Initialize reverse proxy and TLS workshop lab setup

proxy/html/hints.html

@@ -0,0 +1,198 @@
+<!doctype html>
+<html lang="de">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>HTL Workshop Hint Cheatsheet</title>
+    <style>
+      :root {
+        --bg: #081825;
+        --panel: #10273d;
+        --panel-soft: #163450;
+        --text: #e9f2fb;
+        --muted: #b7cbdf;
+        --accent: #4ecdc4;
+      }
+
+      * {
+        box-sizing: border-box;
+      }
+
+      body {
+        margin: 0;
+        font-family: "Fira Sans", "Segoe UI", sans-serif;
+        color: var(--text);
+        background:
+          radial-gradient(circle at 100% 0%, #1f4060 0%, transparent 45%),
+          radial-gradient(circle at 0% 100%, #14324a 0%, transparent 35%),
+          var(--bg);
+        min-height: 100vh;
+        padding: 1.2rem;
+      }
+
+      main {
+        width: min(1100px, 100%);
+        margin: 0 auto;
+        display: grid;
+        gap: 1rem;
+      }
+
+      .panel {
+        background: var(--panel);
+        border: 1px solid #315678;
+        border-radius: 14px;
+        padding: 1.1rem;
+      }
+
+      .grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
+        gap: 0.8rem;
+      }
+
+      .card {
+        background: var(--panel-soft);
+        border: 1px solid #2d5577;
+        border-radius: 12px;
+        padding: 0.9rem;
+      }
+
+      h1,
+      h2,
+      h3 {
+        margin-top: 0;
+      }
+
+      p,
+      li {
+        color: var(--muted);
+        line-height: 1.5;
+      }
+
+      a {
+        color: var(--accent);
+      }
+
+      code {
+        background: #0d1f31;
+        border: 1px solid #2d4f6e;
+        border-radius: 6px;
+        padding: 0.1rem 0.35rem;
+      }
+
+      pre {
+        background: #0b2133;
+        border: 1px solid #2b5578;
+        border-radius: 10px;
+        padding: 0.7rem;
+        overflow: auto;
+      }
+
+      .top-links {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.5rem;
+      }
+
+      .pill {
+        display: inline-block;
+        text-decoration: none;
+        background: #11314b;
+        border: 1px solid #2a5d84;
+        border-radius: 999px;
+        padding: 0.35rem 0.75rem;
+      }
+    </style>
+  </head>
+  <body>
+    <main>
+      <section class="panel">
+        <h1>Hint Cheatsheet</h1>
+        <p>
+          Kompakte Hilfe fuer Setup, TLS und Wireshark. Fuer komplette Aufgaben siehe das
+          <a href="/challenges.html">Challenge Board</a> und fuer Korrekturhilfe das
+          <a href="/solutions.html">Solutions Board</a>.
+        </p>
+        <div class="top-links">
+          <a class="pill" href="/">Startseite</a>
+          <a class="pill" href="/challenges.html">Challenges</a>
+          <a class="pill" href="/solutions.html">Solutions</a>
+        </div>
+      </section>
+
+      <section class="panel">
+        <h2>Deploy & Reset</h2>
+        <div class="grid">
+          <article class="card">
+            <h3>Start</h3>
+            <pre><code>./scripts/bootstrap.sh
+./scripts/compose.sh ps</code></pre>
+            <p>Windows PowerShell: <code>./scripts/workshop.ps1 -Action bootstrap</code></p>
+          </article>
+          <article class="card">
+            <h3>Neu deployen</h3>
+            <pre><code>make redeploy
+make proxy-reload</code></pre>
+            <p>PowerShell: <code>./scripts/workshop.ps1 -Action redeploy</code></p>
+          </article>
+          <article class="card">
+            <h3>Reset</h3>
+            <pre><code>make reset
+make bootstrap</code></pre>
+            <p>PowerShell: <code>./scripts/workshop.ps1 -Action reset</code></p>
+          </article>
+        </div>
+      </section>
+
+      <section class="panel">
+        <h2>Easy-RSA & CA Import</h2>
+        <div class="grid">
+          <article class="card">
+            <h3>PKI Quickstart</h3>
+            <pre><code>mkdir -p certs/easyrsa
+cp -r /usr/share/easy-rsa/* certs/easyrsa/
+cd certs/easyrsa
+./easyrsa init-pki
+./easyrsa build-ca nopass
+./easyrsa gen-req localhost nopass
+./easyrsa sign-req server localhost</code></pre>
+          </article>
+          <article class="card">
+            <h3>Fedora CA Import</h3>
+            <pre><code>sudo cp certs/easyrsa/pki/ca.crt \
+  /etc/pki/ca-trust/source/anchors/htl-workshop-root-ca.crt
+sudo update-ca-trust</code></pre>
+          </article>
+          <article class="card">
+            <h3>HTTPS Check</h3>
+            <pre><code>curl https://localhost:8443/service/a
+curl -I https://localhost:8443/service/a
+openssl s_client -connect localhost:8443 -servername localhost</code></pre>
+            <p>Bei TLS-Haertung auf <code>Strict-Transport-Security</code> im Header achten.</p>
+            <p>Komplettes TLS-Beispiel: <code>proxy/nginx.tls.example.conf</code></p>
+          </article>
+        </div>
+      </section>
+
+      <section class="panel">
+        <h2>Wireshark Quick Hints</h2>
+        <div class="grid">
+          <article class="card">
+            <h3>Filter</h3>
+            <ul>
+              <li><code>http</code></li>
+              <li><code>tcp.port == 8443</code></li>
+              <li><code>tls.handshake</code></li>
+              <li><code>tls.handshake.type == 11</code></li>
+            </ul>
+          </article>
+          <article class="card">
+            <h3>TLS Decrypt (optional)</h3>
+            <pre><code>export SSLKEYLOGFILE="$HOME/sslkeys.log"</code></pre>
+            <p>Browser aus derselben Shell starten und Datei in Wireshark als TLS Key Log setzen.</p>
+          </article>
+        </div>
+      </section>
+    </main>
+  </body>
+</html>