Hacker News new | ask | show | jobs
by josteink 2628 days ago
I actually have the reverse model: requesting certs is done by its own isolated and dedicated container and scp’d to the server which needs it.

Compromising a web-server will thus not compromise my DNS.
1 comments
xref 2628 days ago
I like the sound of this idea, happen to have a Dockerfile/scripts for it on GitHub?
link
josteink 2628 days ago
Nope. I’m using LXC and have set things up manually.

It’s just a basic setup with dehydrated[1], some bash scripts for deployment and cron though.

[1] https://github.com/lukas2511/dehydrated

link