zydronium/internetee-epp_proxy
1
0
Fork 0
mirror of https://github.com/internetee/epp_proxy.git synced 2025-08-18 21:43:47 +02:00
Code Issues Projects Releases Packages Wiki Activity

Describe configuration in documentation

Browse source
This commit is contained in:
Maciej Szlosarczyk 2019-05-30 20:57:15 +03:00
parent c63a243f63
commit 3ac70dbb74
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
1 changed files with 31 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

36
README.md
View file

@ -60,16 +60,42 @@ $ rebar3 tar # Creates an archive that can be shipped to another machine
Configuration
-----
Configuration for the application tries to emulate the mod_epp configuration as close as possible
to make migration easier.
to make migration easier. The configuration is placed in `config/sys.config` file, it takes a format
of Erlang property list.
Deployment
-----
*Configuration variables*
| Variable name | Expected values | Apache equivalent | Definition
-----------------------|------------------------------------|-----------------------|--------------------------------------------
| `dev_mode` | `true | false` | None | Enables TCP access without TLS.
| `tls_port` | `700` | Listen | At which port should we open a TLS socket. Default is 700.
| `tcp_port` | `70000` | Listen | At which port should we open a TCP socket. Only in `dev_mode`.
| `epp_session_url` | `https://example.com/epp/session` | EppSessionRoot | HTTP address of the session endpoints including schema and port.
| `epp_command_url` | `https://example.com/epp/command` | EppCommandRoot | HTTP address of the command endpoints including schema and port.
| `epp_error_url` | `https://example.com/epp/error` | EppErrorRoot | HTTP address of the error endpoints including schema and port.
| `cacertfile_path` | `/opt/ca/ca.crt.pem` | SSLCACertificateFile | Where is the client root CA located.
| `certfile_path` | `/opt/ca/server.crt.pem` | SSLCertificateFile | Where is the server certificate located.
| `keyfile_path` | `/opt/ca/server.key.pem` | SSLCertificateKeyFile | Where is the server key located.
| `crlfile_path` | `/opt/ca/crl.pem` | SSLCARevocationFile | Where is the CRL file located.
Migrating from mod_epp
----
Checklist of steps to perform if you want to migrate from mod_epp, but still use Apache to be a reverse proxy.
1. Remove SSL-CLIENT-S-DN-CN and SSL-CLIENT-CERT headers from Apache. Epp_proxy takes care of those.
2. Install this project to desired location.
3. Ensure that the user who will run epp_proxy has access to all certificate files.
4. Set up syslog in `config/sys.config`.
5. If you do not feel comfortable using Erlang configuration file, you can use command line arguments and flags in format of `/epp_proxy/rel/bin/epp_proxy -epp_proxy tls_port 444`, where -epp_proxy is static name of application,
followed by configuration parameter name and value.
TODO
----
1. DONE -- Add syslog logger
2. DONE -- Add default error responses for errors while contacting registry and for invalid XML.
3. This readme.
3. Migration guide for mod epp.
3. DONE -- This readme.
4. DONE -- Migration guide for mod epp.
5. Ensure CRL gets updated periodically without a need for restart of the service