Laboratoritator

🏭 How to setup your organization's internal services with a local CA.


View Demo · Report Bug · Request Feature

For various reasons, many development teams do not trust cloud providers and want to host their own in-house services. Laboratoriator is a series of docker-compose files and an instructional guide on how to setup your organization's services in a internal network.

• ctfd
• gitea
• nextcloud
• rocketchat
• stepca
• traefik
• wikijs

(back to top)

Install the following inside your host.

• docker
• docker compose plugin
• lazydocker
• step

1. Create the StepCA's directory and modify it, so docker can write in it.

$ cd $HOME $ mkdir stepca $ chown 1000:1000 stepca

2. Initialize and configurate StepCA. Make sure that you save your password and the new CA's fingerprint.

$ docker run -p 8443:8443 -it -v `pwd`/stepca:/home/step smallstep/step-ca:0.18.1 step ca init > Standalone > MoxthosCA > 0.0.0.0,ca.moxthos.art > :8443 > admin@moxthos.art > ******** ... ✔ Root fingerprint: ****************************************************** ...

3. Save your password inside the container and run the compose file.

$ docker run -p 8443:8443 -it -v `pwd`/stepca:/home/step smallstep/step-ca:0.18.1 sh (inside container) $ echo -n '**********' > /home/step/secrets/password (inside container) $ exit $ docker compose -f stepca.docker-compose.yml up -d 

4. Do not forget to change the default max lifetime for TLS certificates.

• Open ~/stepca/config/ca.json and configure claims inside the authority or the provisioner object.
• Restart the container to apply the changes.

"claims": { "maxTLSCertDuration": "2160h", "defaultTLSCertDuration": "24h", } 

5. Install the root certificates in your host using step.

$ step ca bootstrap --ca-url https://ca.moxthos.art:8443 --fingerprint ************ --install 

1. Create certs and traefik directories and modify them, so docker can write in them.

$ mkdir certs traefik $ chown 1000:1000 certs traefik

2. Create a certificate/key for Traefik and save it inside certs.

$ step ca certificate --ca-url https://ca.moxthos.art:8443 traefik.moxthos.art certs/traefik.crt certs/traefik.key --not-after 2399h

3. Copy the root certificate from StepCA's container to certs.

$ docker cp stepca:/home/step/certs/root_ca.crt ./certs/ $ chmod 644 ./certs/root_ca.crt

4. Create traefik-config.toml inside traefik and make sure that it contains the following:

[[tls.certificates]] certFile = "/certs/traefik.crt" keyFile = "/certs/traefik.key" 

5. Run the compose file.

$ docker compose -f traefik.docker-compose.yml up -d 

1. Create a certificate/key for Gitea and save it inside certs.

$ step ca certificate --ca-url https://ca.moxthos.art:8443 gitea.moxthos.art certs/gitea.crt certs/gitea.key --not-after 2399h

2. Make sure that traefik/traefik-config.toml contains the following:

[[tls.certificates]] certFile = "/certs/gitea.crt" keyFile = "/certs/gitea.key" 

Run the compose file.

$ docker compose -f gitea.docker-compose.yml up -d 

You can repeat the above process for all the other services.

• Step installation
• Traefik installation
• Gitea installation
• WikiJS installation
• Nextcloud installation
• Rocketchat installation
• Ctfd installation
• .env for docker compose

(back to top)

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

(back to top)

Distributed under the MIT License. See LICENSE for more information.

(back to top)