document options

This commit is contained in:
AJ ONeal 2018-05-25 09:02:04 +00:00
parent ce70c75378
commit 194d8bcf20
4 changed files with 68 additions and 36 deletions

View File

@ -26,9 +26,11 @@ Mac & Linux
Open Terminal and run this install script: Open Terminal and run this install script:
```bash ```bash
curl -fsS https://get.telebit.cloud/ | bash curl -fsSL https://get.telebit.cloud/relay | bash
``` ```
Of course, feel free to inspect the install script before you run it.
This will install Telebit Relay to `/opt/telebitd` and This will install Telebit Relay to `/opt/telebitd` and
put a symlink to `/opt/telebitd/bin/telebitd` in `/usr/local/bin/telebitd` put a symlink to `/opt/telebitd/bin/telebitd` in `/usr/local/bin/telebitd`
for convenience. for convenience.
@ -36,14 +38,20 @@ for convenience.
You can customize the installation: You can customize the installation:
```bash ```bash
export NODEJS_VER=v8.11.2 export NODEJS_VER=v10.2
export TELEBITD_PATH=/opt/telebitd export TELEBITD_PATH=/opt/telebitd
curl -fsS https://get.telebit.cloud/ | bash curl -fsSL https://get.telebit.cloud/relay
``` ```
This will change which version of node.js is bundled with Telebit Relay That will change the bundled version of node.js is bundled with Telebit Relay
and the path to which Telebit Relay installs. and the path to which Telebit Relay installs.
You can get rid of the tos + email and server domain name prompts by providing them right away:
```bash
curl -fsSL https://get.telebit.cloud/relay | bash -- jon@example.com telebit.example.com
```
Windows & Node.js Windows & Node.js
----------------- -----------------
@ -55,22 +63,6 @@ Windows & Node.js
There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebitd to crash. There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebitd to crash.
Service Install
===
TODO automate this:
`./dist/etc/systemd/system/telebitd.service` should be copied to `/etc/systemd/system/telebitd.service`.
The user and group `telebit` should be created.
**Privileged Ports without sudo**:
```bash
# Linux
sudo setcap 'cap_net_bind_service=+ep' $(which node)
```
Usage Usage
==== ====
@ -82,13 +74,20 @@ Options
`/etc/telebit/telebitd.yml:` `/etc/telebit/telebitd.yml:`
``` ```
servernames: email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant but non-critical updates
telemetry: true # contribute to project telemetric data
secret: '' # JWT authorization secret. Generate like so:
# node -e "console.log(crypto.randomBytes(16).toString('hex'))"
servernames: # hostnames that direct to the Telebit Relay admin console
- telebit.example.com - telebit.example.com
- telebit.example.net - telebit.example.net
email: 'jon@example.com' vhost: /srv/www/:hostname # securely serve local sites from this path (or false)
agree_tos: true # (uses template string, i.e. /var/www/:hostname/public)
community_member: true greenlock:
secret: 'xxxyyyzzzaaabbbccc' store: le-store-certbot # certificate storage plugin
config_dir: /etc/acme # directory for ssl certificates
``` ```
Security Security
@ -112,8 +111,11 @@ Why?
We created this for anyone to use on their own server or VPS, We created this for anyone to use on their own server or VPS,
but those generally cost $5 - $20 / month and so it's probably but those generally cost $5 - $20 / month and so it's probably
cheaper to purchase data transfer (which we supply, obviously), cheaper to purchase data transfer, which is only $1/month for
which is only $1/month for most people. most people.
In keeping with our no lock-in policy, we release a version of
the server for anyone to use independently.
TODO show how to do on TODO show how to do on
@ -121,4 +123,18 @@ TODO show how to do on
* Heroku (zero cost) * Heroku (zero cost)
* Chunk Host (best deal per TB/month) * Chunk Host (best deal per TB/month)
Useful Tidbits
===
## As a systemd service
`./dist/etc/systemd/system/telebitd.service` should be copied to `/etc/systemd/system/telebitd.service`.
The user and group `telebit` should be created.
## Use privileged ports without sudo
```bash
# Linux
sudo setcap 'cap_net_bind_service=+ep' $(which node)
```

View File

@ -1,8 +1,12 @@
email: 'jon@example.com' email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true community_member: true # receive infrequent relevant updates
servernames: [] telemetry: true # contribute to project telemetric data
vhost: /srv/www/:hostname servernames: # hostnames that direct to the Telebit Relay admin console
- telebit.example.com
- telebit.example.net
vhost: /srv/www/:hostname # load secure websites at this path (uses template string, i.e. /var/www/:hostname/public)
greenlock: greenlock:
store: le-store-certbot store: le-store-certbot # certificate storage plugin
config_dir: /opt/telebitd/acme config_dir: /etc/acme # directory for ssl certificates
secret: '' # generate with node -e "console.log(crypto.randomBytes(16).toString('hex'))"

View File

@ -1,5 +1,6 @@
agree_tos: true agree_tos: true
community_member: true community_member: true
telemetry: true
vhost: /srv/www/:hostname vhost: /srv/www/:hostname
greenlock: greenlock:
store: le-store-certbot store: le-store-certbot

View File

@ -65,6 +65,7 @@ echo ""
echo "" echo ""
my_email=${1:-} my_email=${1:-}
my_servername=${2:-}
my_secret="" my_secret=""
my_user="telebit" my_user="telebit"
my_app="telebitd" my_app="telebitd"
@ -82,9 +83,17 @@ if [ -z "${my_email}" ]; then
echo "" echo ""
read -p "email: " my_email read -p "email: " my_email
echo "" echo ""
sleep 2
fi fi
if [ -z "${my_servername}" ]; then
echo "What is the domain of this server (for admin interface)?"
echo ""
read -p "domain (ex: telebit.example.com): " my_servername
echo ""
fi
sleep 2
if [ -z "${TELEBITD_PATH:-}" ]; then if [ -z "${TELEBITD_PATH:-}" ]; then
echo 'TELEBITD_PATH="'${TELEBITD_PATH:-}'"' echo 'TELEBITD_PATH="'${TELEBITD_PATH:-}'"'
TELEBITD_PATH=/opt/$my_app TELEBITD_PATH=/opt/$my_app
@ -94,7 +103,8 @@ echo "Installing $my_name to '$TELEBITD_PATH'"
echo "Installing node.js dependencies into $TELEBITD_PATH" echo "Installing node.js dependencies into $TELEBITD_PATH"
# v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds" # v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
export NODEJS_VER="v10" NODEJS_VER="${NODEJS_VER:-v10}"
export NODEJS_VER
export NODE_PATH="$TELEBITD_PATH/lib/node_modules" export NODE_PATH="$TELEBITD_PATH/lib/node_modules"
export NPM_CONFIG_PREFIX="$TELEBITD_PATH" export NPM_CONFIG_PREFIX="$TELEBITD_PATH"
export PATH="$TELEBITD_PATH/bin:$PATH" export PATH="$TELEBITD_PATH/bin:$PATH"
@ -167,6 +177,7 @@ if [ ! -f "/etc/$my_user/$my_app.yml" ]; then
#echo "sudo rsync -a examples/$my_app.yml /etc/$my_user/$my_app.yml" #echo "sudo rsync -a examples/$my_app.yml /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'email: $my_email' >> /etc/$my_user/$my_app.yml" sudo bash -c "echo 'email: $my_email' >> /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'secret: $my_secret' >> /etc/$my_user/$my_app.yml" sudo bash -c "echo 'secret: $my_secret' >> /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'servernames: [ $my_servername ]' >> /etc/$my_user/$my_app.yml"
sudo bash -c "cat examples/$my_app.yml.tpl >> /etc/$my_user/$my_app.yml" sudo bash -c "cat examples/$my_app.yml.tpl >> /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'servernames: []' >> /etc/$my_user/$my_app.yml" sudo bash -c "echo 'servernames: []' >> /etc/$my_user/$my_app.yml"
fi fi