diff --git a/docs/provider-setup.md b/docs/provider-setup.md index 72f2250..39c3949 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -109,7 +109,7 @@ sudo chmod g+r,o-rwx /usr/lib/csaf/config.toml ``` -**This and the other settings are just examples, please adjust permissions and paths according to your webserver and security needs.** +**This and the other settings are just examples, please adjust permissions and paths according to your webserver and security needs with suitable [replacements](https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_provider.md)** @@ -122,7 +122,7 @@ canonical_url_prefix = "https://localhost:8443" #no_passphrase = true ``` -with suitable [replacements](#provider-options) + **Attention:** You need to properly protect the private keys for the OpenPGP and TLS crypto setup. A few variants are possible @@ -177,32 +177,6 @@ ln -s /etc/nginx/sites-available/{DNSNAME} /etc/nginx/sites-enabled/ ``` Replace {DNSNAME} with a server block file name. -## Provider options -Provider has many config options described as following: - - - password: Authentication password for accessing the CSAF provider. This is - a simple authentication method useful for testing or as additional shareable password in combination with TLS client certificates. - - key: The private OpenPGP key. - - folder: Specify the root folder. Default: `/var/www/`. - - web: Specify the web folder. Default: `/var/www/html`. - - tlps: Set the allowed TLP comming with the upload request (one or more of "csaf", "white", "amber", "green", "red"). - The "csaf" selection lets the provider takes the value from the CSAF document. - These affects the list items in the web interface. - Default: `["csaf", "white", "amber", "green", "red"]`. - - upload_signature: Send signature with the request, an additional input-field in the web interface will be shown to let user enter an ascii armored signature. Default: `false`. - - openpgp_url: URL to OpenPGP key-server. Default: `https://openpgp.circl.lu`. - - canonical_url_prefix: start of the URL where contents shall be accessible from the internet. Default: `https://$SERVER_NAME`. - - no_passphrase: Let user send the passphrase for the OpenPGP key with the request, if set to true the input-field in the web interface will not appear. Default: `false`. - - no_validation: Validate the uploaded CSAF document against the JSON schema. Default: `false`. - - no_web_ui: Disable the web interface. Default: `false`. - - dynamic_provider_metadata: Take the publisher from the CSAF document. Default: `false`. - - provider_metadata: Configure the provider metadata. - - provider_metadata.list_on_CSAF_aggregators: List on aggregators - - provider_metadata.mirror_on_CSAF_aggregators: Mirror on aggregators - - provider_metadata.publisher: Set the publisher. Default: `{"category"= "vendor", "name"= "Example", "namespace"= "https://example.com"}`. - - upload_limit: Set the upload limit size of the file. Default: `50 MiB`. - - issuer: The issuer of the CA, which if set, restricts the writing permission and the accessing to the web-interface to only the client certificates signed with this CA. - ### Security considerations