mirror of https://github.com/perkeep/perkeep.git
620388bd57
In order to use HTTPS, one must have a certificate, and one must have a domain name for which the certificate is valid. The first part is solved by the use of Let's Encrypt. For the second part, we want to provide to any Camlistore instance a name such as <gpgKeyId>.camlistore.net, where gpgKeyId is the fingerprint of its GPG key. The DNS for camlistore.net agrees to add a record for that name if and only if the Camlistore instance can prove it owns the GPG key, as well as the IP address bound to that name in the DNS record. A protocol such as the above is already implemented in pkg/gpgchallenge. This CL: - uses the client-side of the gpgchallenge protocol in camlistored, so that it can claim a hostname in camlistore.net on startup (and then use that hostname when requesting a certificate from Let's Encrypt). - adds the configuration parameter "CamliNetIP" for the high-level config. This parameter specifies the IP address that camlistored will supply during the gpgpchallenge, so it can prove to the DNS server that we own this address. Fixes #722 Change-Id: I6bf4ec149b6dffd0ae93a6fa7bf208b2e8a05445 |
||
|---|---|---|
| .. | ||
| config.go | ||