Hackeriet

User Tools

Site Tools

You are here: start » infra » services » hacker-id
infra:services:hacker-id

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
infra:services:hacker-id [2025/08/07 20:14] d404d_idp.hackeriet.noinfra:services:hacker-id [2025/08/13 21:24] (current) – [System setup] d404d_idp.hackeriet.no
Line 157: Line 157:
   * Located in ''/srv/kanidm''   * Located in ''/srv/kanidm''
     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm     * One docker compose stack with Traefik (for certificate issuance as LE needs this in-line) and Kanidm
 +    * [[https://ip.hackeriet.no/ipam/prefixes/48/prefixes/|Dedicated v6 subnet]] defined in compose and in /etc/docker/daemon.json in order for XFF mapping to work properly
     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)     * Communication between the two are encrypted using a self-signed certificate (Kanidm requires last-hop encryption)
     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening     * Created user and group "kanidm" in the host, which will represent the kanidm container's resources. Rights configured according to https://kanidm.github.io/kanidm/stable/security_hardening.html#security-hardening
/srv/hackeriet-wiki/dokuwiki/data/pages/infra/services/hacker-id.txt · Last modified: by d404d_idp.hackeriet.no