initial commit

prod/nextcloud/nextcloud-certificate/README.md

@@ -0,0 +1,45 @@
+AANMAKEN CERTIFICAAT:
+
+Uitleg:
+
+omdat traefik de TLS interrupt doet moet Nextcloud Traefik vertrouwen. 
+Er komt immers alleen http verkeer bij Nextcloud binnen.
+Verkeer van buiten moet echter wel weten dat het echt met  Nextcloud praat. 
+Daarom werkt het Trafik default certificate ook niet. 
+Je moet dus een eigen certificaat aanmaken voor nextcloud-prod.allard.dcs. 
+Dit doe je in mijn geval via cert-manager die op zijn beurt de cert-issuer Letstencrypt gebruikt. In je route geef je dan ipv TLS Letsencrypt de naam van het secret op dat je certificaat bevat. Dus Traefik doet nog steeds de TLS-interrupt, 
+maar gebruikt daarbij het Nextcloud certificaat i.p.v. het default certificaat.
+
+
+2.Maak certificaat aan:
+
+kubectl apply -f certificate.yaml
+
+3.Updaten route:
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nextcloud
+  namespace: traefik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nextcloud-prod.allarddcs.nl`)
+      kind: Rule
+      services:
+        - name: nextcloud
+          port: 80
+  tls:
+    secretName: nextcloud-prod.allarddcs.nl
+
+4.herstarten traefik:
+
+kubectl rollout restart deployment traefik -n traefik
+
+5: checken certificaat issuer:
+
+openssl s_client -connect nextcloud-prod.allarddcs.nl:443 -servername nextcloud-prod.allarddcs.nl | openssl x509 -noout -text | grep "Issuer:"
+
+Dit mag nu niet meer TRAEFIK DEFAULT CERTIFICATE zijn.

prod/nextcloud/nextcloud-certificate/certificate.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nextcloud-prod.allarddcs.nl
+  namespace: nextcloud
+spec:
+  dnsNames:
+  - nextcloud-prod.allarddcs.nl
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: letsencrypt
+  secretName: nextcloud-prod.allarddcs.nl
+  usages:
+  - digital signature
+  - key encipherment

prod/nextcloud/nextcloud-certificate/check-sertificate.sh

@@ -0,0 +1 @@
+openssl s_client -connect nextcloud-prod.allarddcs.nl:443 -servername nextcloud-prod.allarddcs.nl | openssl x509 -noout -text | grep "Issuer:"

prod/nextcloud/nextcloud-certificate/nextcloud-selfsigned.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLTCCAxWgAwIBAgIUPO3LZvWoawNHGXyTzL706CRIeWEwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbbmV4dGNsb3VkLXByb2QuYWxsYXJkZGNzLm5sMB4XDTI1
+MDIwNjA4MDMzNVoXDTI2MDIwNjA4MDMzNVowJjEkMCIGA1UEAwwbbmV4dGNsb3Vk
+LXByb2QuYWxsYXJkZGNzLm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAnN/IBA7l6Np7DV9olpGStpVyFc//o/78sp+rtHQB+U8ipqx3IB9gnMLhwPMb
+WhUczE/3uAv4FXHmC1BHgC791fVFaG0EnTvnQ/lgQUA6YxWMqVD/DeXdOwpbvR8z
+5i5ej/+R9NJU1Z+bHFs7qezyjt32woqU/AcbppIqSaotqOMg8VXa0JAWoDREGAvj
+i2mrQuVjJtDCb3VtCsCy0QjrxFUuWkL1mlbMbu7eK7nNAayLT3EXnyL/aqk1ehlw
+NBmhpHH8w5JgF7lhOzhb79JiiIu8TmvFiSkVJ+5b8Vshq2VbGIOVi9d9O5vzLYsO
+96EGtC6je8MdrWrOscnVnlU6QBiCx0zIAUEcmZJGBM9EGObJ99tiGLyjyhAAT3yS
+2AUpnRx1t0NSugT5/TDokfMWAfPrcvy7YL557V82Nj0GWlfJAKf9mFyCvqkLNDpr
+2XUaecAkXFYXYYHh6CPOcGhxIvKeoWvxUVVucIQ4AEWstnRvpX9dxdWTmnIJ3mwI
+f5BO/UqwuEhIMPOSHcK1f1WALGqySYRynVR3woMZe0d1fEqjUa90QGrBlzkZGC7m
+qQ/s66la61Za4Z2xpLf+bpIWF58i3QrTgML+J4/2eukDBoHEGuRw/eT0Q1Nm273k
+P0285RVB7Ajfjz6H0GpY0biF7A4qUtQQFMiTaj6v8+uerIsCAwEAAaNTMFEwHQYD
+VR0OBBYEFLpljsx8toJnnXd2DbN4JNg7xfoVMB8GA1UdIwQYMBaAFLpljsx8toJn
+nXd2DbN4JNg7xfoVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
+ADVC+HEVR4O+xxHLCcYC2L6z4unKG03oFEglqwPYYPrBX05yhrY3hCE4poWDRi4s
+o+Mlan01yPIHKVN/YnlRvwsTqlyZGeQ1proFWOYAEC5e/iuEkZUlFkscaI74FcQH
+yw0B61He2nDi7xIWJZdzxZngnYvZ/A7GkmM9Bb+7sPfc/CBOkRLab7+OT93pNR7i
+dMcNaRuMbdSQPIxO4J04Zzf8ecb7ueuxcNrZcAPO0g0gBvnY/YC5tCTnhtASX2mq
+mroPi+u1YHXvUS+gBZmVE1DeFRhmtv40r9oosa/15zNJV/ORlK9ibiS5m0ykyBZP
+aPSmHfjLc0RXMCRqxs4SSr1wHwM+WLquuX4IpnpkS9fuxRl8MLdHx0xXvAPg8/pW
+0rk5+aaDUWrU5Uli+6cYelzVUAEtwXKBg3wiclk7v3QIdtTLDCmYg8J5SIVb+X9+
+o8BQH9V6x6h0MDobZeX972gs4bxDmYFAD4eXAb78FFFDLE8EFzS/LgnPLsuaE9Yg
+fMYJ3xzXxSb1Q52yT8L/fxfJlNQ9m0rS3klCJJCffzRCCV9pf/zeP5A9aaRm5gvR
+rL158acXwbQh/u02HyO6eGQZp4GePEQolbJPUuVCl6hEtQiszTl0VjAExnWGbu/3
+Xv79AAS75T7uyjezSpx7Ts6EK4FYz8bxb5zJyTMn86v/
+-----END CERTIFICATE-----

prod/nextcloud/nextcloud-certificate/nextcloud-selfsigned.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCc38gEDuXo2nsN
+X2iWkZK2lXIVz/+j/vyyn6u0dAH5TyKmrHcgH2CcwuHA8xtaFRzMT/e4C/gVceYL
+UEeALv3V9UVobQSdO+dD+WBBQDpjFYypUP8N5d07Clu9HzPmLl6P/5H00lTVn5sc
+Wzup7PKO3fbCipT8BxumkipJqi2o4yDxVdrQkBagNEQYC+OLaatC5WMm0MJvdW0K
+wLLRCOvEVS5aQvWaVsxu7t4ruc0BrItPcRefIv9qqTV6GXA0GaGkcfzDkmAXuWE7
+OFvv0mKIi7xOa8WJKRUn7lvxWyGrZVsYg5WL1307m/Mtiw73oQa0LqN7wx2tas6x
+ydWeVTpAGILHTMgBQRyZkkYEz0QY5sn322IYvKPKEABPfJLYBSmdHHW3Q1K6BPn9
+MOiR8xYB8+ty/LtgvnntXzY2PQZaV8kAp/2YXIK+qQs0OmvZdRp5wCRcVhdhgeHo
+I85waHEi8p6ha/FRVW5whDgARay2dG+lf13F1ZOacgnebAh/kE79SrC4SEgw85Id
+wrV/VYAsarJJhHKdVHfCgxl7R3V8SqNRr3RAasGXORkYLuapD+zrqVrrVlrhnbGk
+t/5ukhYXnyLdCtOAwv4nj/Z66QMGgcQa5HD95PRDU2bbveQ/TbzlFUHsCN+PPofQ
+aljRuIXsDipS1BAUyJNqPq/z656siwIDAQABAoICAAGyxIISvTdzohBnf4Tdx5ZV
+cNo+mbhnSsoOQ3gdJ2ZRDoF6bYG6BTw9Od9yYlHr15d4qChkbMeip4ho0pVXLOVT
+lfBG+d1P6DWKrhmWvesTsSWmHFTEr8vzVUHrZA7yYpCxhh1953A2naHFdRRmXcvh
+KEo74NgHpat8epu4jWz+JH2oXcmTPcN3PWN7QXfhaXq8bAHgEbLONSOAKY9sxsyl
+1W4hunH0zZrH2Dzl8ou5l/qAsW5GHTjE4zDStK3Dt0XF/CQL4iFvntdayVgD0ZBD
+3wKEVSuid7mqcXFf+LHX05Ak4IoWh6MNEallD4Dry9xIgvmUh644cUtocXkY2BwU
+MK8yg33uYw4CKKB/tQLWhcOROAqU1VBkiqXVprbWwXtZo6EvdA+eAmHxsuYdAC/l
+S/lLyew9nyT69RkDJpXE7C6nZ3ut0wfRs8VAwWnr7JtYPbYosjZ4ACzADFnUWkJt
+DUxivk58Ew/AH8saDQfaVTcO2J4R8T8VupBh7axzNKJG2E/zt/53BPa1Iy7/DDtd
+AIQeRt1G2t/qWznQ+7c9HelGFoUjVAAAj2vUCaYe8WdyNcwG0Powqf6s1jZ9rRU9
+KSFrAbygNeHiq4VzS7D+0N93nvZqstLxvnuTGFD8T6Q1B9FbFuA4mevyQRBFE5SF
+WIDQ4c/RU5VtQEvAt7FxAoIBAQDNla5rP7qqR40PnHKpuqCShG8xzdm/gc2FkE/b
+BUb25h/S2kPFCSGasPLpL/F0m3v4mx6jiMyRAdQVxOHV2bs0RdL2V3z65+swCfNf
+ESvTOAsGDIH4BbrqWwOSonSTFL006T2ACXDArvmYd4572KZ2B8Qv3Pp1TO4i1j3z
+/HBoi3F7FwZaYGZT1pVWAkoXCDQj46QSz7Cgo6zR1lhKiQkPcqpAVlFghLfTiEdz
+obeOX8oDdmKyh6SkJIiZ//VNivdBgL/TmBD0ZdNXnf+6Ys8iww+sWobAPgPva7Bl
+TNgZzH0HEXwC8i8DZh0s1oCdAbaFuisalzGtqUHwqMQDQD2RAoIBAQDDWB7DVfYr
+rKzRF2IJke7YeXWLl5DCW3SQjohF40Or0zyoVEDEvQgQFL0JLQ7wv9ZzJvt+GjaH
+iNcKRYBVR1nb6Fw1TDu+cI8DhsWg13UK30S/H9O5w0s6YlwY+62knlOWepl84pAp
+Y1a9u0+/UR7WJm5eO7plZMqggyWdArjIek56xrCnvvPuxv9HCKxpJKcwTLVlA5q3
+vihfIBM3i32TLOeo7A81IBGHVGstHY6b4ch8IW0tS5GJFwAIvwgxCFxanQjHrwfp
+HLbigTXKcqX1gzJeuHV2K3Y10qSNfZNbZxvcYyxnQ63+0tgpHorJqj1/aLM4y3E3
+op/LgyBjPypbAoIBADdN0tPrGu3/vYS7k2TxXYzMr5T4SWFpK76IadMDgmmc0mbI
+bH6uzClu/ImaahvyT9E6+W0Iue8wTLtmcVIz9lZDilLWijp89RnBM4UZe26gnuaL
+qtLrx7KPtVBW/4EpjRSUwgSVhY1wBJjtYJkUWQNbZ31wtrejcFRSyeu+twaIrIhu
+UzkwwZZAHYA7sW6suEoHTPX6hQtRvIXeYXX7k0JimEYiclXCnij7ei0zDcvxHMj9
+qeNY9gNqCI1U+8pWXdlzJydmuvjkA4yIZmjfd9VkH+0/lQxWInzfvV4i4+dcyS2D
+mJa6S8dgSuzq70JNWapzwHCwx55t790rqT8uouECggEAZjLBDXL4sorJcy7nlJgr
+vEd3Lsvh6T0Ns99N/jpTGh8OmgZSSFuZT0h6ScWwDlZfLKmVY7j1FF2MG4yXAoas
+xXdAXoX+r7iVqcOlu2tdiY2bmt5c19ALmIUDJ/LsOra2hoCnsoWZ5H1bUTIhG7em
+CWXb0iMvdoKP3AAg+o8E+6W5T1SJ8Yjed+rWfWRVR0Ds00EembWUCVNMLdBLHYE1
+9nzEykSOBD49zW5mEBlplbY/PGoEg3EIuA83blv7PiPgpWuIv2ecHOJv7/qnmL34
+g4TbImEg2u0MEEae3oN3R5efJOMhxPjMnAfVHVYkSDNvryuosCsHlZLYRRHaLPJM
+BwKCAQAl06bCvDxbRONlnlMss/NOpx28IMgqSoM8jGYFy/hXni/PXrySZ9KurtE7
+PGaccgzUxJsZxDLuQuqgZ2XDu+TfwDKitjJq3bmIQPq3c0vp5hCL1WnWOuLstjpP
+xUxZwXXIHdTeKeTnIQchvPFt7a6EZxXDmKtwYtNLVeORsmhMnjpl0oR11sT7c8ea
+PP6+uYzKwPUNcT39HQPAEkevN0oAEqSJZHmEpsO2KLsvB1h5iM1lq70TNer7Slps
+x46utJPQA2Jqneb0lNHGBJGCJHUWH1UnCLlcC/QbQst+8bgU/jWST4ZJ4ReqcE9b
+94Uzs1ncbpaJSiptNhu74s1ivs25
+-----END PRIVATE KEY-----