9e4aa4f1f1
* Move management server to a separate directory |
||
---|---|---|
.. | ||
cmd | ||
proto | ||
server | ||
store | ||
Dockerfile | ||
main.go | ||
README.md |
Wiretrustee Management Server
Run Management service (Docker)
You can run service in 2 modes - with TLS or without (not recommended).
Run with TLS (Let's Encrypt).
The server where you are running a container has to have a public IP (for Let's Encrypt certificate challenge).
In the following example 33073
is a gRpc port, 443
is a port for Let's Encrypt challenge and HTTP API.
Replace with your server's public domain (e.g. mydomain.com or subdomain sub.mydomain.com).
docker run -d --name wiretrustee-management \
-p 33073:33073 \
-p 443:443 \
-v /var/lib/wiretrustee/:/var/lib/wiretrustee/ \
wiretrustee/wiretrustee:management-v0.0.8-SNAPSHOT-079d35e-amd64 \
--port 33073 \
--datadir /var/lib/wiretrustee/ \
--letsencrypt-domain <YOUR-DOMAIN> \
--log-level info
Trigger Let's encrypt certificate generation:
curl https://<YOUR-DOMAIN>
The certificate will be persisted in the datadir/letsencrypt/
folder (e.g. /var/lib/wiretrustee/letsencrypt/
). Make sure that the datadir
is mapped to some folder on a host machine.
Consequent restarts of the container will pick up previously generated certificate so there is no need to trigger certificate generation with the curl
command on every restart.
Below are optional steps (some checks).
Inspect datadir
to see if the folder contains Let's Encrypt certificate:
ls /var/lib/wiretrustee/letsencrypt/
The output should be something similar to this:
root@wiretrustee-test-2:~# ls /var/lib/wiretrustee/letsencrypt/
acme_account+key <YOUR-DOMAIN> <YOUR-DOMAIN>+rsa
Check certificate:
echo | openssl s_client -showcerts -servername <YOUR-DOMAIN> -connect <YOUR-DOMAIN>:33073 2>/dev/null | openssl x509 -inform pem -noout -text
The output should be something similar to this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:07:7a:8e:f3:78:0d:bc:4d:f0:82:9b:1a:a3:c1:89:6c:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Jul 17 14:19:45 2021 GMT
Not After : Oct 15 14:19:43 2021 GMT
Subject: CN = <YOUR-DOMAIN>
...
Signature Algorithm: sha256WithRSAEncryption
3a:a3:27:5c:aa:35:11:b0:9a:89:d4:da:03:30:16:bc:3e:01:
9f:7a:14:0a:1c:f3:c3:1c:67:86:31:bd:63:0f:19:81:66:77:
34:32:e8:ac:be:16:1d:55:5e:d5:71:73:d7:50:b4:fb:56:6d:
14:b3:2f:ae:04:52:e5:f4:e2:86:dd:fe:b8:b0:bf:52:84:bf:
5f:d2:56:9f:7b:70:6c:b8:f4:e8:c8:94:7f:89:e9:0d:37:55:
c7:c7:6c:51:88:09:9a:40:4a:52:88:c6:8b:1b:9c:d4:a2:a5:
4d:c7:23:4b:81:b8:4a:90:3f:a3:50:80:6e:bb:1f:1c:c2:19:
99:d4:57:7b:82:07:f3:ca:71:6d:83:e8:5a:98:70:98:13:a1:
64:81:0d:01:db:41:37:46:6f:a5:c6:e5:cf:7d:ba:f8:26:b1:
53:58:fc:7d:48:2a:55:f3:14:e7:5e:7d:0f:3d:23:98:83:00:
08:19:b0:62:93:a4:66:96:db:25:3f:e7:02:44:25:c1:62:4d:
75:90:5b:b6:59:68:42:58:37:88:2f:84:c2:77:8f:9f:50:ed:
b5:f7:b1:31:8a:b6:ca:9e:5a:90:e9:3f:5b:eb:d4:c3:f6:82:
42:16:5f:f4:62:ed:51:9c:ac:b1:ba:4e:6f:ea:ec:ab:43:ba:
d1:25:ab:28
Run without TLS.
docker run -d --name wiretrustee-management \
-p 33073:33073 \
-v /var/lib/wiretrustee/:/var/lib/wiretrustee/ \
wiretrustee/wiretrustee:management-v0.0.8-SNAPSHOT-079d35e-amd64 \
--port 33073 \
--datadir /var/lib/wiretrustee/ \
--letsencrypt-domain app.wiretrustee.com \
--log-level debug
For development purposes:
Install golang gRpc tools:
#!/bin/bash
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
Generate gRpc code:
#!/bin/bash
protoc -I proto/ proto/management.proto --go_out=. --go-grpc_out=.