Storage
    Reading Time: 3 minute(s)

    OPNsense BIND Plugin Configuration

    Setting up BIND can be a challenge in of itself. Interfaces can be make things easier, but it isn’t always quiet obvious how-to go about achieving what you want, and still require some knowledge of BIND/named configuration.

    As with OPNsense DNS plugin, can be quite tricky to get right. This post is how I got my internal domain, hq.cormier.co, setup in OPNsense, complete with reverse zones.

    Plugins BIND
    Mar 11, 2021 · Filed in: OPNsense, BIND, DNS
    Reading Time: 2 minute(s)

    A Container NAS named Phong

    I recently purchased a Synology DS920+ NAS to use as a host for Linux containers and manage it via the Docker API and Terraform. This post is how I got the device to do exactly that. As to the name of the device, it is named after a ReBoot character.

    DS920+
    Feb 20, 2021 · Filed in: Docker, Linux, Storage, Certificates
    Reading Time: 6 minute(s)

    Create PKCS12/PFX Archive from Certificate and Private Key

    I have been doing some work with security certifcates lately and had the chance to document the creation of PKCS12/PFX archives using command line tools without first having CSR/private key in a key store.

    Site security certificate

    Most are familar with the following work flow of obtaining a security certificate…

    • Generate Certificate Signing Request (CSR)
      • This generates a private key (sometimes out of interface scope)
    • Submit CSR to Certificate Authority (CA) for certificate generation
      • Internal Windows CA - certsrv
      • Public CA like - GoDaddy
    • Retrieve certificate bundle from CA
    • Import into keystore used to create CSR
      • The private key lives here (sometimes with no interface to manage, Windows for example)
    • Export PFX archive that includes certificate, private key, and CA certificate(s) protected with password
      • Include private key in the export

    Voila! PFX Archive!

    But… if you have the private key on a file system some where and not in a key store (Windows or Java), the work flow changes.

    Note: Remeber to password protect any export of certificates with private keys with strong passwords

    To bundle those together in a PKCS12/PFX archive file you can use OpenSSL command line tool, I am sure there are others. Available on all major flavors of Linux and installable other operating systems.

    Nov 22, 2020 · Filed in: X.509, PKCS12, PKI, PEM
    Reading Time: 2 minute(s)