FOG imaging custom SSL/TLS certificates in iPXE

You have to build the iPXE with the custom server certificate not the custom CA certificate!

– Deploy server cert to /var/www/html/fog/management/other/ssl/srvpublic.crt
– Deploy ca cert to /var/www/html/fog/management/other/ca.cert.pem
– Deploy server key to /opt/fog/snapins/ssl/.srvprivate.key

Assuming you have downloaded FOG to /root/fogproject – build iPXE as follows:

cd /root/fogproject/utils/cd FOGiPXE/
./buildipxe.sh /var/www/html/fog/management/other/ssl/srvpublic.crt
cd /root/fogproject/packages/tftp
find -type f -exec cp -Rfv {} /tftpboot/{} \;

Do adjustments to TFTP and FOG configuration

And you have to change the ip address to DNS FQDN in /tftpboot/default.ipxe:

root@fog:/tftpboot# cat default.ipxe
#!ipxe
cpuid –ext 29 && set arch x86_64 || set arch ${buildarch}
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain https://fog.domain.tld/fog/service/ipxe/boot.php##params

And you have to adjust the WEB HOST configuration in the FOG website -> settings to the DNS FQDN:

Logon to the FOG webseite -> click on the wrench to access settings -> click on FOG settings -> scroll down the whole way to Web Server -> expand it and change the setting WEB HOST to „fog.domain.tld“.

Bitwarden with onprem install and usage of local smarthost with TLS on port 25

Bitwarden’s SMTP service  does behave a bit weird without some settings in the /opt/bitwarden/bwdata/env/global.override.env file.

For allow TLS on port 25 use the option „globalSettings__mail__smtp__sslOverride=true“.

For not using SSL and fix the mail service to TLS use the option „globalSettings__mail__smtp__ssl=false“.

You can find more information in the logfiles in /opt/bitwarden/bwdata/logs/events.

Example:

globalSettings__mail__replyToEmail=sender@domain.tld
globalSettings__mail__smtp__host=relay.domain.tld
globalSettings__mail__smtp__port=25
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=<not needed for open relay>
globalSettings__mail__smtp__password=<not needed for open relay>
globalSettings__disableUserRegistration=true
adminSettings__admins=bitwarden-admin@domain.tld
globalSettings__mail__smtp__sslOverride=true