kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7eb0e9739387f6c3660b3775baf74536e4d4553d
EZ-Homelab/tasks.txt
Kelin 89ca29918b Implement shared CA certificate system for multi-server TLS security 
- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach
2026-01-25 23:08:01 -05:00

31 lines
1.4 KiB
Plaintext
Raw Blame History

Info
I am developing the EZ-Homelab repository. The focus is on the repo not the test system.
I'm troubleshooting the ez-homelab.sh setup process.
Install notes
Ran install script directly on fresh Debian 12 install without creating the .env file first.
There was a permission error creating .env file.
Note in order to install docker it must be run with sudo, then logout/login and rerun script without sudo.
When running with sudo it forces you to logout/login even if docker was already installed and running. If docker installed it should skip that part and continue.
SSHed in using VS Code, manually created the .env file.
ran ez-homelab.sh completed without errors
Sablier lazyloading wasn't working, the services were available by ip:port
Required configure docker daemon on server to listen on port 2375 unsecured and
sudo ufw allow 2375/tcp
Need to implement TLS and configure sablier to use TLS
Resolution
- Fixed ez-homelab.sh to handle .env file creation as the actual user to avoid permission errors.
- Added check for Docker group membership to only prompt logout when necessary.
- Implemented TLS for Docker API (port 2376) with proper certificates.
- Configured Sablier to use TLS with mounted certificates and DOCKER_HOST=tcp://${SERVER_IP}:2376.
- Updated healthchecks in media-management services to use localhost instead of ${SERVER_IP}.
- Verified TLS connection working, Sablier detecting groups successfully.
Reference in New Issue View Git Blame Copy Permalink