Jedda Wignall jedda
jedda
/ envoy-docker-compose.yaml
Last active
May 29, 2025 05:40
Envoy Docker Compose for Apple Network Relay
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Docker compose stack to support Envoy testing | |
| # A detailed write-up about Network Relay on Apple platforms is here: | |
| # https://jedda.me/beneath-the-masque-network-relay-on-apple-platforms | |
| version: '3' | |
| services: | |
| envoy: | |
| restart: always | |
| image: envoyproxy/envoy:v1.34-latest | |
| container_name: "envoy" |
jedda
/ envoy.yaml
Created
May 29, 2025 00:29
Envoy Configuration for Apple Network Relay (CONNECT & CONNECT-UDP) - HTTP/2 & HTTP/3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Envoy config is intended for user with Apple Network Relay clients: | |
| # https://support.apple.com/en-au/guide/deployment/dep91a6e427d/web | |
| # and can be used to support both HTTP/3 and HTTP/2 with both Extended CONNECT and MASQUE (CONNECT-UDP). | |
| # | |
| # It features: | |
| # - HTTP/2 listener (with client certificate validation) | |
| # - HTTP/3 listener | |
| # - Dynamic forward proxy cluster | |
| # | |
| # In its current form, it can be used for testing and experimenting with relay and MASQUE technologies, but it is |
jedda
/ ACME-MDA-Example.mobileconfig
Last active
June 19, 2025 21:51
An example of an ACME Certificate Profile & payload (com.apple.security.acme) that can be used on iOS (16 and above) and macOS (14 and above) to request an ACME certificate with Managed Device Attestation from Apple.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>Attest</key> | |
| <true/> | |
| <!-- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configuring basic RADIUS on OS X 10.8 Server | |
| # Jedda Wignall | |
| # http://jedda.me | |
| # Full writeup at: http://jedda.me/2012/11/configuring-basic-radius-os-108-server/ | |
| # create the SACL for access to RADIUS | |
| dseditgroup -q -o create -u <admin user> -n . com.apple.access_radius | |
| # configure radiusd to log both successful and failed authentications |