-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add support for ACME cert acquisition * add support for modifying hosts for a package * misc fixes * more fixes * use different port for lan clearnet than wan clearnet * fix chroot-and-upgrade always growing * bail on failure * wip * fix alpn auth * bump async-acme * fix cli * add barebones documentation * add domain to hostname info
- Loading branch information
Showing
23 changed files
with
1,585 additions
and
214 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Setting up clearnet for a service interface | ||
|
|
||
| NOTE: this guide is for HTTPS only! Other configurations may require a more bespoke setup depending on the service. Please consult the service documentation or the Start9 Community for help with non-HTTPS applications | ||
|
|
||
| ## Initialize ACME certificate generation | ||
|
|
||
| The following command will register your device with an ACME certificate provider, such as letsencrypt | ||
|
|
||
| This only needs to be done once. | ||
|
|
||
| ``` | ||
| start-cli net acme init --provider=letsencrypt --contact="mailto:me@drbonez.dev" | ||
| ``` | ||
|
|
||
| - `provider` can be `letsencrypt`, `letsencrypt-staging` (useful if you're doing a lot of testing and want to avoid being rate limited), or the url of any provider that supports the [RFC8555](https://datatracker.ietf.org/doc/html/rfc8555) ACME api | ||
| - `contact` can be any valid contact url, typically `mailto:` urls. it can be specified multiple times to set multiple contacts | ||
|
|
||
| ## Whitelist a domain for ACME certificate acquisition | ||
|
|
||
| The following command will tell the OS to use ACME certificates instead of system signed ones for the provided url. In this example, `testing.drbonez.dev` | ||
|
|
||
| This must be done for every domain you wish to host on clearnet. | ||
|
|
||
| ``` | ||
| start-cli net acme domain add "testing.drbonez.dev" | ||
| ``` | ||
|
|
||
| ## Forward clearnet port | ||
|
|
||
| Go into your router settings, and map port 443 on your router to port 5443 on your start-os device. This one port should cover most use cases | ||
|
|
||
| ## Add domain to service host | ||
|
|
||
| The following command will tell the OS to route https requests from the WAN to the provided hostname to the specified service. In this example, we are adding `testing.drbonez.dev` to the host `ui-multi` on the package `hello-world`. To see a list of available host IDs for a given package, run `start-cli package host <PACKAGE> list` | ||
|
|
||
| This must be done for every domain you wish to host on clearnet. | ||
|
|
||
| ``` | ||
| start-cli package host hello-world address ui-multi add testing.drbonez.dev | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.