add keycloak

2023-02-13 13:02:29 +07:00
parent 8de0239d1f
commit d462c1c6bb
117 changed files with 11719 additions and 3 deletions
--- a/3.FreeIPA/README.md
+++ b/3.FreeIPA/README.md
@@ -0,0 +1,51 @@
+# Main
+
+Ставим на fedora-37
+
+0. firewall
+
+```shell
+firewall-cmd --permanent --add-port=53/{tcp,udp} --add-port=80/tcp --add-port=88/{tcp,udp} \
+--add-port=123/udp --add-port=389/tcp --add-port=443/tcp --add-port=464/{tcp,udp} \
+--add-port=636/tcp && firewall-cmd --reload
+```
+
+```shell
+sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
+sed -i 's/^NETWORKING_IPV6=.*/NETWORKING_IPV6=false/g' /etc/sysconfig/network
+
+reboot
+```
+
+1. dnf update -y && dnf -y install freeipa-server freeipa-server-dns freeipa-client mc htop zip nano git wget curl
+
+- правим /etc/hosts >>
+- убираем все, кроме этих записей
+
+```shell
+135.181.36.160 id.rmnl.ru id
+```
+
+- правим /etc/hostname по необходимости
+
+```shell
+hostname -f
+```
+
+2. ipa-server-install --setup-dns --allow-zone-overlap --domain=rmnl.ru
+
+- Do you want to configure DNS forwarders? [yes]: `yes`
+- Enter an IP address for a DNS forwarder, or press Enter to skip: `8.8.8.8`
+- ntp - ставим, указываем: `91.189.89.198,91.189.91.157,91.189.94.4`
+
+pass = 7MOYtC12B2mSZhu15cWFBw
+
+## Сертификаты
+
+1. dnf install -y certbot
+2. certbot certonly --manual --preferred-challenges=dns --email admin@rmnl.ru --agree-tos  -d id.rmnl.ru
+3. cd letsencrypt && ./setup-le.sh
+
+## Системный юзер
+
+1. ./ipa-ctl.sh