mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
1,606 Commits 5 Branches 45 Tags 4.4 MiB
C 98.6%
Makefile 1%
Shell 0.4%
Go to file
Joris Vink c78535aa5d Add acmev2 (RFC8555) support to Kore. 
A new acme process is created that communicates with the acme servers.

This process does not hold any of your private keys (no account keys,
no domain keys etc).

Whenever the acme process requires a signed payload it will ask the keymgr
process to do the signing with the relevant keys.

This process is also sandboxed with pledge+unveil on OpenBSD and seccomp
syscall filtering on Linux.

The implementation only supports the tls-alpn-01 challenge. This means that
you do not need to open additional ports on your machine.

http-01 and dns-01 are currently not supported (no wildcard support).

A new configuration option "acme_provider" is available and can be set
to the acme server its directory. By default this will point to the
live letsencrypt environment:
    https://acme-v02.api.letsencrypt.org/directory

The acme process can be controlled via the following config options:
  - acme_root (where the acme process will chroot/chdir into).
  - acme_runas (the user the acme process will run as).

  If none are set, the values from 'root' and 'runas' are taken.

If you want to turn on acme for domains you do it as follows:

domain kore.io {
	acme yes
}

You do not need to specify certkey/certfile anymore, if they are present
still
they will be overwritten by the acme system.

The keymgr will store all certificates and keys under its root
(keymgr_root), the account key is stored as "/account-key.pem" and all
obtained certificates go under "certificates/<domain>/fullchain.pem" while
keys go under "certificates/<domain>/key.pem".

Kore will automatically renew certificates if they will expire in 7 days
or less.
 		2019-11-06 19:43:48 +01:00
conf add missing options. 2019-05-07 19:53:19 +02:00
examples Add acmev2 (RFC8555) support to Kore. 2019-11-06 19:43:48 +01:00
include/kore Add acmev2 (RFC8555) support to Kore. 2019-11-06 19:43:48 +01:00
kodev Add MIMINAL=1 build to kodev. 2019-10-31 09:44:47 +01:00
misc Change the way the linux syscall maps are made. 2019-11-06 11:57:25 +01:00
share/man remove lingering pyko references 2019-05-13 23:23:33 +02:00
src Add acmev2 (RFC8555) support to Kore. 2019-11-06 19:43:48 +01:00
.gitignore Add seccomp syscall filtering to kore. 2019-09-25 14:31:20 +02:00
LICENSE 2019 was here 9 months ago 2019-09-26 16:44:42 +02:00
Makefile Add acmev2 (RFC8555) support to Kore. 2019-11-06 19:43:48 +01:00
README.md nope, changed my mind, drop libressl 2.7.5. 2019-10-28 12:47:51 +01:00
minisign.pub add minisign public key 2018-07-09 07:42:18 +02:00

README.md

About

Kore (https://kore.io) is an easy to use web application platform for writing scalable web APIs in C. Its main goals are security, scalability and allowing rapid development and deployment of such APIs.

Because of this Kore is an ideal candidate for building robust, scalable and secure web things.

Key Features

  • Supports SNI
  • Supports HTTP/1.1
  • Websocket support
  • Privseps by default
  • TLS enabled by default
  • Optional background tasks
  • Built-in parameter validation
  • Optional asynchronous PostgreSQL support
  • Optional support for page handlers in Python
  • Reload private keys and certificates on-the-fly
  • Private keys isolated in separate process (RSA and ECDSA)
  • Default sane TLS ciphersuites (PFS in all major browsers)
  • Modules can be reloaded on-the-fly, even while serving content
  • Worker processes sandboxed on OpenBSD (pledge) and Linux (seccomp)
  • Event driven (epoll/kqueue) architecture with per CPU worker processes
  • Build your web application as a precompiled dynamic library or single binary

And loads more.

License

  • Kore is licensed under the ISC license

Documentation

Read the documentation

Performance

Read the benchmarks blog post.

Platforms supported

  • Linux
  • OpenBSD
  • FreeBSD
  • MacOS

Building Kore

Clone this repository or get the latest release at https://kore.io/releases/3.2.0.

Requirements

  • openssl (1.0.2, 1.1.0 or 1.1.1) (note: libressl 3.0.0+ works as a replacement)

Requirement for asynchronous curl (optional)

  • libcurl

Requirements for background tasks (optional)

  • pthreads

Requirements for pgsql (optional)

  • libpq

Requirements for python (optional)

  • Python 3.6+

Normal compilation and installation:

$ cd kore
$ make
# make install

If you would like to build a specific flavor, you can enable those by setting a shell environment variable before running make.

  • CURL=1 (compiles in asynchronous curl support)
  • TASKS=1 (compiles in task support)
  • PGSQL=1 (compiles in pgsql support)
  • DEBUG=1 (enables use of -d for debug)
  • NOHTTP=1 (compiles Kore without HTTP support)
  • NOOPT=1 (disable compiler optimizations)
  • JSONRPC=1 (compiles in JSONRPC support)
  • PYTHON=1 (compiles in the Python support)

Note that certain build flavors cannot be mixed together and you will just be met with compilation errors.

Example applications

You can find example applications under examples/.

The examples contain a README file with instructions on how to build or use them.

Mailing lists

patches@kore.io - Send patches here, preferably inline.

users@kore.io - Questions regarding kore.

If you want to signup to those mailing lists send an empty email to listname+subscribe@kore.io

Other mailboxes (these are not mailing lists):

security@kore.io - Mail this email if you think you found a security problem.

sponsor@kore.io - If your company would like to sponsor part of Kore development.

More information can be found on https://kore.io/