2c2c1e19df
* feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config |
||
---|---|---|
.. | ||
cmd | ||
proto | ||
server | ||
Dockerfile | ||
main.go | ||
README.md |
Wiretrustee Management Server
Run Management service (Docker)
You can run service in 2 modes - with TLS or without (not recommended).
Run with TLS (Let's Encrypt).
The server where you are running a container has to have a public IP (for Let's Encrypt certificate challenge).
In the following example 33073
is a gRpc port, 443
is a port for Let's Encrypt challenge and HTTP API.
Replace with your server's public domain (e.g. mydomain.com or subdomain sub.mydomain.com).
docker run -d --name wiretrustee-management \
-p 33073:33073 \
-p 443:443 \
-v /var/lib/wiretrustee/:/var/lib/wiretrustee/ \
-v /etc/wiretrustee/:/etc/wiretrustee/ \
wiretrustee/wiretrustee:management-v0.0.8-SNAPSHOT-079d35e-amd64 \
--port 33073 \
--datadir /var/lib/wiretrustee/ \
--hosts-config /etc/wiretrustee/hosts-config.json \
--letsencrypt-domain <YOUR-DOMAIN> \
--log-level info
Trigger Let's encrypt certificate generation:
curl https://<YOUR-DOMAIN>
The certificate will be persisted in the datadir/letsencrypt/
folder (e.g. /var/lib/wiretrustee/letsencrypt/
). Make sure that the datadir
is mapped to some folder on a host machine.
Consequent restarts of the container will pick up previously generated certificate so there is no need to trigger certificate generation with the curl
command on every restart.
Below are optional steps (some checks).
Inspect datadir
to see if the folder contains Let's Encrypt certificate:
ls /var/lib/wiretrustee/letsencrypt/
The output should be something similar to this:
root@wiretrustee-test-2:~# ls /var/lib/wiretrustee/letsencrypt/
acme_account+key <YOUR-DOMAIN> <YOUR-DOMAIN>+rsa
Check certificate:
echo | openssl s_client -showcerts -servername <YOUR-DOMAIN> -connect <YOUR-DOMAIN>:33073 2>/dev/null | openssl x509 -inform pem -noout -text
The output should be something similar to this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:07:7a:8e:f3:78:0d:bc:4d:f0:82:9b:1a:a3:c1:89:6c:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Jul 17 14:19:45 2021 GMT
Not After : Oct 15 14:19:43 2021 GMT
Subject: CN = <YOUR-DOMAIN>
...
Signature Algorithm: sha256WithRSAEncryption
3a:a3:27:5c:aa:35:11:b0:9a:89:d4:da:03:30:16:bc:3e:01:
9f:7a:14:0a:1c:f3:c3:1c:67:86:31:bd:63:0f:19:81:66:77:
34:32:e8:ac:be:16:1d:55:5e:d5:71:73:d7:50:b4:fb:56:6d:
14:b3:2f:ae:04:52:e5:f4:e2:86:dd:fe:b8:b0:bf:52:84:bf:
5f:d2:56:9f:7b:70:6c:b8:f4:e8:c8:94:7f:89:e9:0d:37:55:
c7:c7:6c:51:88:09:9a:40:4a:52:88:c6:8b:1b:9c:d4:a2:a5:
4d:c7:23:4b:81:b8:4a:90:3f:a3:50:80:6e:bb:1f:1c:c2:19:
99:d4:57:7b:82:07:f3:ca:71:6d:83:e8:5a:98:70:98:13:a1:
64:81:0d:01:db:41:37:46:6f:a5:c6:e5:cf:7d:ba:f8:26:b1:
53:58:fc:7d:48:2a:55:f3:14:e7:5e:7d:0f:3d:23:98:83:00:
08:19:b0:62:93:a4:66:96:db:25:3f:e7:02:44:25:c1:62:4d:
75:90:5b:b6:59:68:42:58:37:88:2f:84:c2:77:8f:9f:50:ed:
b5:f7:b1:31:8a:b6:ca:9e:5a:90:e9:3f:5b:eb:d4:c3:f6:82:
42:16:5f:f4:62:ed:51:9c:ac:b1:ba:4e:6f:ea:ec:ab:43:ba:
d1:25:ab:28
Run without TLS.
docker run -d --name wiretrustee-management \
-p 33073:33073 \
-v /var/lib/wiretrustee/:/var/lib/wiretrustee/ \
-v /etc/wiretrustee/:/etc/wiretrustee/ \
wiretrustee/wiretrustee:management-v0.0.8-SNAPSHOT-079d35e-amd64 \
--port 33073 \
--datadir /var/lib/wiretrustee/ \
--hosts-config /etc/wiretrustee/hosts-config.json \
--letsencrypt-domain app.wiretrustee.com \
--log-level debug
hosts-config.json file example:
{
"Stuns": [
{
"Proto": 2,
"Host": "stun.wiretrustee.com",
"Port": 3468,
"Username": "",
"Password": null
}
],
"Turns": [
{
"Proto": 2,
"Host": "stun.wiretrustee.com",
"Port": 3468,
"Username": "some_user",
"Password": "c29tZV9wYXNzd29yZA=="
}
],
"Signal": {
"Proto": 2,
"Host": "signal.wiretrustee.com",
"Port": 10000,
"Username": "",
"Password": null
}
}
For development purposes:
Install golang gRpc tools:
#!/bin/bash
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
Generate gRpc code:
#!/bin/bash
protoc -I proto/ proto/management.proto --go_out=. --go-grpc_out=.