1
0
mirror of https://git.kore.io/kore.git synced 2024-11-11 04:39:00 +01:00
Commit Graph

7 Commits

Author SHA1 Message Date
Frederic Cambus
28ea1b3c7e Add missing tests for SYS_mmap, fixes the build on arm. 2020-09-17 17:41:00 +02:00
Joris Vink
0b659807bf more missing syscalls on aarch64 2020-07-14 15:47:58 +02:00
Joris Vink
6ba56bb8f6 adjust copyright years 2020-02-10 15:35:41 +01:00
Joris Vink
9d0aef0079 bump copyright 2020-02-10 14:47:33 +01:00
Joris Vink
445163f7c5 Add support for setting an email for ACME.
Can be configured via the acme_email configuration option.

eg:

	acme_email john@example.com
2020-01-13 11:00:40 +01:00
Joris Vink
b3b5aa37b7 Allow acme config via python api 2019-11-13 23:01:24 +01:00
Joris Vink
c78535aa5d Add acmev2 (RFC8555) support to Kore.
A new acme process is created that communicates with the acme servers.

This process does not hold any of your private keys (no account keys,
no domain keys etc).

Whenever the acme process requires a signed payload it will ask the keymgr
process to do the signing with the relevant keys.

This process is also sandboxed with pledge+unveil on OpenBSD and seccomp
syscall filtering on Linux.

The implementation only supports the tls-alpn-01 challenge. This means that
you do not need to open additional ports on your machine.

http-01 and dns-01 are currently not supported (no wildcard support).

A new configuration option "acme_provider" is available and can be set
to the acme server its directory. By default this will point to the
live letsencrypt environment:
    https://acme-v02.api.letsencrypt.org/directory

The acme process can be controlled via the following config options:
  - acme_root (where the acme process will chroot/chdir into).
  - acme_runas (the user the acme process will run as).

  If none are set, the values from 'root' and 'runas' are taken.

If you want to turn on acme for domains you do it as follows:

domain kore.io {
	acme yes
}

You do not need to specify certkey/certfile anymore, if they are present
still
they will be overwritten by the acme system.

The keymgr will store all certificates and keys under its root
(keymgr_root), the account key is stored as "/account-key.pem" and all
obtained certificates go under "certificates/<domain>/fullchain.pem" while
keys go under "certificates/<domain>/key.pem".

Kore will automatically renew certificates if they will expire in 7 days
or less.
2019-11-06 19:43:48 +01:00