Portfolio

🔐 pfSense + LDAP Authentication Setup Guide A step-by-step guide to integrate pfSense with Active Directory over secure LDAPS using a Let’s Encrypt certificate issued via DNS validation. ✅ 1. Prerequisites 🖥️ Windows Server 2025 as Domain Controller (DC) 🌐 A pfSense firewall instance 🌍 A domain name (e.g., packetrealm.io) ☁️ Cloudflare for DNS management 🔒 Admin access to pfSense Web UI 📶 Internet access from the Domain Controller 🌐 2. Configure DNS in Cloudflare Log in to your Cloudflare dashboard Select your domain (e.g., packetrealm.io) Navigate to DNS → Add an A record: Name: dc IPv4 address: IP of your DC (LAN IP or WAN if accessible) Proxy status: ⚪ DNS only Save and verify with: nslookup dc.packetrealm.io 📜 3. Issue TLS Certificate via Win-ACME (Manual DNS) 🧰 3.1 Download Win-ACME 👉 Download Win-ACME Use the win-acme.v2.x.x.x.x64.trimmed.zip version Extract to C:\win-acme 📥 3.2 Issue Certificate (Manual DNS-01) cd C:\win-acme .\wacs.exe Choose M → Create new certificate with advanced options Enter: dc.packetrealm.io Choose DNS-01 challenge Select Manual for DNS update method Add TXT record in Cloudflare: Name: _acme-challenge.dc Value: TXT value from wacs After propagation, hit Enter to continue 🔍 3.3 Verify Certificate Open mmc.exe Add Certificates → Local Computer Navigate to Personal → Certificates Ensure: Issued to: dc.packetrealm.io Enhanced Key Usage: Server Authentication 🔁 3.4 Restart NTDS Restart-Service ntds 🔗 4. Import Let’s Encrypt Root CA to pfSense 📄 4.1 Download Root Certificate 👉 ISRG Root X1 - PEM format 🛠️ 4.2 Add to pfSense Go to System → Cert Manager → CAs Click Add Name: Let’s Encrypt ISRG Root X1 Paste entire PEM contents Save ✅ 👤 5. Create LDAP Bind Account (Best Practice) Open Active Directory Users and Computers Create OU: ServiceAccount (if needed) Add user: ldapbind Set password + Password never expires Example DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io 🧩 6. Configure LDAP in pfSense Go to System → User Manager → Authentication Servers Click Add: Type: LDAP Hostname: dc.packetrealm.io Port: 636 Transport: SSL Peer CA: Let’s Encrypt ISRG Root X1 Base DN: DC=packetrealm,DC=io Bind DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io Password: your ldapbind password Save & test with Diagnostics → Authentication 🔐 7. Enable LDAP Authentication in pfSense Go to System → User Manager → Settings Set your LDAP server as the authentication backend Apply settings 🔄 8. Automate Certificate Renewal ✅ Win-ACME installs a scheduled task It auto-renews and places cert in Local Computer > Personal pfSense trusts it through the CA, no re-import needed Monitor expiry as a safeguard 🛠️ 9. Troubleshooting Test LDAPS connectivity ...

This guide walks you through deploying a Hugo static site using the PaperMod theme, hosted on an unprivileged LXC container running NGINX. This version includes a manual installation of Hugo via .deb for full control over the version. 📁 Prerequisites Proxmox or any hypervisor Ubuntu 22.04 LXC (unprivileged) A non-root user with sudo privileges 🛠️ Step 1: Install Required Dependencies sudo apt update && sudo apt install -y curl wget git nginx 📆 Step 2: Install Hugo Manually (v0.147.8) wget https://github.com/gohugoio/hugo/releases/download/v0.147.8/hugo_0.147.8_linux-amd64.deb chmod +x hugo_0.147.8_linux-amd64.deb sudo dpkg -i hugo_0.147.8_linux-amd64.deb hugo version 🏠 Step 3: Create Your Hugo Site ...