Configuration Example

Connection Graph

client -n> peer1 -1> peer0 <1- peer2 -n> server

Generating Key Pair

# generate private root certificate
./tlswrapper -gencerts ca
# ca-cert.pem, ca-key.pem

# generate peer certificates
./tlswrapper -gencerts peer0,peer1,peer2 -sign ca
# peerN-cert.pem, peerN-key.pem

Adding a certificate to "authcerts" will allow all certificates signed by it (including itself).

Creating Config Files

For simpler cases, just remove the unused fragments.

peer0.json: If peer name is peer2, ask for myhttp service.

{
  "peername": "peer0",
  "muxlisten": "0.0.0.0:38000",
  "services": {
    "myhttp-peer2": "127.0.0.1:8080"
  },
  "peers": {
    "peer2": {
      "listen": "127.0.0.1:8080",
      "service": "myhttp"
    }
  },
  "certs": [
    {
      "cert": "@peer0-cert.pem",
      "key": "@peer0-key.pem"
    }
  ],
  "authcerts": [
    "@ca-cert.pem"
  ]
}

peer1.json: Ask peer0 for myhttp-peer2 service.

{
  "peername": "peer1",
  "peers": {
    "peer0": {
      "addr": "example.com:38000",
      "listen": "127.0.0.1:8080",
      "service": "myhttp-peer2"
    }
  },
  "certs": [
    {
      "cert": "@peer1-cert.pem",
      "key": "@peer1-key.pem"
    }
  ],
  "authcerts": [
    "@ca-cert.pem"
  ]
}

peer2.json: Connect to peer0.

{
  "peername": "peer2",
  "services": {
    "myhttp": "127.0.0.1:8080"
  },
  "peers": {
    "peer0": {
      "addr": "example.com:38000"
    }
  },
  "certs": [
    {
      "cert": "@peer2-cert.pem",
      "key": "@peer2-key.pem"
    }
  ],
  "authcerts": [
    "@ca-cert.pem"
  ]
}

Import all PEM files to create a single configuration file for easier distribution:

./tlswrapper -c peer0.json -dumpconfig 2>peer0/config.json
chmod 0600 peer0/config.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configuration Example

Connection Graph

Generating Key Pair

Creating Config Files

Clone this wiki locally