- Edit the
certs/openssl.confto your needs - Create a intermediate CSR
openssl req -new -nodes -keyout server.key -out server.csr -config certs/openssl.conf - Create self-signed cert
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -extensions v3_req -extfile certs/openssl.conf - Check the generated cert
openssl x509 -in server.crt -text -noout
Caddy will automatically generate a self-signed certificate. Try it yourself by commenting the
tls {$SSL_CERT_FILE} {$SSL_KEY_FILE}line, where I put my own self-signed certificate.
- Run
./scripts/addsecrets.shto setup the required secret values (might needchmod +x ./scripts/addsecrets.shfirst) - Manually add the server certificate and key to a secret
podman secret create server.crt server.crt podman secret create server.key server.key
You can now delete the server cert and key files, as they are now stored in a podman secret (
podman secret ls)
To view a secret podman secret inspect <secretname> --showsecret
podman-compose up --build# Check for errors and CTRL+C to stoppodman-compose downpodman-compose systemd -a create-unitpodman-compose systemd -a registersystemctl --user daemon-reloadsudo loginctl enable-linger $USERsystemctl --user start 'podman-compose@keycloak-compose'
dnf download --resolve --destdir=./packages podman podman-compose netavark aardvark-dns
sudo dnf install ./packages/*.rpm
- Caddy logging can show:
"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."
This is a OS kernel specific limitation. To fix this on non-BSD systems (eg linux), you can run:This command would increase the maximum send and the receive buffer size to roughly 7.5 MBsysctl -w net.core.rmem_max=7500000 sysctl -w net.core.wmem_max=7500000
This is not persistent! Write these to your sysctl.conf for permanent changes.