steccas / stecca Goto Github PK

View Code? Open in Web Editor NEW

145.0 4.0 15.0 5.04 MB

An easy to deploy Certificate Authority / Public Key Infrastructure using CFSSL, Lemur and Docker magic!

License: GNU General Public License v3.0

Shell 44.34% Dockerfile 14.57% Python 41.09%

lemur cfssl certificates certificate-authority security deploy docker netflix easy oscp-responder

stecca's Introduction

StecCA

An easy to deploy Certificate Authority using CFSSL, Lemur and Docker magic!

About • Technologies • Key Features • How To Use • Contributing • Support • License

About The Project

I needed to manage certificates for my home lab, I'm self-hosting some services and of course, I wanted a full working SSL without errors.

In these situations, a Certificate Authority is needed, but using OpenSSL just from the terminal resulted unpractically and not ideal for managing the various certificates; so I decided to deploy a better system to do these tasks.

So I came across Lemur and CFSSL... I choose CFSSL because it has a very easy to use CLI, offers an OSCP responder and it is integrable with Lemur; Lemur is a platform that offers a web interface and SQL Database for managing the certificates, this way issuing, revoking, and keep track of them would be much more efficient to do.

Anyways, there were no products that integrated all of these technologies so using some guides and my expertise I've set up them together using docker and some scripts to have everything as clean as possible and very easy to redeploy.

Now I'm publishing it to GitHub because it could be really useful for a lot of people! I'd also like to further improve the projects making the integration better and adding even more functionalities for various use cases.

Need to quickly set up your CA in a matter of minutes? It is not a problem anymore!

Built with

This project uses the following technologies:

CFSSL acts as the core engine for SSL, being called upon the generation of CA and certificates while Lemur offers an integrated system with a web interface to make the management very very easy.

Everything is stored thanks to the PostgreSQL DB.

The deployment is done with docker and some bash scripting, it makes data persistence and deployment really fast and repeatable.

Key Features

Easy and fast deploy!
- Thanks to docker and bash scripting deploying a fully working CA doesn't take hours anymore!
Root CA and Intermediary CA
- Root CA is not directly exposed, an Intermediate CA (signed by root) will be signing the user created certificates.
Web Interface
- Lemur provides an easy-to-use web interface to issue, manage and revoke certificates.
Automation
- Lemur provides various automated checks on certificates, some have already been enabled but many many more can be enabled depending on your needs.
Persistence
- The integration with PostgreSQL of both CSSL and Lemur allows to easily manage and make persistent all the data needed.
OSCP Responder
- CFSSL's OSCP responder has been set up, including automatic updates. (I'm Not sure if it is already working as I configured it, so any help is really appreciated)

Getting Started

Getting the CA up and running is fairly easy if you pay attention in following these little steps, the guide and the scripts are assuming that you are using a Debian based Linux distro (including Ubuntu Server or Raspbian) but support for other distro is very feasible because only the 'apt' commands need to be changed.

If on debian, pay attention during the passage in wich the scripts imports the golang ppa

Windows is a nono, but maybe adapting the setup scripts will make it doable.

Prerequisites

As a prerequisite, you should just need an up and running Docker and Docker Compose installation. This will not be done by the script.

Please refer to the Docker install guide and Docker-Compose install guide to complete this passage

It is very quick and easy, don't worry.

You need a working firewall, i suggest to

Install UFW
```
sudo apt update
sudo apt install ufw
```

Otherwise, you need to edit lines 69 and 70 of setup_cfssl.sh to obtain the same firewall rules, this is very important or otherwise, the ROOT CA will be exposed in the network! (CFSSL Auth cannot be integrated with Lemur yet)

Installation

I'm using nano in some commands, but you can use any editor you want of course!

Clone the repo

git clone https://github.com/Steccas/stecCA.git

Edit cfssl-config.json to have the right url for yor crl and oscp, it may be localhost. Leave the same ports.
```
nano ./cfssl-config.json
```
Edit csr_root_ca.json and csr_intermediate_ca.json to setup the right values for your root CA and intermediate CA, there are already exaple values, change them and you are good to go.
```
nano ./csr_root_ca.json
nano ./csr_intermediate_ca.json
```
Similiarly, edit ocsp.csr.json to have the right informations for your OCSP.
```
nano ./ocsp.csr.json
```
Edit lemur.env to have the same informations available to Lemur. Don't touch the password, it will be set later automatically.
```
nano ./lemur.env
```
Edit creds.env to setup username and password for DB and other services, they will be automatically changed in the other files and will be automatically used; so use a complicated one.
```
nano ./creds.env
```
CHANGE THEM, the one put in the files are meant to be a placeholder or a default password for testing at best!
Start the setup script as root, it will ask if you configured everything, but if you don't do and something doesn't work as expected or you leave the default password (that everyone in github will know) it is up to you! Also, before running make sure that you have the execute permission flag.
```
chmod u+x ./setup_cfssl.sh
sudo ./setup_cfssl.sh
```
The setup will ask at some point to paste the pem certs data at the bottom of lemur.conf.py, it is important or Lemur WILL NOT WORK.
```
nano ./lemur.conf.py
```
and at the bottom look for these values and change them according to the outputted PEMs and your choosen url.
```
CFSSL_URL ="http://ca.example.lan:8888" #change this with machine ip or dns name
CFSSL_ROOT ="""<insert root pem here>"""
CFSSL_INTERMEDIATE ="""<insert intermediate pem here>"""
```
After this it will start everything up and as a last passage it will ask to add this to crontab, of course set also your desired frequency, which wil be opened for you in 5 seconds.
```
cfssl ocspdump -db-config /etc/cfssl/db_config.json> /etc/cfssl/ocspdump
```
Check the health of the containers with
```
docker ps
```
If they are not healty or something doesn't work, check every passage, open an Issue or check Support.
Enjoy

Usage

You can now simply open Lemur at port 443 of your machine (using your IP, localhost, or DNS name) and log in with your defined credentials, the web interface password is defined in the lempass environment variable, the username is "lemur".

Of course, remember to add your CA to your OSes and browsers.

The interface is really easy, but please refer to Lemur documentation for better instructions.

If you need to reboot your server it is not a problem, docker-compose should bring services up again and thanks to data persistence everything will be there.

This means that if you backup your CFSSL data and Docker volumes you can easily migrate to another machine.

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create.

And this project can be greatly improved!

Any contributions you make are greatly appreciated.

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

You can also consider to help with a donation ❤️

Support

This project comes without any warranty, you are responsible for the deployment. If you encounter open an issue, consider getting a sponsor plan or contact me to get dedicated support.

License

Distributed under the GNU GPL V3 License. See LICENSE for more information.

linktr.ee · GitHub @Steccas · LinkedIn Luca Steccanella

stecca's People

Contributors

Stargazers

Watchers

Forkers

etlweather benoitjpnet schwos graemes bitcoder2021 jorkdekok sr882915 bridgecrew-perf7 paper-dragon rafaelreyescarmona jeremybusk tenda-dev felix273 theproxy

stecca's Issues

Needs a readme

Installation problem

The command '/bin/sh -c apt-get update && apt-get -y --no-install-recommends upgrade && apt-get install -y --no-install-recommends libpq-dev curl build-essential locales libffi-dev libsasl2-dev libldap2-dev dh-autoreconf git python3-dev python3-pip python3-venv python3-wheel nodejs npm && locale-gen en_US.UTF-8 && export LC_ALL=en_US.UTF-8 && npm config set registry http://registry.npmjs.org/ && npm install npm -g && echo "Running with nodejs:" && node -v && python3 -m venv /opt/venv && echo "Running with python:" && /opt/venv/bin/python3 -c 'import platform; print(platform.python_version())' && /opt/venv/bin/python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel && /opt/venv/bin/python3 -m pip install --no-cache-dir -e . && npm install --unsafe-perm && node_modules/.bin/gulp --cwd /opt/lemur build && node_modules/.bin/gulp --cwd /opt/lemur package && npm cache clean --force && rm -rf node_modules && python3 -c 'print(" \033[32m BUILDER DONE \033[0m ")'' returned a non-zero code: 1
ERROR: Service 'lemur' failed to build : Build failed

ocsp.service not starting

I'm still hunting for the issue; which may appear to be a database related one. The ocsp.service will not start but the cfssl.service does. Upon starting the ocsp.service one gets the error:

                                   {"code":11000,"message":"pq: relation \"ocsp_responses\" does not exist"}

I have attempted to increase the log-level=4 but it had no effect on the output detail. The Postgres Data is available and the cfssl database is in place..

Head scratch; suggestions are welcome. This is a net new test install.

Lemur builds without CSS

Maybe more an issue for Lemur project, but I have been trying to debug this for now a few hours... Lemur docker container builds all fine, but when I browse, I get no CSS! I checked the HTML and there is no linked CSS either. (login page that is). I am at loss as to why that is.

Docker network driver issue

Not sure if this is something im doing wrong/missing but when I try and set this up I get the following message
Creating network "stecca_canet" with the default driver
ERROR: plugin "bridge" not found

EDIT:
Forgot to add that this is on Ubuntu server 20.04

No certificates generated into /etc/cfssl

Hello,

running Debian 10 to deploy this running into the below.

.sudo ./setup_cfssl.sh
Have you read the readme and setup the right informations and your credentials? [y/N] y
Reading package lists... Done
Building dependency tree
Reading state information... Done
gpg is already the newest version (2.2.12-1+deb10u1).
jq is already the newest version (1.5+dfsg-2+b1).
rsync is already the newest version (3.1.3-6).
software-properties-common is already the newest version (0.96.20.2-2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
 Golang 1.8, 1.9, 1.10, 1.11, 1.12, 1.13, 1.14, 1.15 and 1.16 PPA for Ubuntu
 More info: https://launchpad.net/~longsleep/+archive/ubuntu/golang-backports
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keybox '/tmp/tmpz79rta_6/pubring.gpg' created
gpg: /tmp/tmpz79rta_6/trustdb.gpg: trustdb created
gpg: key F6BC817356A3D45E: public key "Launchpad PPA for Simon Eisenmann" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no valid OpenPGP data found.
Ign:1 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://security.debian.org/debian-security buster/updates InRelease
Hit:4 http://deb.debian.org/debian buster-updates InRelease
Err:5 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish Release
  404  Not Found [IP: 91.189.95.85 80]
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Executing: /tmp/apt-key-gpghome.LSDVBAMtTE/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys F6BC817356A3D45E
gpg: key F6BC817356A3D45E: "Launchpad PPA for Simon Eisenmann" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Ign:3 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish InRelease
Hit:4 http://deb.debian.org/debian buster-updates InRelease
Err:5 http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish Release
  404  Not Found [IP: 91.189.95.85 80]
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/longsleep/golang-backports/ubuntu impish Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
golang-go is already the newest version (2:1.11~1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
./setup_cfssl.sh: line 17: ./creds: No such file or directory
useradd: user 'cfssl' already exists
# github.com/cloudflare/cfssl/vendor/github.com/zmap/zlint/v3/lint
/root/go/src/github.com/cloudflare/cfssl/vendor/github.com/zmap/zlint/v3/lint/result.go:75:9: undefined: strings.ReplaceAll
sending incremental file list

sent 135 bytes  received 25 bytes  320.00 bytes/sec
total size is 1.83K  speedup is 11.42
./setup_cfssl.sh: line 43: cfssljson: command not found
./setup_cfssl.sh: line 43: cfssl: command not found
./setup_cfssl.sh: line 45: cfssljson: command not found
./setup_cfssl.sh: line 45: cfssl: command not found
./setup_cfssl.sh: line 46: cfssl: command not found
./setup_cfssl.sh: line 46: cfssljson: command not found
./setup_cfssl.sh: line 48: cfssl: command not found
./setup_cfssl.sh: line 48: cfssljson: command not found
tee: '/root/go/pkg/mod/github.com/cloudflare/cfssl*/certdb/pg/dbconf.yml': No such file or directory
custom:
tee: '/root/go/pkg/mod/github.com/cloudflare/cfssl*/certdb/pg/dbconf.yml': No such file or directory
  driver: postgres
tee: '/root/go/pkg/mod/github.com/cloudflare/cfssl*/certdb/pg/dbconf.yml': No such file or directory
  open: user= password= dbname=cfssl sslmode=disable
sending incremental file list

sent 75 bytes  received 12 bytes  174.00 bytes/sec
total size is 1.01K  speedup is 11.64
Now, paste the generated pem certs (not the key) in lemur configuration (edit bottom of lemur.conf.py) and set the address of the ca (this machine address (localhost?) or DNS name) then press ENTER
ROOT
cat: /etc/cfssl/certs/root_ca.pem: No such file or directory
INTERMEDIATE
cat: /etc/cfssl/certs/intermediate_ca.pem: No such file or directory

I have updated go to 1.16

go get: installing executables with 'go get' in module mode is deprecated.

While running step 7 of your instructions: sudo ./setup_cfssl.sh I encounter:

go get: installing executables with 'go get' in module mode is deprecated.
	Use 'go install pkg@version' instead.
	For more information, see https://golang.org/doc/go-get-install-deprecation
	or run 'go help get' or 'go help install'.

Having trouble installing

Hello,

I am trying to install and getting stuck when running the provided sh file.

I've re-installed it a few times and keep getting this error when doing docker-compose up,

lemur_1     | FileNotFoundError: [Errno 2] Unable to load configuration file (No such file or directory): '/home/lemur/.lemur/lemur_keys/SECRET_KEY'

aidan@vm104:~/stecCA$ sudo docker container ls
CONTAINER ID   IMAGE                 COMMAND                  CREATED         STATUS                         PORTS                                                                      NAMES
d39aea692c46   stecca_nginx          "/docker-entrypoint.…"   5 minutes ago   Up 17 seconds                  0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   stecca_nginx_1
72fa7b86fdc6   netlix-lemur:latest   "/entrypoint /usr/bi…"   5 minutes ago   Restarting (1) 4 seconds ago                                                                              stecca_lemur_1
94b82a690607   postgres:alpine       "docker-entrypoint.s…"   5 minutes ago   Up 17 seconds                  127.0.0.1:5432->5432/tcp                                                   stecca_postgres_1
31364da4f7de   redis:alpine          "docker-entrypoint.s…"   5 minutes ago   Up 17 seconds                  127.0.0.1:6379->6379/tcp                                                   stecca_redis_1
aidan@vm104:~/stecCA$

It seems like during install all is well and I've been careful to follow instruction,

CFSSL_URL ="http://ca.local:8888" #change this with machine ip or dns name
CFSSL_ROOT ="""-----BEGIN CERTIFICATE-----
MIICPTCCAeKgAwIBAgIUYKdHSSodfR4EqYG+fsxtHGSSV4YwCgYIKoZIzj0EAwIw
...
IZy2LBuSxl+9u5+Jd8YCIQDr1T/TogG6vlIxW2RTaOd/pSZVBXzfge3YdTiulbjbOw==
-----END CERTIFICATE-----"""
CFSSL_INTERMEDIATE ="""-----BEGIN CERTIFICATE-----
MIICxjCCAmygAwIBAgIUBTX+DVwygvLt88adNlMsud8cqXkwCgYIKoZIzj0EAwIw
...
+GQdunF3WwIhAPQMvcdgH/blErtccOki5WuYBUYL+TCtvXCNuVgUcA6a
-----END CERTIFICATE-----"""

How do I go about fixing this?

ocsp_responses

ERROR: Service 'lemur' failed to build : Build failed
Job for ocsp.service failed because the control process exited with error code.
See "systemctl status ocsp.service" and "journalctl -xeu ocsp.service" for details.
2024/04/14 21:57:09 [DEBUG] loading db configuration file from /etc/cfssl/db_config.json
{"code":11000,"message":"pq: relation "ocsp_responses" does not exist"}
ERROR: No containers to restart
ERROR: 1

Unable to build lemur image

Hello,

I have some issues to build this project, on a Ubuntu Server 22.04LTS.
As I am using go in newer version, I corrected already corrected the
go get repoto go install repo@latest (in setup_cfssl.sh and it's working).

My Problem is when trying to build the lemur image, it's not working..
the docker-compose up in the installation script fails to customize lemur.
I am doing everything in root (it's for a POC), so I think access rights aren't an issue there.
I copied the certificates at the bottom of lemur.conf.py for info.

Here is the message displayed on my terminal:
(after configuring everything, running setup_cfssl.sh)

...
.....
......
Now, paste the generated pem certs (not the key) in lemur configuration (edit bottom of lemur.conf.py) and set the address of the ca (this machine address (localhost?) or DNS name) then press ENTER

ROOT
-----BEGIN CERTIFICATE-----
CERTIFICATXXXXXXXXXXXXXXXXXXXXXXX=
-----END CERTIFICATE-----
INTERMEDIATE
-----BEGIN CERTIFICATE-----
CERTIFICATYYYYYYYYYYYYYYYYYYYYYYYY=
-----END CERTIFICATE-----
Press Enter to continue

Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Cloning into 'lemur-build-docker/lemur'...
remote: Enumerating objects: 637, done.
remote: Counting objects: 100% (637/637), done.
remote: Compressing objects: 100% (562/562), done.
remote: Total 637 (delta 150), reused 244 (delta 47), pack-reused 0
Receiving objects: 100% (637/637), 1.39 MiB | 908.00 KiB/s, done.
Resolving deltas: 100% (150/150), done.
Pulling postgres (postgres:alpine)...
alpine: Pulling from library/postgres
31e352740f53: Pull complete
d7c8ef16402f: Pull complete
36cb57831f52: Pull complete
a120e2610875: Pull complete
64f9e9ad23bd: Pull complete
dd2a4281faaa: Pull complete
daef310ca2c6: Pull complete
c47c060e762a: Pull complete
Digest: sha256:48d8422c6ae570a5bda52f07548b8e65dd055ac0b661f25b44b20e8cff2f75f0
Status: Downloaded newer image for postgres:alpine
Pulling redis (redis:alpine)...
alpine: Pulling from library/redis
31e352740f53: Already exists
029a81f05585: Pull complete
7aaf69037d81: Pull complete
2bfe6b931134: Pull complete
9528a9e21ebd: Pull complete
d9b99dbdfe9d: Pull complete
Digest: sha256:1717c713d3b2161db30cd026ceffdb9c238fe876f6959bf62caff9c768fb47ef
Status: Downloaded newer image for redis:alpine


Building lemur
[+] Building 39.0s (8/15)                                                                                                                                                                                                                      docker:default
 => [internal] load .dockerignore                                                                                                                                                                                                                        0.0s
 => => transferring context: 2B                                                                                                                                                                                                                          0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                                                                     0.0s
 => => transferring dockerfile: 2.88kB                                                                                                                                                                                                                   0.0s
 => [internal] load metadata for docker.io/library/ubuntu:20.04                                                                                                                                                                                          1.7s
 => [internal] load build context                                                                                                                                                                                                                        0.1s
 => => transferring context: 5.06MB                                                                                                                                                                                                                      0.1s
 => CACHED [builder 1/4] FROM docker.io/library/ubuntu:20.04@sha256:33a5cc25d22c45900796a1aca487ad7a7cb09f09ea00b779e3b2026b4fc2faba                                                                                                                     0.0s
 => [builder 2/4] COPY lemur/ /opt/lemur                                                                                                                                                                                                                 0.1s
 => [builder 3/4] WORKDIR /opt/lemur                                                                                                                                                                                                                     0.0s
 => ERROR [builder 4/4] RUN apt-get update &&     apt-get -y --no-install-recommends upgrade &&     apt-get install -y --no-install-recommends libpq-dev curl build-essential locales libffi-dev libsasl2-dev libldap2-dev         dh-autoreconf git p  37.1s
------                                                                                                                                                                                                                                                        
 > [builder 4/4] RUN apt-get update &&     apt-get -y --no-install-recommends upgrade &&     apt-get install -y --no-install-recommends libpq-dev curl build-essential locales libffi-dev libsasl2-dev libldap2-dev         dh-autoreconf git python3-dev python3-pip python3-venv python3-wheel nodejs npm &&     locale-gen en_US.UTF-8 && export LC_ALL=en_US.UTF-8 &&     npm config set registry http://registry.npmjs.org/ &&     npm install npm -g &&     echo "Running with nodejs:" && node -v &&     python3 -m venv /opt/venv &&     echo "Running with python:" && /opt/venv/bin/python3 -c 'import platform; print(platform.python_version())' &&     /opt/venv/bin/python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel &&     /opt/venv/bin/python3 -m pip install --no-cache-dir -e . &&     npm install --unsafe-perm &&     node_modules/.bin/gulp --cwd /opt/lemur build &&     node_modules/.bin/gulp --cwd /opt/lemur package &&     npm cache clean --force &&     rm -rf node_modules &&     python3 -c 'print(" \033[32m BUILDER DONE \033[0m ")':                        

                                                                                                                                                                                                   
12.50 Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
12.50   Temporary failure resolving 'archive.ubuntu.com'
12.50 Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease
12.50   Temporary failure resolving 'security.ubuntu.com'
24.79 Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
24.79   Temporary failure resolving 'archive.ubuntu.com'
37.08 Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
37.08   Temporary failure resolving 'archive.ubuntu.com'
37.08 Reading package lists...
37.10 W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease  Temporary failure resolving 'archive.ubuntu.com'
37.10 W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
37.10 W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
37.10 W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
37.10 W: Some index files failed to download. They have been ignored, or old ones used instead.
37.10 Reading package lists...
37.11 Building dependency tree...
37.11 Reading state information...
37.11 Calculating upgrade...
37.12 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
37.12 Reading package lists...
37.13 Building dependency tree...
37.13 Reading state information...
37.13 Package locales is not available, but is referred to by another package.
37.13 This may mean that the package is missing, has been obsoleted, or
37.13 is only available from another source
37.13 
37.13 E: Unable to locate package libpq-dev
37.13 E: Unable to locate package curl
37.13 E: Unable to locate package build-essential
37.13 E: Package 'locales' has no installation candidate
37.13 E: Unable to locate package libffi-dev
37.13 E: Unable to locate package libsasl2-dev
37.13 E: Unable to locate package libldap2-dev
37.13 E: Unable to locate package dh-autoreconf
37.13 E: Unable to locate package git
37.13 E: Unable to locate package python3-dev
37.13 E: Unable to locate package python3-pip
37.13 E: Unable to locate package python3-venv
37.13 E: Unable to locate package python3-wheel
37.13 E: Unable to locate package nodejs
37.13 E: Unable to locate package npm




------
Dockerfile:13
--------------------
  12 |     
  13 | >>> RUN apt-get update && \
  14 | >>>     apt-get -y --no-install-recommends upgrade && \
  15 | >>>     apt-get install -y --no-install-recommends libpq-dev curl build-essential locales libffi-dev libsasl2-dev libldap2-dev \
  16 | >>>         dh-autoreconf git python3-dev python3-pip python3-venv python3-wheel nodejs npm && \
  17 | >>>     locale-gen en_US.UTF-8 && export LC_ALL=en_US.UTF-8 && \
  18 | >>>     npm config set registry http://registry.npmjs.org/ && \
  19 | >>>     npm install npm -g && \
  20 | >>>     echo "Running with nodejs:" && node -v && \
  21 | >>>     python3 -m venv /opt/venv && \
  22 | >>>     echo "Running with python:" && /opt/venv/bin/python3 -c 'import platform; print(platform.python_version())' && \
  23 | >>>     /opt/venv/bin/python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
  24 | >>>     /opt/venv/bin/python3 -m pip install --no-cache-dir -e . && \
  25 | >>>     npm install --unsafe-perm && \
  26 | >>>     node_modules/.bin/gulp --cwd /opt/lemur build && \
  27 | >>>     node_modules/.bin/gulp --cwd /opt/lemur package && \
  28 | >>>     npm cache clean --force && \
  29 | >>>     rm -rf node_modules && \
  30 | >>>     python3 -c 'print(" \033[32m BUILDER DONE \033[0m ")'
  31 |     
--------------------


ERROR: failed to solve: process "/bin/sh -c apt-get update &&     apt-get -y --no-install-recommends upgrade &&     apt-get install -y --no-install-recommends libpq-dev curl build-essential locales libffi-dev libsasl2-dev libldap2-dev         dh-autoreconf git python3-dev python3-pip python3-venv python3-wheel nodejs npm &&     locale-gen en_US.UTF-8 && export LC_ALL=en_US.UTF-8 &&     npm config set registry http://registry.npmjs.org/ &&     npm install npm -g &&     echo \"Running with nodejs:\" && node -v &&     python3 -m venv /opt/venv &&     echo \"Running with python:\" && /opt/venv/bin/python3 -c 'import platform; print(platform.python_version())' &&     /opt/venv/bin/python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel &&     /opt/venv/bin/python3 -m pip install --no-cache-dir -e . &&     npm install --unsafe-perm &&     node_modules/.bin/gulp --cwd /opt/lemur build &&     node_modules/.bin/gulp --cwd /opt/lemur package &&     npm cache clean --force &&     rm -rf node_modules &&     python3 -c 'print(\" \\033[32m BUILDER DONE \\033[0m \")'" did not complete successfully: exit code: 100




ERROR: Service 'lemur' failed to build : Build failed
2023/08/04 08:49:42 dial tcp 127.0.0.1:5432: connect: connection refused
Job for ocsp.service failed because the control process exited with error code.
See "systemctl status ocsp.service" and "journalctl -xeu ocsp.service" for details.
2023/08/04 08:49:43 [DEBUG] loading db configuration file from /etc/cfssl/db_config.json
{"code":11000,"message":"dial tcp 127.0.0.1:5432: connect: connection refused"}
ERROR: No containers to restart
ERROR: 1


We are almost ready please paste this command into the crontab that it is about to open then save. Press ENTER when ready
cfssl ocspdump -loglevel=0 -db-config /etc/cfssl/db_config.json > /etc/cfssl/ocspdump
Waiting 5 seconds so you can copy paste
No modification made

Can you help me to get this to work please?
Thx

steccas / stecca Goto Github PK

stecca's Introduction

StecCA

An easy to deploy Certificate Authority using CFSSL, Lemur and Docker magic!

About The Project

Built with

Key Features

Getting Started

Prerequisites

Installation

Usage

Contributing

Support

License

stecca's People

Contributors

Stargazers

Watchers

Forkers

stecca's Issues

Recommend Projects

Recommend Topics

Recommend Org