Osman Kazdal okazdal

## easy-rsa+HAProxy.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                rmrfslashbin
                / easy-rsa+HAProxy.md
            
            
              Last active
              January 6, 2024 11:21
            
              
                Howto: Easy-rsa + HAProxy
              
          
    These are some rough notes for deploying a test/dev local CA, a server key/cert, and a client key/cert. The intention is to provide a quick and dirty (don't use in production) local CA with one server and one client. HAProxy is used as an SSL terminator which forces SSL for all connections (via http redirect), then optionally accepts a client cert for authentication.
Easy-rsa

Follow the install guide for easy-rsa (https://github.com/OpenVPN/easy-rsa)
Init PKI

./easyrsa init-pki

Build CA

./easyrsa build-ca

  
## sysctl.conf
# Kernel sysctl configuration file for Linux
#
# Version 1.12 - 2015-09-30
# Michiel Klaver - IT Professional
# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant
#
# This file should be saved as /etc/sysctl.conf and can be activated using the command:
# sysctl -e -p /etc/sysctl.conf
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and sysctl.conf(5) for more details.
	# Kernel sysctl configuration file for Linux
	#
	# Version 1.12 - 2015-09-30
	# Michiel Klaver - IT Professional
	# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant
	#
	# This file should be saved as /etc/sysctl.conf and can be activated using the command:
	# sysctl -e -p /etc/sysctl.conf
	#
	# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details.