Updated.

apps.with-private-key.pem

@@ -0,0 +1,154 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAx2x1i2IEmLq6sTOKmHCj4hJGti47AxPNmmkLMGKBa1tyL3/M
+7JOtdgePS8JSw0qQJq8/FTG0oaieC5FPdwaRsYDZ410iTez/PE5EdHeDzPHYUyjC
+jNnP+W7apibmx/Q8iuj0V1iiDOBqR7TCr9ZHy7iRCtH08xPYJuq5C7AmTffkO8Mu
+cW2KJBaeWBs2mBkrko9K6gdwUvrOsHEy/shqoaVcy+tmbhJL/krkA840oLw10mSp
+kmSlnLGOur6k2Sz5bDlEiRE+MaFnUFwPGZlEIezynLEOdOtd0EClrZ0TWQH47WSQ
+BPCA4JSkstCd5iEwzGInwNwjYbo//Krm+xqEVgpKSDDVTHoj4LpEPKnBhLIX1omj
+Y2lFUQAxTG5EcSQVSjIp0A9jQMJgIC/NgdHo2XCg2uFtBzZg/ziRtwbqUYF+70IM
+uZakRwGHtW3M0tW6wgBTxR+vjHjCzvxZELO17X1sw6ocX5liXGM7Z3Nyom/wlWip
+fbE1qmPGXgvpRaianXsdxmcVO4MElydd3Iv96SJVP/c254xTudGF8zxfVg05egtk
+kwNHFOWJq/bvL24fSFGn08iskFcMyWz/rBCO2N3BImSJmPWFzby8Pzlsct/mU5a0
+xebPNQ8T50XWaXuS98VbZuPJ1Ee2Zflj2KnKYS+jlNh6IUy7aJcMMC5wV5cCAwEA
+AQKCAgAM0FBBM3weIClsx2YJY3t0RD5c6F2MVhJo8ITyh/HO5yJQIQMW1GpZ4iR3
+9rWArOLUSYBhKT90/7OgBKc5e6eS4zec31gb77V6t4C4hxFl8sg2l7DgggJWAaR0
+9pzvjibxugQxNJW9BBJwJxI3YCpe0a4oJtN5ZvYFkiFvudLMQbhdiq4KRcKRjQ6B
+lMYOQdfF5AUpQm8aNdlgBvYC3vfTCSAMTkTXn79YSJGcGPzSsyU2Lpeiu2rUxafp
+IeTPu48PQCLCN+RqJffQdwnVWD7De0kfflTyeEkf33eFz0j1+CV5g3OpjZaKV6K5
+hqQOrGVJTKlHQB3Z4rDH2GddDRghniBIrXu9WOzhtCp8eb2RVrkYU+g5TNFZQzbl
+bAgIjXplUzVr/NkQ2KrGAs0MzP3u8L4n8Ampo8rO3CEPaHFQrFLPsshRJeslpEQ4
+e/i1wd5Jz03xXS6amiIj+K7dx5p7ZWL+jM9opaGjmxnM20aUKLXQMRTFwBtq6caI
+Lcv+F/dwZ9UUdUI9wAdmAH6J9daYHGa4TVoYmhV2xlg3cWq8MkGCq9/dWKvGCCWK
+fEesKR2XscJsOLFml+4pseZpAok8ird8Tce11SfsF0NeZVR2ItJqt6UypEQ6KcSe
+uTKJlmc3s3Jipxn63lAEdEpZAuILK5nd7n47bKQYwDOYUruMkQKCAQEA4pgR78pX
+FGfjuEOrrybkyMyDTgEXHuGkv3vZrjbh2u6GQ0BGZLQxbSfiaLgq0h3F+CMKnV8f
+DpS36/AZghBjm+efyQoLLpMlFMlYpQ4PM3Ok78tDJPd+4HywWNM0aTL/5AZ7QT+S
+aJ+ZLhtIzV8yBJRr1iLBAcefTpyHAiA6zcBPqwWWPr501bwINpMf+1dknqL6WD7Z
+q+aodk6u+0eiuJspI89MDkZgZErzGoYJXKwqlYRohwANS+J+i+VZtjmMKPPciKJz
+a1z9dTBwDbNtZ4ZIpZahvNYh9leelGhH/gLfj7ogPyevuLSfho/anq0VZGXQKQGm
+S3fpp3p2cmN8/wKCAQEA4U27lm6MTm/Gt3VPnMwqkBWUtQEfbDYx14bnHNs/jgiA
+mTWT/DRGu1CEcfgfXvNi00+CMhV2/eJeGcCWUJYEK0qWkIlXo+4kc/S6B3jOyODw
+lrgB4W5S+c1BqpWzC3P5GNvr5PGgM3qlvRhXPhfZwaCPh2dBpbFXD/gNnElSl+MY
+qcPpQI2M2J6zTSonei8fefrQ9Fvwr1ypiIHfa7Kf/7VM3m56S3F+lg/vCd/Z2K8R
+292CDAQ4EMXije5vO54gBrBF9uTru8gToIT12oMCOx9ylyYmBTN4f/m3SXVBtucV
+T9ObTGJP01hrbCcjmX0aVHL9oHHb6r0O78qYlRbtaQKCAQEAnsPMNYZBc1PDc5U+
+ku+ed68MBTiwWXviciQ2BmH/5+Uef7pmWCMFSqUadyMrJaOk1VLAGjnOyemb4J2P
+Udln4ZHuG++EnDKPVbwp9yQdtIA/vaBewGUFKgdTjDkXzOnl74A3FiWT0OiabHrD
+jNo5cooH8LbTIwsabPsxgWTRrt4jNAIrHnVV6XfhDVQSoYm/P4OUAwauf0qTGKnS
+4s9zjQNyVNvnP01CNqNpKFln793VzINEtepsZpIg9qZRMGOr9/m9uKKSWlSCZnz0
+1jS04EdvWU5srqIek7saqoNShgC/YbYY6AdHkRRFfgQHOwytI3ZO3pyARvqS5Tzi
+Bw38QwKCAQByJUK7tShKeODRg5KhGuMZeoWLqpTz6wUXb5ZZjU7Gs9ILTRS7evS2
+49UmNJIYNfDEpAyPOUa+29fW7jZ5f3d/Q1vCwIJxYC6BvOQe8vq41RWvFmyFfLJ3
+MqFpPkymqcvy50C9Dhme2y1q/xD8OXMuYR02eX7N5mn4gjDLFG7O2tRc9g+Pj+di
+vAyVNJ0pjwRAdW01z/rBrY2KxlmeI7JiB8V5D7nPzSFX/5yYgRvKZvACV1gSpHSP
+MuJUDA+4waTyHo5jxpkT2wrukU5JtYQE1irlHwO2MNyE4cwVYF25v5uRhOCyM0DE
+D5DlC3NCyRn03QlYJzdG1x/hJuBk8Ge5AoIBADk7eyuK6uV/fkRVtnKMFPvSlr+I
+Jfa40QnQ8ImPQERPvLVzRok+VzHpwK+xXACYwP7wAlkno6kW1ZLcdHQZgI+VZwme
+MIDsCDN2iKWj5ZLW1tZd9DZJyFSpp8bZW5MwLMfMngcz0C/YAUn0UmMwxETwkve4
+SPlGMvYyACP9l9iLRJvbS4zhwowQjoF4Ma+nl7c5/IICi/emkT8IX5JP1ZZMDROm
+xtgY6tkWe8vKsyD0/WBpT4j4NjtorxL0xeO0H95255+/s5pTHQwe5Qa0wVGvRth5
+BBZBH9hGIto66uJ47baQMM/NB0v+NUBQ4W6iDk+y1tO7G6PJShORXHT0PoA=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFzDCCA7SgAwIBAgIIDAR/n4VQ2uYwDQYJKoZIhvcNAQENBQAwbjELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRgwFgYD
+VQQDEw94Y2EudGF1ZHJpcy5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQHRhdWRy
+aXMuY29tMB4XDTIxMTAzMTE2MzIwMFoXDTMxMTAyMTA2NDYwMFowbzELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRkwFwYD
+VQQDExBhcHBzLnRhdWRyaXMuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB0YXVk
+cmlzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMdsdYtiBJi6
+urEziphwo+ISRrYuOwMTzZppCzBigWtbci9/zOyTrXYHj0vCUsNKkCavPxUxtKGo
+nguRT3cGkbGA2eNdIk3s/zxORHR3g8zx2FMowozZz/lu2qYm5sf0PIro9FdYogzg
+ake0wq/WR8u4kQrR9PMT2CbquQuwJk335DvDLnFtiiQWnlgbNpgZK5KPSuoHcFL6
+zrBxMv7IaqGlXMvrZm4SS/5K5APONKC8NdJkqZJkpZyxjrq+pNks+Ww5RIkRPjGh
+Z1BcDxmZRCHs8pyxDnTrXdBApa2dE1kB+O1kkATwgOCUpLLQneYhMMxiJ8DcI2G6
+P/yq5vsahFYKSkgw1Ux6I+C6RDypwYSyF9aJo2NpRVEAMUxuRHEkFUoyKdAPY0DC
+YCAvzYHR6NlwoNrhbQc2YP84kbcG6lGBfu9CDLmWpEcBh7VtzNLVusIAU8Ufr4x4
+ws78WRCzte19bMOqHF+ZYlxjO2dzcqJv8JVoqX2xNapjxl4L6UWomp17HcZnFTuD
+BJcnXdyL/ekiVT/3NueMU7nRhfM8X1YNOXoLZJMDRxTliav27y9uH0hRp9PIrJBX
+DMls/6wQjtjdwSJkiZj1hc28vD85bHLf5lOWtMXmzzUPE+dF1ml7kvfFW2bjydRH
+tmX5Y9ipymEvo5TYeiFMu2iXDDAucFeXAgMBAAGjbTBrMAwGA1UdEwEB/wQCMAAw
+HQYDVR0OBBYEFMKxwke5zHjNAJ2OSpmJs2uim1Y3MAsGA1UdDwQEAwIBBjAvBgNV
+HREEKDAmghBhcHBzLnRhdWRyaXMuY29tghIqLmFwcHMudGF1ZHJpcy5jb20wDQYJ
+KoZIhvcNAQENBQADggIBADXw3GlqXSJf0RUlefWMhy4nRa1bnOblowj6B0TChzJy
+gnQ0B04YKoP9uzsc6czSBlmh9NOSpl+JJ/id4VHXMbnfz3MYuxn9WnkqdZFmZx93
+48CLSji+tPLKYaysnOu1pspSR609uwkAA6k7AHGLJ3q3wSUmtsWSzSYQIyMNQiSH
+lY4jFsWGcMxzZtZDstVxUX0WeOFKlZG6wsqa0mSOOwmuQXXtK4dX3toc5WJzkobW
+CXGzj0uraVWuTTMgQZWBCcAWA5/nV4sGsqDOLPw9QJNIxhLUYnQmdogeksl87hGK
+VRIYW84rWezt7y0RZjf+pPikoLAicVLSPiSn9Ac2rY2JGnsTmh4BNWwemlsfV4q9
+jqR3q83wUem3JOgSE7fdRSafqYiJlwwcJe3tQITyJQkjAsB3oOaVM5idUlfJeu0M
+2r/LhKf/xnlxm3F4LRKAWxqwMehLR3S1CTSgelj6UNR7uRrpeQAK8Iq3y9bSJrkQ
+Zv6+RBDdyj2Zjgvt3H6vVazpCQLnvt/qE/KHrm19C6SPWfhIMfSiHGukhDwwwz/Z
+Pk4FnIpFBX+M2UV8Y1UUBGqC3K1+OfWu+wnRsc0JIxYCPR03op5QsvJyDX9LYRlV
+0vPDzTSuEzgc0El1bBt2iwnlAmt+DymHwUMQLwpCcoRCL/0tAlOJLFOcd8qANjsn
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIIGugTQqdiQZ0wDQYJKoZIhvcNAQENBQAwajELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRQwEgYD
+VQQDEwt0YXVkcmlzLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdGF1ZHJpcy5j
+b20wHhcNMjExMDIxMDY0NjAwWhcNMzExMDIxMDY0NjAwWjBuMQswCQYDVQQGEwJV
+UzEUMBIGA1UEChMLdGF1ZHJpcy5jb20xDTALBgNVBAsTBEhvbWUxGDAWBgNVBAMT
+D3hjYS50YXVkcmlzLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdGF1ZHJpcy5j
+b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC50TzHqvUfcvGYCT9z
+4vI38aICedGewMYfWSN4NtHjTMixGwAVGqtU/iFGCAl44JV/CrIuuicJfAovJs/u
+Ti/eiLYEOBMQDA0c5hYgQLPp4VVBv6PIx24UUZKHDZ/uwWWd7lDhXh8uG9lGsqB4
+MweWHZDbN/B9DXPVrVJ7U0WPelnORVIToRrdN8JTyWh8be/78fNGge6HpmBNWI4+
+r3TTAVr3+f105N9i7uMmY4gkVWeoASKWsXawvLzVoqCiofLT+uERjxGVKHWN237x
+pLf0KMWBwwy2FIZgpEzl1F424uTVVFe9BBzAmm9fDcrbTlgqKn+SAcqYTNZNj3rY
+lBinfI8bvNSFWtI8xj6ypZonKuJOIIxQGxMk/sXB4My60PBpnyiojI15BE9u9Ay2
+fQgCh+z1Snt1/ng/NIws3WblPtZs3omn9wOr3YRlGHNWJBSrBx1b2LFYxvvvUAL3
+itQi38CEBGwlsKY5NslFQRx0USs2G1tsehgY/jWSD4GE9K7Wljhw0bynLrCL+5ke
+LvGRdgRZMbMEtCWFi3hrF7CT49ZN6PZ+rIBdzbp/BnHdZAn69VKKxqOnypRu5l67
+PNfcuxU0/3GygwYgIRRcQYGgk++YD81CDki5ZYuHZ9vbyxgSqwHSXc9TZEPS6Otj
+XWhdBCJK5pw92VVqv4iFwS0RQwIDAQABo4GtMIGqMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFAYF8k8S/ImsximKkHg9LhdeH4yLMAsGA1UdDwQEAwIBBjAvBgNV
+HR8EKDAmMCSgIqAghh5odHRwczovL2NhLnRhdWRyaXMuY29tL3hjYS5jcmwwOgYI
+KwYBBQUHAQEELjAsMCoGCCsGAQUFBzAChh5odHRwczovL2NhLnRhdWRyaXMuY29t
+L3hjYS5jcnQwDQYJKoZIhvcNAQENBQADggIBAE5+dishSQ1jCQLubmoUo76ZjzNh
+XgUl93N5nXvelzaVRQFMLHS7Elp21ETU6//GyytBUrbpoPIb+U73T17sTHeLD+jt
+luFzcQpyIC7+JZZbsUm8tcSo/w+GCyZNIF4KcEPHan+mSU8+Egn3nv8sAZ4B5Yak
+459fUDgvbUlsbq6oq+llgEttRh/Uv79dH8QrCe8FpTS6Bh+hoB5rw1BG203RlJwB
+9evEqmvqui1IYBfYJ+Aqv3bg43B3tmJEExCW7Klj/qaa6Yvh/MzxEzRSOFF6RQ72
+vn+F+24eqPN9o4Njv6zmEwMYADIOfp9W8NwRxQK7I+wmU0xs9yEJqqefR5HyvRw5
+JzCvoCMHc6z/DgwMfQv+Q70Ro73dA+DzUN/4bw2TZv653QJ7egzrQZlXvNysrAoF
+K51t53OhFuAyK+7JKKqZUPdbBQIo3uxfxUHaJC2B17DjkIQ/dYgeKpur6Gf1wVS0
+9B2OLo2RB/p9WyttQK312Je2+ZeU5zbzu6uqF0f91k2DV1EhQSsOBR4aFU6HmrW0
+kyFkvTb4We4HdpkUilrZ2qJxIO1lsBi66UUN5X+j0zsZOcmzVeittmNiv2z6M15k
+pk7NN979DkeBhQDBnX+HjNXIdf6RC/go/xR/3z6yUADXzDZVUQCF1ibUqzD7uQgO
+yF5bVCUgSwdj/Sgu
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGBjCCA+6gAwIBAgIIR7u8uIyQSk0wDQYJKoZIhvcNAQENBQAwajELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRQwEgYD
+VQQDEwt0YXVkcmlzLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdGF1ZHJpcy5j
+b20wHhcNMjExMDIwMTUzODAwWhcNNDExMDIwMTUzODAwWjBqMQswCQYDVQQGEwJV
+UzEUMBIGA1UEChMLdGF1ZHJpcy5jb20xDTALBgNVBAsTBEhvbWUxFDASBgNVBAMT
+C3RhdWRyaXMuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB0YXVkcmlzLmNvbTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSZ6VBORYo97TuOhgPC12s2
+KykBh3Hjw2Aeid8qjtqkOdNoFn89OtcHXuDmzMo6yY+INMIabsvsevu4e9kKRIhm
+i24KJldRhUx/LMsvmPcrBkBF/3UIVLCAcIRTbMeVjCIeyCeeldszlz2CDM2hwOny
+g3RMkE0Lh9fub/GJ6bErM5G1LXWt4C6MoBqlU6S1hsLieL1l8HrT4IodIhy9Ctic
+ddr1/hyeIY4ZywXySPgeRjzdyr6yOvOwMnkrYVx0ndEEY+b7C7/xaRl2DVRvK4uT
+kqdiuSNBM7+ZZhf87tWajmb1dmFeyfLH7w4ZX4T8xm6ewKMWag79KYQ+3l8ddBeH
+FwBr3ALOxFsUMatnKWCqKkkpZdv2CwXfmdT/1t4Fbt1D1Pxo7gLSMIeBqfzGn3NC
+IcQ4oxYkcGaRnUhnm3TJ5f1mQuRCuW+kEv2TnV8rwmrdAAIhJ3qLnX4iXBNXutKD
+uPM2ymZOIg7USjzP3rRTB/EBrw1kyfwGcp5rH+L8VRFBYiyMv5ALtwjRRBq9sztB
+UH7+o9w3N/PU5XlM6T1fh7LGFFtg/CyDxJl81QwSUp3nEBPJGqxhojv5w3aB4/mh
+IQ06PXsSLE/Ia2L/+GEfIw+LPRqV7bt0XP18rojBsUudl52DvxuRuTXrknRE6uqS
+mAHVqH1n7PjZZZxQ5LnHAgMBAAGjga8wgawwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUorelfqNQ3r3kwZzXVh4rGfuWQSkwCwYDVR0PBAQDAgEGMDAGA1UdHwQp
+MCcwJaAjoCGGH2h0dHBzOi8vY2EudGF1ZHJpcy5jb20vcm9vdC5jcmwwOwYIKwYB
+BQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwczovL2NhLnRhdWRyaXMuY29tL3Jv
+b3QuY3J0MA0GCSqGSIb3DQEBDQUAA4ICAQC+7MAGbZqbYVcO+pa0tVRt21tPWUMp
+/39xG1+tOixNucVn7ZGzes4VK9IYcFnRk9CqGjZxZY09jv1+8sfsocWLRbfYI/9I
+eRT/THTJQU3OkcXwItYYWt93TXoi/n/iWN9qFOX+lX+P92i0v7xG3n1vNteNRSIe
+RXf8pQXinla6XTHRk7hdvU0pzkMqy/+AMgc84M7n5Ps/edpl52pOgI8Rtwf9lXXC
+Rr6iLlYPJ95SuHYRGGykbQfLlWsHXO8ZRuBGIjrZ0ZnHBWyb51MAFA0FCNvrv9pV
+NrtLFI1gVwvDyasXbIyli3wxglVmQNhhH/TOvmHUoUQiH34RHaV12IyHRtJnZWBt
+e4QdRxGzNhCmfMBW3tD5/5PM0hIugJ55JpAx2qTv3dw9Jo6L13C98lnM5LVD9r+z
+XlGixX3IEaWTuCcjS4mKwDmcQAq8o9+mev2lNEYMw2V6E8avtAT+hTMNjfkrtXfp
+VWwBi1UGxdn1c3OPT8eHyIOzWerF/Sx7uIUTz6cBS0viVMENZWd0bEfFrZKsz9Y0
+JRD65tWuXSM+NMZiz2Zk0cLPNn7NVNsoWhk60AkKnfXoIYNUiFEpqGJbcgE/mIHN
+YtDE/nfKF0lH0RNwhQ8kH77qGjARCDqdOi+JPe3sSHYtOJg6P4r8QAAUAc3mibzw
+6QYMhB5/4iRyPA==
+-----END CERTIFICATE-----

com-taudris-ca/docker-compose.yml

@@ -2,8 +2,8 @@ version: "3.8"
 services:
   nginx:
     build:
-      context: .
+      context: ./nginx
-      dockerfile: ./nginx/dockerfile
+      dockerfile: ./dockerfile
-    image: com-taudris-ca:20211019
+    image: com-taudris-ca:20220309
     ports:
       - "8781:80"

com-taudris-ca/nginx/dockerfile

@@ -1,2 +1,5 @@
 FROM nginx:latest
+COPY root.crt /usr/share/nginx/html/root.crt
 COPY root.crl /usr/share/nginx/html/root.crl
+COPY pfsense.crt /usr/share/nginx/html/pfsense.crt
+COPY pfsense.crl /usr/share/nginx/html/pfsense.crl

com-taudris-ca/nginx/pfsense.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIZ7LDuRokSOAwDQYJKoZIhvcNAQENBQAwajELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRQwEgYD
+VQQDEwt0YXVkcmlzLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdGF1ZHJpcy5j
+b20wHhcNMjExMDIxMDYyNzAwWhcNMzExMDIxMDYyNzAwWjByMQswCQYDVQQGEwJV
+UzEUMBIGA1UEChMLdGF1ZHJpcy5jb20xDTALBgNVBAsTBEhvbWUxHDAaBgNVBAMT
+E3Bmc2Vuc2UudGF1ZHJpcy5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQHRhdWRy
+aXMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwW0UkJOtL4Bn
+Zuk0nmRoEaSWKZDBWYSATQjVxjYfS4l+rE7Vgh1qIH+WnBSSC2/E0oLRqmNA8swH
+HeMp37xiBVcL66q3bNX8preGjYTNFbVw8U7kgM1/+dqKY802rhl4aTjNIR9KGrD+
+291jdlv+umvPfZ6myLbEk5nz4lMzf/CJ/FDl2ZXnniAdG+4h9Lj7FyflXMgVLVgE
+wMMUhLjnHEgOkzrZFLZz7DuWPLm4OZjK4qnDDi+hbAXMWyQCyTmIFU+Rc1lQOcxi
+1glGv4a0qrwPgCJK7bGiocKZZ+1IdbBMCIW6Tup/Jt25IwMkdzvJW65+kAal24Yw
+EFyXf4DpSXqC+avvOtbi8XrupQdM0X0n+pTtvdzkRKEaRHAnTt5pZIC2UHjXyWu+
+mrwI7OhK1XQsiWSgasEEPfh/RuUO1/wKeV47mzxuKTjTrGHeoxMC5Cd038rWN9zi
+ZZodmQhN0k6Sp/qr+DdzTnpqN3Qc9J/9EDTrTPARy+Vlejklta3tjWX/9e6NSq3M
+vJ2nyvvS5rTgor7NuwrhNin3I8RCJcc5R1iKFVhbpXK8a8bikO3Mi2jDbtt3pAeG
+RVGOpwydehezN8ilwmlUO7J0+uma4VLOrRCiL0smFQrh499S60MSaqDUfBujxk1d
+oHy2oIX3H5eKEOJxHn/jQX09BAkLHDECAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBRqENN8JZde8FdG4trvZda0HDbcyjALBgNVHQ8EBAMCAQYw
+MwYDVR0fBCwwKjAooCagJIYiaHR0cHM6Ly9jYS50YXVkcmlzLmNvbS9wZnNlbnNl
+LmNybDA+BggrBgEFBQcBAQQyMDAwLgYIKwYBBQUHMAKGImh0dHBzOi8vY2EudGF1
+ZHJpcy5jb20vcGZzZW5zZS5jcnQwDQYJKoZIhvcNAQENBQADggIBAM/fR84683AX
+s/GtlzUerqNtdMlklP/x2yCJTQMdNMyBZ+PX/5IA+pRIjkraTBIuup8PYwCjJexx
++cMHoxVg5NRY2lnLoCkyQfP3hs8oR8BX4wUOC/qOhN9VtidQcLS1jGHDdDkEdMTt
+yAkiM4oRby/RvOsAvNEkl/hBhLvvYV3Xl+diE1a0UvGafH2QTEUluyLWpT4apVrx
+NMvkQpXbJLqNjCpcWLRzWKiLoIljAlBfin2TXsqClNC6lFyBMmhFTRBnLHKttjwp
+ZCqZ8OCyjtHZEsGgPa9ZnZhgmyoTkfVyy+7+cE7+ixPkSQ/bquvRHwxhYtp/uySk
+zg2/4EGVazcv8TpGuyKY8mVel6nIiYBryKQhZvQUB91zjG4wcV5gGDcjM01xvEvr
+4cWxmhTrSgGVR3f6vcWwsAM2lhtbep+ljHnoSevlWNBlNyu9SnOqzAqdDWlscg18
+uK9IDdLVFRedZqj/YPS2snMATCFrGZcI3g78PfAi3Lsw50JhFEj2aPm3U3+HJufW
+fSkiHdcwc2/FJgdtpwdb+wmbppKhobugoglBDafFbQhoj9UIKj5U0cv/SC+KIDam
+kbUF4n1ExbxRz2wfDYFmQE+stVvsozv3EXKQ/jX/m2Bh0zNFCv88QBfmmA2DsZ8x
+1AiAKz1uYwmru3B9aAfhr/2rw1jCQkUb
+-----END CERTIFICATE-----

com-taudris-ca/nginx/root.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGBjCCA+6gAwIBAgIIR7u8uIyQSk0wDQYJKoZIhvcNAQENBQAwajELMAkGA1UE
+BhMCVVMxFDASBgNVBAoTC3RhdWRyaXMuY29tMQ0wCwYDVQQLEwRIb21lMRQwEgYD
+VQQDEwt0YXVkcmlzLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdGF1ZHJpcy5j
+b20wHhcNMjExMDIwMTUzODAwWhcNNDExMDIwMTUzODAwWjBqMQswCQYDVQQGEwJV
+UzEUMBIGA1UEChMLdGF1ZHJpcy5jb20xDTALBgNVBAsTBEhvbWUxFDASBgNVBAMT
+C3RhdWRyaXMuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB0YXVkcmlzLmNvbTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSZ6VBORYo97TuOhgPC12s2
+KykBh3Hjw2Aeid8qjtqkOdNoFn89OtcHXuDmzMo6yY+INMIabsvsevu4e9kKRIhm
+i24KJldRhUx/LMsvmPcrBkBF/3UIVLCAcIRTbMeVjCIeyCeeldszlz2CDM2hwOny
+g3RMkE0Lh9fub/GJ6bErM5G1LXWt4C6MoBqlU6S1hsLieL1l8HrT4IodIhy9Ctic
+ddr1/hyeIY4ZywXySPgeRjzdyr6yOvOwMnkrYVx0ndEEY+b7C7/xaRl2DVRvK4uT
+kqdiuSNBM7+ZZhf87tWajmb1dmFeyfLH7w4ZX4T8xm6ewKMWag79KYQ+3l8ddBeH
+FwBr3ALOxFsUMatnKWCqKkkpZdv2CwXfmdT/1t4Fbt1D1Pxo7gLSMIeBqfzGn3NC
+IcQ4oxYkcGaRnUhnm3TJ5f1mQuRCuW+kEv2TnV8rwmrdAAIhJ3qLnX4iXBNXutKD
+uPM2ymZOIg7USjzP3rRTB/EBrw1kyfwGcp5rH+L8VRFBYiyMv5ALtwjRRBq9sztB
+UH7+o9w3N/PU5XlM6T1fh7LGFFtg/CyDxJl81QwSUp3nEBPJGqxhojv5w3aB4/mh
+IQ06PXsSLE/Ia2L/+GEfIw+LPRqV7bt0XP18rojBsUudl52DvxuRuTXrknRE6uqS
+mAHVqH1n7PjZZZxQ5LnHAgMBAAGjga8wgawwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUorelfqNQ3r3kwZzXVh4rGfuWQSkwCwYDVR0PBAQDAgEGMDAGA1UdHwQp
+MCcwJaAjoCGGH2h0dHBzOi8vY2EudGF1ZHJpcy5jb20vcm9vdC5jcmwwOwYIKwYB
+BQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwczovL2NhLnRhdWRyaXMuY29tL3Jv
+b3QuY3J0MA0GCSqGSIb3DQEBDQUAA4ICAQC+7MAGbZqbYVcO+pa0tVRt21tPWUMp
+/39xG1+tOixNucVn7ZGzes4VK9IYcFnRk9CqGjZxZY09jv1+8sfsocWLRbfYI/9I
+eRT/THTJQU3OkcXwItYYWt93TXoi/n/iWN9qFOX+lX+P92i0v7xG3n1vNteNRSIe
+RXf8pQXinla6XTHRk7hdvU0pzkMqy/+AMgc84M7n5Ps/edpl52pOgI8Rtwf9lXXC
+Rr6iLlYPJ95SuHYRGGykbQfLlWsHXO8ZRuBGIjrZ0ZnHBWyb51MAFA0FCNvrv9pV
+NrtLFI1gVwvDyasXbIyli3wxglVmQNhhH/TOvmHUoUQiH34RHaV12IyHRtJnZWBt
+e4QdRxGzNhCmfMBW3tD5/5PM0hIugJ55JpAx2qTv3dw9Jo6L13C98lnM5LVD9r+z
+XlGixX3IEaWTuCcjS4mKwDmcQAq8o9+mev2lNEYMw2V6E8avtAT+hTMNjfkrtXfp
+VWwBi1UGxdn1c3OPT8eHyIOzWerF/Sx7uIUTz6cBS0viVMENZWd0bEfFrZKsz9Y0
+JRD65tWuXSM+NMZiz2Zk0cLPNn7NVNsoWhk60AkKnfXoIYNUiFEpqGJbcgE/mIHN
+YtDE/nfKF0lH0RNwhQ8kH77qGjARCDqdOi+JPe3sSHYtOJg6P4r8QAAUAc3mibzw
+6QYMhB5/4iRyPA==
+-----END CERTIFICATE-----

librespeed/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3.8"
+services:
+  librespeed:
+    image: linuxserver/librespeed
+    container_name: librespeed
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Los_Angeles
+      - PASSWORD=myspeedtest
+    volumes:
+      - /etc/librespeed/config:/config
+    ports:
+      - 9022:80
+    restart: unless-stopped

nextcloud/docker-compose.yml

@@ -0,0 +1,95 @@
+version: '3.8'
+
+networks:
+  nextcloud:
+
+services:
+  app:
+    build:
+      context: ./nextcloud
+      dockerfile: ./dockerfile
+    image: nextcloud:taudris20211030
+    restart: always
+    networks:
+      nextcloud:
+        aliases:
+          - nextcloud.taudris.com
+    ports:
+      - 7980:80
+    volumes:
+      - /etc/nextcloud/files:/var/www/html
+      - /etc/nextcloud/storage:/storage
+    user: 1002:1002 #set to match the user that has permission to the volume mounts
+    environment:
+      OVERWRITEPROTOCOL: https
+      NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.taudris.com
+      NEXTCLOUD_DATA_DIR: /storage
+      NEXTCLOUD_ADMIN_PASSWORD: u8KXCqiZcVBUVr2Wa7EpkuDKPs8KYLb8uFNu3nfBQrxPx3ybUypgDkUVZP3E5v4T
+      POSTGRES_HOST: db
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: qe8S4GioPRS2AZWwqLejzoEDNhGsJMrij6TJ4bXxC2XkfvjxNKoqKktvrHEcER6k
+      REDIS_HOST: redis
+      REDIS_HOST_PASSWORD: rYGNbjKkbKjALePfGDyLZ6uNp2UD3U4dGf4SZyL5iWqz3nexdko2HdS9vqDMRWVP
+    depends_on:
+      - db
+      - redis
+
+  collabora:
+    image: collabora/code
+    restart: always
+    networks:
+      nextcloud:
+        aliases:
+          - collabora.taudris.com
+    ports:
+      - 9980:9980
+    environment:
+      username: admin
+      password: 68gfyjs7s7ZoKHjYWHHEJEXLYcTFpQeb5wHv2cp33UW2vv5VKwjZtCmRrNeuCwAR
+      domain: nextcloud.taudris.com #WOPI host
+      dictionaries: en_US
+      #extra_params: "--o:ssl.enable=false"
+      server_name: collabora.taudris.com
+      cert_domain: collabora.taudris.com
+    cap_add:
+      - MKNOD
+    tty: true
+
+  db:
+    image: postgres
+    restart: always
+    networks:
+      - nextcloud
+    volumes:
+      - /etc/nextcloud/db:/var/lib/postgresql/data
+    user: 1002:1002 #set to match the user that has permission to the volume mounts
+    environment:
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: qe8S4GioPRS2AZWwqLejzoEDNhGsJMrij6TJ4bXxC2XkfvjxNKoqKktvrHEcER6k
+
+  redis:
+    image: redis
+    restart: always
+    command: redis-server --requirepass rYGNbjKkbKjALePfGDyLZ6uNp2UD3U4dGf4SZyL5iWqz3nexdko2HdS9vqDMRWVP
+    networks:
+      - nextcloud
+
+#  coturn:
+#    image: instrumentisto/coturn
+#    restart: always
+#    network_mode: host
+#    #networks:
+#    #  - nextcloud
+#    ports:
+#      - "3478:3478/tcp"
+#      - "3478:3478/udp"
+#    command:
+#      - -n
+#      - --log-file=stdout
+#      - --min-port=49160
+#      - --max-port=49200
+#      - --realm=nextcloud.taudris.com
+#      - --use-auth-secret
+#      - --static-auth-secret=RtoRDRtHjmX8tvRcdvL3ncjPcXK5tWSJD4LYf4hiBYWefdHPk7jWvs5foXtYa7bb

nextcloud/nextcloud/dockerfile

@@ -0,0 +1,3 @@
+FROM nextcloud:apache
+
+RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*

traefik/docker-compose.yml

@@ -0,0 +1,79 @@
+#version: '3.8'
+#
+#services:
+#  traefik:
+#    image: traefik:v2.5
+#    # Enables the web UI and tells Traefik to listen to docker
+#    command: --api.insecure=true --providers.docker
+#    ports:
+#      # The HTTP port
+#      - "80:80"
+#      # The HTTPS port
+#      - "443:443"
+#      # The Web UI (enabled by --api.insecure=true)
+#      - "8080:8080"
+#    volumes:
+#      # So that Traefik can listen to the Docker events
+#      - /var/run/docker.sock:/var/run/docker.sock
+#      - /root/apps.pem:/root/apps.pem
+#      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml
+#      - /etc/traefik/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml
+
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:v2.5
+    command:
+      - "--api.dashboard=true"
+      - "--accesslog=true"
+      - "--log.level=INFO"
+      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+      - "--providers.docker.swarmMode=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik-public"
+      - "--providers.docker.watch=true"
+      - "--providers.file.watch=true"
+      - "--providers.file.filename=/file_provider.yml"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - traefik-certificates:/letsencrypt
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - traefik-public
+    environment:
+      - "CF_API_EMAIL=admin@taudris.com"
+      - "CF_API_KEY=api-key"
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+        - "traefik.http.routers.http-catchall.entrypoints=web"
+        - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
+        - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+        - "traefik.http.routers.api.tls.domains[0].main=apps.taudris.com"
+        - "traefik.http.routers.api.tls.domains[0].sans=*.apps.taudris.com"
+        - "traefik.http.routers.api.rule=Host(`traefik.taudris.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        - "traefik.http.routers.api.service=api@internal"
+        - "traefik.http.services.api.loadbalancer.server.port=8080"
+    configs:
+      - file_provider.yml
+
+volumes:
+  traefik-certificates:
+
+configs:
+  file_provider.yml:
+    file: /etc/traefik/dynamic.yml
+
+networks:
+  traefik-public:
+    external: true

transmission/docker-compose.yml

@@ -0,0 +1,27 @@
+version: "3.8"
+
+services:
+  transmission:
+    image: lscr.io/linuxserver/transmission
+    #image: transmission
+    container_name: transmission
+    environment:
+      - PUID=1001 #set to match the user that has permission to the volume mount
+      - PGID=1001 #set to match the user that has permission to the volume mount
+      - TZ=America/Los_Angeles
+      #Specify an alternative UI. Options are: /combustion-release/, /transmission-web-control/, /kettu/, /flood-for-transmission/
+      - TRANSMISSION_WEB_HOME=/flood-for-transmission/ #optional
+      #- TRANSMISSION_WEB_HOME=/transmission-web-control/ #optional
+      #- USER=MewseKee #optional
+      #- PASS=Mewmewm3w #optional
+    ports:
+      - "9091:9091/tcp"
+      - "51412:51412/tcp"
+      - "51412:51412/udp"
+    tmpfs:
+      - /tmp
+    volumes:
+      - /etc/transmission/torrent-files/.config:/config
+      - /etc/transmission/torrent-files/Pickup:/watch
+      - /etc/transmission/torrents:/downloads/
+    restart: unless-stopped

unifi-controller/docker-compose.yml

@@ -0,0 +1,24 @@
+version: "3.8"
+
+services:
+  unifi-controller:
+    image: lscr.io/linuxserver/unifi-controller:latest
+    container_name: unifi-controller
+    environment:
+      - PUID=1003
+      - PGID=1003
+      - MEM_LIMIT=1024 #optional
+      - MEM_STARTUP=1024 #optional
+    volumes:
+      - /etc/unifi-controller/config:/config
+    ports:
+      - 8443:8443
+      - 3478:3478/udp
+      - 10001:10001/udp
+      - 8080:8080
+      - 1900:1900/udp #optional
+      - 8843:8843 #optional
+      - 8880:8880 #optional
+      - 6789:6789 #optional
+      - 5514:5514/udp #optional
+    restart: unless-stopped

vaultwarden/backup.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+#/root/vaultwarden/backup.sh
+
+#load restic variables
+set -a
+source /root/.credentials-restic
+set +a
+export RESTIC_REPOSITORY="$RESTIC_REPOSITORY_BASE/Bitwarden"
+
+#Define a timestamp function
+timestamp() {
+date "+%b %d %Y %T %Z"
+}
+
+# insert timestamp into log
+echo
+echo
+echo "==============================================================================="
+
+# stop vaultwarden
+echo "$(timestamp): stopping vaultwarden"
+docker service scale vaultwarden_vaultwarden=0
+
+# backup
+echo "$(timestamp): beginning backup"
+restic backup --limit-upload 3072 /etc/vaultwarden/data
+
+# start vaultwarden
+echo "$(timestamp): starting vaultwarden"
+docker service scale vaultwarden_vaultwarden=1
+
+# forget and prune
+echo "$(timestamp): forget and prune"
+restic forget --prune --keep-daily 14 --keep-weekly 10 --keep-within 10w --keep-last 2 --group-by tags
+
+# check for errors
+echo "$(timestamp): checking for errors"
+restic check
+
+# insert timestamp into log
+echo
+echo "$(timestamp): finished"
+echo "==============================================================================="

vaultwarden/docker-compose.yml

@@ -1,3 +1,5 @@
+make sure to restore password values
+
 version: "3.8"
 
 services:
@@ -28,14 +30,14 @@ services:
       LOG_FILE: '/var/log/vaultwarden.log'
       SIGNUPS_ALLOWED: 'true'
       DOMAIN: 'https://bitwarden.taudris.com'
-      ADMIN_TOKEN: 'tQDU8ur6yEk5HGgGbk6sobaCnJ9dUYRzWBevdcM2k6JmC6WNiFsjN4G7y4buTLAp'
+      ADMIN_TOKEN: 'See "Bitwarden Admin" password'
       SMTP_HOST: 'smtp.zoho.com'
       SMTP_FROM: 'admin@taudris.com'
       SMTP_FROM_NAME: 'Bitwarden'
       SMTP_PORT: '587'
       SMTP_SSL: 'true'
       SMTP_USERNAME: 'admin@taudris.com'
-      SMTP_PASSWORD: 'dsSQ@K54!7ppjW'
+      SMTP_PASSWORD: 'See Zoho "admin@taudris.com" password'
       SMTP_TIMEOUT: '15'
       WEBSOCKET_ENABLED: 'true'
     labels: