Greenbone Community Containers 22.4

curl -fsSL get.docker.com | sh

sudo usermod -aG docker $USER

mkdir greenbone && cd greenbone

curl -fsSL https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml -o docker-compose.yml

docker compose up -d

docker compose exec -u gvmd gvmd gvmd --user=admin --new-password=<password>

 

https://greenbone.github.io/docs/latest/22.4/container/index.html

nginx docker with hosted acme.sh (Let's Encrypt & ZeroSSL)

curl https://get.acme.sh | sh -s email=me@domain.tld

docker-compose.yaml

    image: nginx:latest

    container_name: nginx

    volumes:

      - ./etc-nginx-certs/:/etc/nginx/certs/

      - ./tmp-acme_challenge:/tmp/acme_challenge

      - ./default.conf:/etc/nginx/conf.d/default.conf

default.conf

    location ^~ /.well-known/acme-challenge/ {

        allow all;

        root /tmp/acme_challenge;

    }

    ssl_certificate /etc/nginx/certs/domain.tld.crt;

    ssl_certificate_key /etc/nginx/certs/domain.tld.key;

    

# issue Let's Encrypt

acme.sh --issue --server letsencrypt  -d domain.tld -d www.domain.tld -w /home/user/docker/nginx/tmp-acme_challenge --home /home/user/docker/nginx/acme.sh

# issue ZeroSSL

acme.sh --register-account -m me@domain.tld --issue -d domain.tld -d www.domain.tld -w /home/user/docker/nginx/tmp-acme_challenge --home /home/user/docker/nginx/acme.sh

# install cert

acme.sh --install-cert -d domain.tld --home /home/user/docker/nginx/acme.sh --key-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.key --fullchain-file /home/user/docker/nginx/etc-nginx-certs/domain.tld.crt --reloadcmd "docker exec nginx /etc/init.d/nginx reload"

# renew cert

acme.sh --cron --home /home/user/docker/nginx/acme.sh 

 

 

reference

- https://github.com/acmesh-official/acme.sh

K3S install with Rancher Helm Chart

---

SRV01

curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=v1.26.9+k3s1 K3S_KUBECONFIG_MODE=644 sh -

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

helm repo add rancher-stable https://releases.rancher.com/server-charts/stable

kubectl create namespace cattle-system

helm repo add jetstack https://charts.jetstack.io

helm repo update

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.crds.yaml

kubectl config view --raw > ~/.kube/config

chmod 600 ~/.kube/config

helm install \

  cert-manager jetstack/cert-manager \

  --namespace cert-manager \

  --create-namespace \

  --version v1.13.0

helm install rancher rancher-stable/rancher \

  --namespace cattle-system \

  --set hostname=rancher.my.org \

  --set bootstrapPassword=admin

  

kubectl -n cattle-system rollout status deploy/rancher

kubectl -n cattle-system get deploy rancher

sudo cat /var/lib/rancher/k3s/server/token

---

SRV02

curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=v1.26.9+k3s1 K3S_URL=https://<SRV01>:6443 K3S_TOKEN=<SRV01_TOKEN> sh -