Merge branch 'main' into client-certificate

docs/provider-setup.md

@@ -7,19 +7,22 @@ The following instructions are for an Debian 11 server setup.
 ```(shell)
 apt-get install nginx fcgiwrap
 cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf
+```
+Check if the CGI server and the fcgiwrap Socket active (running):
+```bash
 systemctl status fcgiwrap.service
 systemctl status fcgiwrap.socket
 systemctl is-enabled fcgiwrap.service
 systemctl is-enabled fcgiwrap.socket
 ```
-
+Change the group ownership and the permissions of `/var/www`:
 ```(shell)
 cd /var/www
 chgrp -R www-data .
 chmod -R g+w .
 ```
 
-Content of `/etc/nginx/fcgiwrap.conf`
+Modify the content of `/etc/nginx/fcgiwrap.conf` like following:
 
 ```
 # Include this file on your nginx.conf to support debian cgi-bin scripts using
@@ -57,9 +60,10 @@ Add to `/etc/nginx/sites-enabled/default`:
 
 ```
 server {
-
     root /var/www/html;
 
+      # Other config
+      # ...
     location / {
         # Other config
         # ...
@@ -78,8 +82,10 @@ server {
 ```
 Reload nginx to apply the changes (e.g. ```systemctl reload nginx``` on Debian or Ubuntu).
 
-Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`.
-Make sure `/usr/lib/cgi-bin/` exists.
+Create `cgi-bin` folder if not exists `mkdir -p /usr/lib/cgi-bin/`.
+
+Rename and place the `csaf_provider` binary file under `/usr/lib/cgi-bin/csaf_provider.go`.
+
 
 Create configuration file under `/usr/lib/csaf/config.toml`:
 
@@ -88,15 +94,41 @@ Create configuration file under `/usr/lib/csaf/config.toml`:
 # key = "/usr/lib/csaf/public.asc"
 key = "/usr/lib/csaf/private.asc"
 #tlps = ["green", "red"]
-domain = "http://192.168.56.102"
+canonical_url_prefix = "http://192.168.56.102"
 #no_passphrase = true
 ```
 with suitable replacements
 (This configurations-example assumes that the private/public keys are available under `/usr/lib/csaf/`).
 
 
+with suitable [replacements](#provider-options).
 
 Create the folders:
 ```(shell)
 curl http://192.168.56.102/cgi-bin/csaf_provider.go/create
 ```
+Or using the uploader:
+```(shell)
+./csaf_uploader -a create -u http://192.168.56.102/cgi-bin/csaf_provider.go
+```
+
+## Provider options
+Provider has many config options described as following:
+
+ - password: Authentication password for accessing the CSAF provider.
+ - key: The private OpenPGP key.
+ - folder: Specify the root folder. Default: `/var/www/`.
+ - web: Specify the web folder. Default: `/var/www/html`.
+ - tlps: Set the allowed TLP comming with the upload request (one or more of "csaf", "white", "amber", "green", "red").             
+   The "csaf" selection lets the provider takes the value from the CSAF document.         
+   These affects the list items in the web interface.      
+   Default: `["csaf", "white", "amber", "green", "red"]`.
+ - upload_signature: Send signature with the request, an additional input-field in the web interface will be shown to let user enter an ascii armored signature. Default: `false`.
+ - openpgp_url: URL to OpenPGP key-server. Default: `https://openpgp.circl.lu`.
+ - canonical_url_prefix: start of the URL where contents shall be accessible from the internet. Default: `https://$SERVER_NAME`.
+ - no_passphrase: Let user send password with the request, if set to true the input-field in the web interface will be disappeared. Default: `false`.
+ - no_validation: Validate the uploaded CSAF document against the JSON schema. Default: `false`.
+ - no_web_ui: Disable the web interface. Default: `false`.
+ - dynamic_provider_metadata: Take the publisher from the CSAF document. Default: `false`.
+ - publisher: Set the publisher. Default: `{"category"= "vendor", "name"= "Example", "namespace"= "https://example.com"}`.
+ - upload_limit: Set the upload limit  size of the file. Default: `50 MiB`.