* Add instructions for an internal proxy provider
* Improve example test config
* .. by moving CSAF_CONFIG out of the common fcgiwrap.conf,
so it can more easily be changed in a different context.
* Improve proxy-provider-for-aggregator.md
* Add section to aggregator documentation.
* Fix typos.
* Improve instructions.
* Fix one path
* Complre proxy-provider-for-aggregator.md
* Move example and integration test configuration files to /etc/csaf,
this includes the provider's config.toml as well as the test OpenPGP keys.
This shall make it more compatible with good practices like the FHS.
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
* Add general hints that this example only shows how the components
work together and that a GNU/Linux admin should be consulted for
a secure setup.
* Adjust the scripts that setup a testing instance to use better
permissions as good example.
* Add a section about security considerations.
* Add an OpenPGP test keypair.
* Move script parts of documentation into script, so they can be used on a fresh Ubuntu 20.04 system
for within a github action to setup a csaf_provider and upload documents to it for an integration test.
* Use dineshsonachalam/markdown-autodocs in github action to automatically
insert lines from the scripts into the docs.
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
* Documentation for the "issuer" option of the provider.
* More info of the format of the accepted file
* Print out the value of `SSL_CLIENT_I_DN` also when it is not match the issuer.
* Add a first description of the config options for csaf_provider.
* Change option name from `domain` to `canonical_prefix_url`
to make the usage more intuitively. Use`https` in the default,
if unset.
resolve #32
Co-authored-by: Bernhard E. Reiter <bernhard@intevation.de>
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
* Improve nginx setup to transfer auth information to the fcgiwrap
backend.
* Add instructions for creating client certs for testing.
* Add debug output to see if and which client cert has been used when
calling the csaf_provider.go .
* Add instructions for installing a TLS server certificate on nginx
* Fix link to nginx in README.md
* List all three ways to get a webserver TLS certificate. With some
hints on which to chose for which purpose.
* Do not add CSR instructions, because they can change over time and each CA may
have slightly different requirements.
* Add a hint about setting protocol selection.
* Fix typo in provider-setup.md
