AlexBa16/htl-reverse-proxy-tls-lab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3d437826e3237e9c83a78559b2e6d13953ebc0c
htl-reverse-proxy-tls-lab/proxy/html/hints.html
T
hkoeck a0e6dec8f4 Stelle HTML-Seiten auf Telekom Security CI um 
Helles, modernes Layout (weisse Cards, dezente Schatten) statt des
dunklen Themes. Magenta nur als Akzent (Links, Nav-Hover, T-Marke).
Brand: kompaktes magenta "T" + Wortmarke "Telekom Security".
Difficulty-Badges auf Telekom-Funktionsfarben, Backends mit eigenem
Akzentstreifen je Service.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 23:11:00 +02:00

325 lines
8.7 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="de">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>HTL Workshop Hint Cheatsheet</title>
<style>
:root {
--bg: #f3f3f6;
--surface: #ffffff;
--text: #16161a;
--muted: #65656e;
--magenta: #e20074;
--magenta-soft: #fbe3f0;
--line: #e5e5ea;
--code-bg: #f4f4f7;
--code-line: #e2e2e8;
--radius: 16px;
--shadow: 0 1px 2px rgba(20, 20, 40, 0.04), 0 10px 30px rgba(20, 20, 40, 0.06);
}
* {
box-sizing: border-box;
}
body {
margin: 0;
font-family: "TeleNeo", "Segoe UI", system-ui, -apple-system, sans-serif;
color: var(--text);
background: var(--bg);
min-height: 100vh;
padding: 2.2rem 1.2rem 3rem;
line-height: 1.55;
}
main {
width: min(1100px, 100%);
margin: 0 auto;
display: grid;
gap: 1.25rem;
}
.panel {
background: var(--surface);
border: 1px solid var(--line);
border-radius: var(--radius);
padding: 1.5rem 1.6rem;
box-shadow: var(--shadow);
}
.hero {
position: relative;
overflow: hidden;
}
.hero::before {
content: "";
position: absolute;
top: 0;
bottom: 0;
left: 0;
width: 5px;
background: var(--magenta);
}
h1,
h2,
h3 {
margin-top: 0;
font-weight: 800;
letter-spacing: -0.01em;
color: var(--text);
}
h1 {
font-size: 1.95rem;
}
h2 {
font-size: 1.3rem;
}
h3 {
font-size: 1.02rem;
display: flex;
align-items: center;
gap: 0.5rem;
}
h3::before {
content: "";
width: 8px;
height: 8px;
border-radius: 2px;
background: var(--magenta);
}
p,
li {
color: var(--muted);
line-height: 1.55;
}
a {
color: var(--magenta);
text-decoration: none;
font-weight: 600;
}
a:hover {
text-decoration: underline;
}
code {
font-family: "JetBrains Mono", "Fira Code", "Consolas", "Liberation Mono", monospace;
font-size: 0.9em;
background: var(--code-bg);
border: 1px solid var(--code-line);
border-radius: 6px;
padding: 0.1rem 0.35rem;
color: #2a2a30;
}
pre {
background: var(--code-bg);
border: 1px solid var(--code-line);
border-radius: 12px;
padding: 0.9rem 1rem;
overflow-x: auto;
margin: 0.7rem 0;
}
pre code {
display: block;
background: transparent;
border: 0;
border-radius: 0;
padding: 0;
font-size: 0.88rem;
line-height: 1.5;
white-space: pre;
color: #2a2a30;
}
.brand {
display: flex;
align-items: center;
gap: 0.65rem;
margin-bottom: 1rem;
}
.tmark {
display: inline-flex;
align-items: center;
gap: 3px;
}
.tmark b {
font-size: 1.55rem;
font-weight: 800;
color: var(--magenta);
margin: 0 1px;
line-height: 1;
}
.brand span {
font-size: 0.82rem;
font-weight: 700;
letter-spacing: 0.12em;
text-transform: uppercase;
color: var(--muted);
}
.nav {
display: flex;
flex-wrap: wrap;
gap: 0.5rem;
margin-top: 1.2rem;
}
.nav a {
text-decoration: none;
color: var(--text);
font-weight: 600;
font-size: 0.92rem;
background: var(--surface);
border: 1px solid var(--line);
border-radius: 999px;
padding: 0.45rem 0.95rem;
transition:
color 0.15s ease,
border-color 0.15s ease;
}
.nav a:hover {
border-color: var(--magenta);
color: var(--magenta);
text-decoration: none;
}
.grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
gap: 1rem;
}
.card {
background: var(--surface);
border: 1px solid var(--line);
border-radius: 12px;
padding: 1.1rem 1.2rem;
}
</style>
</head>
<body>
<main>
<section class="panel hero">
<div class="brand">
<span class="tmark"><b>T</b></span>
<span>Telekom Security</span>
</div>
<h1>Hint Cheatsheet</h1>
<p>
Kompakte Hilfe fuer Setup, TLS und Wireshark. Fuer komplette Aufgaben siehe das
<a href="/challenges.html">Challenge Board</a> und fuer Korrekturhilfe das
<a href="/solutions.html">Solutions Board</a>.
</p>
<nav class="nav">
<a href="/">Startseite</a>
<a href="/challenges.html">Challenges</a>
<a href="/hints.html">Hints</a>
<a href="/solutions.html">Solutions</a>
<a href="/service/a">Backend A</a>
<a href="/service/b">Backend B</a>
<a href="/challenges.html#challenge-2-backend-c">Backend C (ab C2)</a>
</nav>
</section>
<section class="panel">
<h2>Deploy &amp; Reset</h2>
<div class="grid">
<article class="card">
<h3>Start</h3>
<pre><code>./scripts/bootstrap.sh
./scripts/compose.sh ps</code></pre>
<p>Windows PowerShell: <code>./scripts/workshop.ps1 -Action bootstrap</code></p>
</article>
<article class="card">
<h3>Neu deployen</h3>
<pre><code>./scripts/lab.sh redeploy
./scripts/lab.sh proxy-reload</code></pre>
<p>PowerShell: <code>./scripts/workshop.ps1 -Action redeploy</code></p>
</article>
<article class="card">
<h3>Reset</h3>
<pre><code>./scripts/lab.sh reset
./scripts/lab.sh bootstrap</code></pre>
<p>PowerShell: <code>./scripts/workshop.ps1 -Action reset</code></p>
</article>
</div>
</section>
<section class="panel">
<h2>Easy-RSA &amp; CA Import</h2>
<div class="grid">
<article class="card">
<h3>PKI Quickstart</h3>
<pre><code>mkdir -p certs/easyrsa
cp -r /usr/share/easy-rsa/* certs/easyrsa/
cd certs/easyrsa
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req localhost nopass
./easyrsa --subject-alt-name="DNS:localhost,IP:127.0.0.1" sign-req server localhost</code></pre>
<p>Nur Runtime-Certs mounten (z. B. <code>certs/live</code>), nicht die komplette PKI.</p>
</article>
<article class="card">
<h3>Fedora CA Import</h3>
<pre><code>sudo cp certs/easyrsa/pki/ca.crt \
/etc/pki/ca-trust/source/anchors/htl-workshop-root-ca.crt
sudo update-ca-trust</code></pre>
</article>
<article class="card">
<h3>HTTPS Check</h3>
<pre><code>curl https://localhost:8443/service/a
curl -I https://localhost:8443/service/a
openssl s_client -connect localhost:8443 -servername localhost</code></pre>
<p>Bei TLS-Haertung auf <code>Strict-Transport-Security</code> im Header achten.</p>
<p>Komplettes TLS-Beispiel: <code>proxy/nginx.tls.example.conf</code></p>
</article>
<article class="card">
<h3>Security Header Baseline</h3>
<pre><code>add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Resource-Policy "same-origin" always;</code></pre>
</article>
</div>
</section>
<section class="panel">
<h2>Wireshark Quick Hints</h2>
<div class="grid">
<article class="card">
<h3>Filter</h3>
<ul>
<li><code>http</code></li>
<li><code>tcp.port == 8443</code></li>
<li><code>tls.handshake</code></li>
<li><code>tls.handshake.type == 11</code></li>
</ul>
</article>
<article class="card">
<h3>TLS Decrypt (optional)</h3>
<pre><code>export SSLKEYLOGFILE="$HOME/sslkeys.log"</code></pre>
<p>Browser aus derselben Shell starten und Datei in Wireshark als TLS Key Log setzen.</p>
</article>
</div>
</section>
</main>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink