https://wicknet.dev/tags/nginx/ Recent content in Nginx on WickNet https://wicknet.dev/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://wicknet.dev/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- 0.143.1 en-us Mon, 17 Feb 2025 14:08:27 -0500 https://wicknet.dev/devlog/wicknet.dev/2025-02-17/ Mon, 17 Feb 2025 14:08:27 -0500 https://wicknet.dev/devlog/wicknet.dev/2025-02-17/ <p>In an effort to tidy up the infrastructure behind wicknet.dev, new hostnames and tls certificates were configured.</p> <p>Forge-related services now all run under some combination of <!-- raw HTML omitted -->.forge.lan, and so a certificate that covered forge.lan and its subdomains was in order.</p> <p>To do this, two files were created, <code>forge.lan.conf</code> and <code>forge.lan.v3.ext</code>:</p> <pre tabindex="0"><code class="language-forge.lan.conf" data-lang="forge.lan.conf">[ req ] default_bits = 4096 default_md = sha512 prompt = no encrypt_key = no # base request distinguished_name = req_distinguished_name # extensions req_extensions = v3_req # distinguished_name [ req_distinguished_name ] commonName = &#34;forge.lan&#34; # CN= countryName = &#34;US&#34; # C= organizationName = &#34;WickNet&#34; # O= </code></pre><pre tabindex="0"><code class="language-forge.lan.v3.ext" data-lang="forge.lan.v3.ext">authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = forge.lan DNS.2 = *.forge.lan </code></pre><p>In the wild, certificates issued by let&rsquo;s encrypt that cover subdomains also include the base domain in the list of alternate names. This practice is mirrored here.</p>