From 3ac70dbb74fe26ca379f91ea0183a7dbefca799b Mon Sep 17 00:00:00 2001
From: Maciej Szlosarczyk <maciej@sosek.net>
Date: Thu, 30 May 2019 20:57:15 +0300
Subject: [PATCH] Describe configuration in documentation

---
 README.md | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 39018b0..1ae2119 100644
--- a/README.md
+++ b/README.md
@@ -60,16 +60,42 @@ $ rebar3 tar # Creates an archive that can be shipped to another machine
 Configuration
 -----
 Configuration for the application tries to emulate the mod_epp configuration as close as possible
-to make migration easier.
+to make migration easier. The configuration is placed in `config/sys.config` file, it takes a format
+of Erlang property list.
 
-Deployment
------
+*Configuration variables*
 
+| Variable name        | Expected values                    | Apache equivalent     | Definition
+-----------------------|------------------------------------|-----------------------|--------------------------------------------
+| `dev_mode`           | `true | false`                     | None                  | Enables TCP access without TLS.
+| `tls_port`           | `700`                              | Listen                | At which port should we open a TLS socket. Default is 700.
+| `tcp_port`           | `70000`                            | Listen                | At which port should we open a TCP socket. Only in `dev_mode`.
+| `epp_session_url`    | `https://example.com/epp/session`  | EppSessionRoot        | HTTP address of the session endpoints including schema and port.
+| `epp_command_url`    | `https://example.com/epp/command`  | EppCommandRoot        | HTTP address of the command endpoints including schema and port.
+| `epp_error_url`      | `https://example.com/epp/error`    | EppErrorRoot          | HTTP address of the error endpoints including schema and port.
+| `cacertfile_path`    | `/opt/ca/ca.crt.pem`               | SSLCACertificateFile  | Where is the client root CA located.
+| `certfile_path`      | `/opt/ca/server.crt.pem`           | SSLCertificateFile    | Where is the server certificate located.
+| `keyfile_path`       | `/opt/ca/server.key.pem`           | SSLCertificateKeyFile | Where is the server key located.
+| `crlfile_path`       | `/opt/ca/crl.pem`                  | SSLCARevocationFile   | Where is the CRL file located.
+
+
+Migrating from mod_epp
+----
+
+Checklist of steps to perform if you want to migrate from mod_epp, but still use Apache to be a reverse proxy.
+
+1. Remove SSL-CLIENT-S-DN-CN and SSL-CLIENT-CERT headers from Apache. Epp_proxy takes care of those.
+2. Install this project to desired location.
+3. Ensure that the user who will run epp_proxy has access to all certificate files.
+4. Set up syslog in `config/sys.config`.
+5. If you do not feel comfortable using Erlang configuration file, you can use command line arguments and flags in format of `/epp_proxy/rel/bin/epp_proxy -epp_proxy tls_port 444`, where -epp_proxy is static name of application,
+   followed by configuration parameter name and value.
 
 TODO
 ----
 
 1. DONE -- Add syslog logger
 2. DONE -- Add default error responses for errors while contacting registry and for invalid XML.
-3. This readme.
-3. Migration guide for mod epp.
+3. DONE -- This readme.
+4. DONE -- Migration guide for mod epp.
+5. Ensure CRL gets updated periodically without a need for restart of the service