Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

How can you have any pudding if you don't eat your meat? -- Pink Floyd


dovenet / Internet / Re: Cloudflare

SubjectAuthor
* Re: Cloudflarelynx769
+* Re: CloudflareNelgin
|`- Re: Cloudflarepoindexter FORTRAN
`* Re: Cloudflarepoindexter FORTRAN
 `- Re: CloudflareTracker1

1
Re: Cloudflare

<60809690.7991.dove-int@vert.synchro.net>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=242&group=DOVE-Net.Internet#242

 copy link   Newsgroups: DOVE-Net.Internet
From: lynx769@VERT/BTTMLSS (lynx769)
To: poindexter FORTRAN
Subject: Re: Cloudflare
Message-ID: <60809690.7991.dove-int@vert.synchro.net>
Date: Wed, 21 Apr 2021 10:17:00 +0000
X-Comment-To: poindexter FORTRAN
Path: rocksolidbbs.com!not-for-mail
Newsgroups: DOVE-Net.Internet
X-FTN-PID: Synchronet 3.19a-Linux master/12fde4ab9 Apr 13 2021 GCC 8.3.0
X-FTN-CHRS: ASCII 1
WhenImported: 20210421141808-0700 c1e0
WhenExported: 20210421143432-0700 c1e0
ExportedFrom: VERT dove-int 7991
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: lynx769 - Wed, 21 Apr 2021 10:17 UTC

pF> The original poster is using pfsense to talk to Cloudflare's API, it sound
pF> like you could do some interesting things with it.

I've got a small container which checks every 5 minutes if my home IP has
changed and calls Cloudflare's API to update the wildcard A record for my
domain.

I'm hosting a half dozen services running behind nginx-ingress and let's
encrypt cert issuer on a kubernetes cluster. The cluster is running small
RancherOS VMs on Proxmox.

With the wildcard, I just spin up a new service and have a valid certificate
issued automatically and be in business. The only downside is that Cloudflare
can't proxy wildcard records so I lose the proxy benefit though.

Lachlan

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: The Bottomless Abyss BBS * bbs.bottomlessabyss.net

Re: Cloudflare

<60811964.2741.dove-internet@endofthelinebbs.com>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=243&group=DOVE-Net.Internet#243

 copy link   Newsgroups: DOVE-Net.Internet
From: nelgin@VERT/EOTLBBS (Nelgin)
To: lynx769
Subject: Re: Cloudflare
Message-ID: <60811964.2741.dove-internet@endofthelinebbs.com>
Date: Wed, 21 Apr 2021 18:36:20 -0500
X-Comment-To: lynx769
Path: rocksolidbbs.com!not-for-mail
Organization: End Of The Line BBS
Newsgroups: DOVE-Net.Internet
In-Reply-To: <60809690.7991.dove-int@vert.synchro.net>
References: <60809690.7991.dove-int@vert.synchro.net>
X-FTN-PID: Synchronet 3.19a-Linux master/e5ccdb106 Apr 18 2021 GCC 9.3.0
X-FTN-CHRS: CP437 2
WhenImported: 20210421234645-0700 c1e0
WhenExported: 20210422023435-0700 c1e0
ExportedFrom: VERT dove-int 7992
WhenImported: 20210422013620-0500 c168
WhenExported: 20210422014647-0500 c168
ExportedFrom: EOTLBBS dove-internet 2741
User-Agent: tin/2.4.5-20201224 ("Glen Albyn") (Linux/5.4.0-72-generic (x86_64))
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
 by: Nelgin - Wed, 21 Apr 2021 23:36 UTC

lynx769 wrote:
> pF> The original poster is using pfsense to talk to Cloudflare's API, it sound
> pF> like you could do some interesting things with it.
>
> I've got a small container which checks every 5 minutes if my home IP has
> changed and calls Cloudflare's API to update the wildcard A record for my
> domain.

I have nsupdate running on my router which runs openwrt. It will automatically
update my DNS without having to check every so often. It's nice and quick.

---
■ Synchronet ■ End Of The Line BBS - endofthelinebbs.com

Re: Cloudflare

<60817F7B.4712.dove.dove-int@realitycheckbbs.org>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=247&group=DOVE-Net.Internet#247

 copy link   Newsgroups: DOVE-Net.Internet
From: poindexter.fortran@VERT/REALITY (poindexter FORTRAN)
To: lynx769
Subject: Re: Cloudflare
Message-ID: <60817F7B.4712.dove.dove-int@realitycheckbbs.org>
Date: Wed, 21 Apr 2021 23:15:00 -0700
X-Comment-To: lynx769
Path: rocksolidbbs.com!not-for-mail
Organization: realitycheckBBS
Newsgroups: DOVE-Net.Internet
In-Reply-To: <60809690.7991.dove-int@vert.synchro.net>
References: <60809690.7991.dove-int@vert.synchro.net>
X-FTN-PID: Synchronet 3.18c-Win32 master/4e568ebc3 Dec 12 2020 MSC 1927
X-FTN-CHRS: ASCII 1
WhenImported: 20210422065202-0700 c1e0
WhenExported: 20210422083435-0700 c1e0
ExportedFrom: VERT dove-int 7996
WhenImported: 20210422065155-0700 c1e0
WhenExported: 20210422065156-0700 c1e0
ExportedFrom: REALITY dove.dove-int 4712
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: poindexter FORTRAN - Thu, 22 Apr 2021 06:15 UTC

-=> lynx769 wrote to poindexter FORTRAN <=-

ly> With the wildcard, I just spin up a new service and have a valid
ly> certificate issued automatically and be in business. The only downside
ly> is that Cloudflare can't proxy wildcard records so I lose the proxy
ly> benefit though.

I'm new to the cert game. I assumed that LetsEncrypt couldn't do wildcards.
If they did, I could replace all of the standalone LE instances with the
reverse proxy server I want to build. But, then I wouldn't need the proxy
server, as it's going to be there to allow my internal hosts to renew their
LE certificates. :)

What are you using as a reverse proxy? I am planning on using nginx, only
because I've recently used it at work to proxy some servers behind a single
IP.

.... Mary being complete the job bazooka.
--- MultiMail/DOS v0.52
� Synchronet � realitycheckBBS -- http://realitycheckBBS.org

Re: Cloudflare

<60817F7C.4713.dove.dove-int@realitycheckbbs.org>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=248&group=DOVE-Net.Internet#248

 copy link   Newsgroups: DOVE-Net.Internet
From: poindexter.fortran@VERT/REALITY (poindexter FORTRAN)
To: Nelgin
Subject: Re: Cloudflare
Message-ID: <60817F7C.4713.dove.dove-int@realitycheckbbs.org>
Date: Wed, 21 Apr 2021 23:21:00 -0700
X-Comment-To: Nelgin
Path: rocksolidbbs.com!not-for-mail
Organization: realitycheckBBS
Newsgroups: DOVE-Net.Internet
In-Reply-To: <60811964.2741.dove-internet@endofthelinebbs.com>
References: <60811964.2741.dove-internet@endofthelinebbs.com>
X-FTN-PID: Synchronet 3.18c-Win32 master/4e568ebc3 Dec 12 2020 MSC 1927
X-FTN-CHRS: ASCII 1
WhenImported: 20210422065203-0700 c1e0
WhenExported: 20210422083435-0700 c1e0
ExportedFrom: VERT dove-int 7997
WhenImported: 20210422065156-0700 c1e0
WhenExported: 20210422065156-0700 c1e0
ExportedFrom: REALITY dove.dove-int 4713
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
 by: poindexter FORTRAN - Thu, 22 Apr 2021 06:21 UTC

-=> Nelgin wrote to lynx769 <=-

Ne> I have nsupdate running on my router which runs openwrt. It will
Ne> automatically update my DNS without having to check every so often.
Ne> It's nice and quick.

I've got dynamic DNS, and I use a static A address on my provider for my
base host name, then CNAME everything off of it. I haven't had my IP address
change unless I hard reset my router.

.... ONE OUT OF FIVE DENTISTS RECOMMEND GUM.
--- MultiMail/DOS v0.52
� Synchronet � realitycheckBBS -- http://realitycheckBBS.org

Re: Cloudflare

<6091C9AC.2653.dove-internet@roughneckbbs.com>

 copy mid

https://www.rocksolidbbs.com/dovenet/article-flat.php?id=275&group=DOVE-Net.Internet#275

 copy link   Newsgroups: DOVE-Net.Internet
From: tracker1@VERT/TRN (Tracker1)
To: poindexter FORTRAN
Subject: Re: Cloudflare
Message-ID: <6091C9AC.2653.dove-internet@roughneckbbs.com>
Date: Tue, 4 May 2021 08:24:43 -0700
X-Comment-To: poindexter FORTRAN
Path: rocksolidbbs.com!not-for-mail
Organization: Roughneck BBS
Newsgroups: DOVE-Net.Internet
In-Reply-To: <60817F7B.4712.dove.dove-int@realitycheckbbs.org>
References: <60817F7B.4712.dove.dove-int@realitycheckbbs.org>
X-FTN-PID: Synchronet 3.18c-Linux HEAD/0634130 Mar 14 2021 GCC 6.3.0
X-FTN-CHRS: UTF-8 4
WhenImported: 20210504160749-0700 c1e0
WhenExported: 20210504203726-0700 c1e0
ExportedFrom: VERT dove-int 8024
WhenImported: 20210504222444Z 0000
WhenExported: 20210504230752Z 0000
ExportedFrom: TRN dove-internet 2653
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101Thunderbird/78.9.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
 by: Tracker1 - Tue, 4 May 2021 15:24 UTC

On 4/22/2021 6:15 AM, poindexter FORTRAN wrote:
>
> I'm new to the cert game. I assumed that LetsEncrypt couldn't do wildcards.
> If they did, I could replace all of the standalone LE instances with the
> reverse proxy server I want to build. But, then I wouldn't need the proxy
> server, as it's going to be there to allow my internal hosts to renew their
> LE certificates. :)
>
> What are you using as a reverse proxy? I am planning on using nginx, only
> because I've recently used it at work to proxy some servers behind a single
> IP.

You can do wildcards with LE, but you need to have DNS integration.

I've mostly been using Caddy for reverse proxy and static content...
I'll use Nginx when I need more than that.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
� Synchronet � Roughneck BBS - roughneckbbs.com

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor