telebit/examples/WHITELIST.md

1.6 KiB

Custom Telebit Server Setup Guide

There are three components to a telebit configuration:

  1. the telebit relay
  2. the management (authentication) server
  3. (optional) DNS-01 and/or HTTP-01 ACME relay

DNS

  • devices.example.com and *.devices.example.com should have A (and AAAA) records pointing to the tunnel server
    • https://devices.example.com/ is TUNNEL_RELAY_URL
    • devices.example.com is the primary or base domain for the devices telebit-mgmt --domain devices.example.com

All of the devices need to be under the same domain. You are limited by Let's Encrypt to 10-20 certificates per week. We can solve for this in the future if needed - either by adding more domains or by adding devices.example.com to the PSL (the stated reason would be for browser security, NOT for Let's Encrypt limits).

  • Other domains can be pointed to the same server. For example:
    • It would be OKAY to use tunnel.example.com as TUNNEL_RELAY_URL.
    • It would be OKAY to use auth.example.com as AUTH_URL
  • It is fine to have the AUTH_URL on a different server.
  • having multiple tunnel server URLs is NOT supported, but this is a relatively small change to the telebit-mgmt in the future

White Label Builds

go generate -mod vendor ./...

VENDOR_ID="example.com"

CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build \
    -mod=vendor \
    -ldflags="-X 'main.VendorID=$VENDOR_ID'" \
    -o telebit-debug.exe \
    ./cmd/telebit/*.go

CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build \
    -mod=vendor \
    -ldflags "-H windowsgui -X 'main.VendorID=$VENDOR_ID'" \
    -o telebit-windows.exe \
    ./cmd/telebit/*.go