diff --git a/Makefile b/Makefile index ff0deece31fd36504e9daeebcb5348f534e0d4e3..708b4f0a92f842b60edff3aebaa603e420755d52 100644 --- a/Makefile +++ b/Makefile @@ -56,14 +56,6 @@ run-container-test-api: # check the validity of certificate openssl x509 -in /tmp/cert.pem -noout -text podman-compose -f test/compose-files/docker-compose-remote-client-cert-selfsigned.yml down - # 3. run container image with remote standard url's for fetching config and certs - podman-compose -f test/compose-files/docker-compose-remote-client-cert.yml up -d - sleep 10s - podman logs compose-files_menshen_1 - curl localhost:8443/api/5/openvpn/cert > /tmp/cert.pem - # check the validity of certificate - openssl x509 -in /tmp/cert.pem -noout -text - podman-compose -f test/compose-files/docker-compose-remote-client-cert.yml down clean-container-setup: # clean local menshen setup diff --git a/README.md b/README.md index 7b929d1854d6e58f9be91d69af52d80362891633..e170fd7de91e9dd4e436c9ddcd07c166a057782b 100644 --- a/README.md +++ b/README.md @@ -97,15 +97,13 @@ go build ./cmd/menshen ## Run -The parameter `--from-provider-json` is a file path to a provider.json. It is always required to start menshen. +The parameter `--from-provider-json` is a file path to a provider.json, `--ca-file` is the file path to the root CA. Both are always required to start menshen. Use `--verbose` to get debug output. ### by pointing to another upstream provider -#### *a) with self-signed provider API endpoints* - -Further required parameters are `--ca-file`, `--client-cert-url` and an eip source (`--from-eip-file` or `--from-eip-url `). +Further required parameters are `--client-cert-url` and an eip source (`--from-eip-file` or `--from-eip-url `). You can start menshen from a v3 eip-service file: ``` @@ -126,26 +124,6 @@ go run ./cmd/menshen/main.go --verbose \ --client-cert-url https://api.demo.bitmask.net:4430/3/cert ``` -#### *b) with ca-signed provider endpoints* - -Additional required parameters are `--client-cert-url` and an eip source (`--from-eip-file` or `--from-eip-url `). -You can start menshen from a v3 eip-service file: - -``` -go run ./cmd/menshen/main.go --verbose \ ---from-provider-json-file test/data/provider.json \ ---from-eip-url https://api.demo.bitmask.net/3/config/eip-service.json \ ---client-cert-url https://api.demo.bitmask.net/3/cert -``` - -Alternatively you can start menshen with a eip-service.json from an URL: -``` -go run ./cmd/menshen/main.go --verbose \ ---from-provider-json-file test/data/provider.json \ ---from-eip-file test/data/eip-service.json \ ---client-cert-url https://api.demo.bitmask.net/3/cert -``` - ##### **Note**: Replace `test/data/eip-service.json` and `test/data/provider.json` with the relevant configuration files, as they are just samples. ### by configuring for local cert generation @@ -156,6 +134,7 @@ You can start menshen from a v3 eip-service file: ``` go run ./cmd/menshen/main.go --verbose \ --from-provider-json-file test/data/provider.json \ +--ca-file test/data/ca.crt --from-eip-file test/data/eip-service.json \ --ovpn-ca-crt test/data/ovpn_client_ca.crt \ --ovpn-ca-key test/data/ovpn_client_ca.key diff --git a/test/compose-files/docker-compose-remote-client-cert.yml b/test/compose-files/docker-compose-remote-client-cert.yml deleted file mode 100644 index a8ea081b601f96f8634a223f8e86c69e68ab075c..0000000000000000000000000000000000000000 --- a/test/compose-files/docker-compose-remote-client-cert.yml +++ /dev/null @@ -1,19 +0,0 @@ -services: - menshen: - build: ../../. - entrypoint: ["menshen"] - environment: - - MENSHEN_FROM_EIP_URL=https://api.${PROVIDER:-ft1.bitmask.net}/3/config/eip-service.json - - MENSHEN_CLIENT_CERT_URL=https://api.${PROVIDER:-ft1.bitmask.net}/3/cert - - MENSHEN_FROM_PROVIDER_JSON_FILE=/etc/leap/test/provider.json - - MENSHEN_DB_FILE=/tmp/sqlite.db - - MENSHEN_PORT=8443 - - MENSHEN_ALLOW_GATEWAY_LIST=true - - MENSHEN_ALLOW_BRIDGE_LIST=true - - MENSHEN_AUTO_TLS=false - - MENSHEN_VERBOSE=false - network_mode: host - ports: - - "127.0.0.1:8443:8443/tcp" - volumes: - - "../data:/etc/leap/test"