|
|
|
@ -21,63 +21,83 @@ A statically compiled binary will be placed in the `result` directory. |
|
|
|
|
|
|
|
|
|
|
|
## Configuration |
|
|
|
## Configuration |
|
|
|
|
|
|
|
|
|
|
|
Domani is configured via command-line arguments or environment variables: |
|
|
|
Domani is configured via a YAML file whose path is given on the command-line. |
|
|
|
|
|
|
|
The format of the YAML file, along with all default values, is as follows: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
```yaml |
|
|
|
--http-domain <HTTP_DOMAIN> |
|
|
|
origin: |
|
|
|
[env: DOMANI_HTTP_DOMAIN=] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--http-listen-addr <HTTP_LISTEN_ADDR> |
|
|
|
# Path under which all origin data (i.e. git repositories, file caches, |
|
|
|
[env: DOMANI_HTTP_LISTEN_ADDR=] [default: [::]:3030] |
|
|
|
# etc...) will be stored. |
|
|
|
|
|
|
|
# |
|
|
|
|
|
|
|
# This should be different than any other store_dir_paths. |
|
|
|
|
|
|
|
store_dir_path: REQUIRED |
|
|
|
|
|
|
|
|
|
|
|
--https-listen-addr <HTTPS_LISTEN_ADDR> |
|
|
|
domain: |
|
|
|
E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt [env: DOMANI_HTTPS_LISTEN_ADDR=] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--passphrase <PASSPHRASE> |
|
|
|
# Path under which all domain data (i.e. domains configured by users, HTTPS |
|
|
|
[env: DOMANI_PASSPHRASE=] |
|
|
|
# certificates, etc...) will be stored. |
|
|
|
|
|
|
|
# |
|
|
|
|
|
|
|
# This should be different than any other store_dir_paths. |
|
|
|
|
|
|
|
store_dir_path: REQUIRED |
|
|
|
|
|
|
|
|
|
|
|
--origin-store-git-dir-path <ORIGIN_STORE_GIT_DIR_PATH> |
|
|
|
#dns: |
|
|
|
[env: DOMANI_ORIGIN_STORE_GIT_DIR_PATH=] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--domain-checker-target-a <DOMAIN_CHECKER_TARGET_A> |
|
|
|
# Address of DNS resolver to use. |
|
|
|
[env: DOMANI_DOMAIN_CHECKER_TARGET_A=] |
|
|
|
#resolver_addr: "1.1.1.1:53" |
|
|
|
|
|
|
|
|
|
|
|
--domain-checker-resolver-addr <DOMAIN_CHECKER_RESOLVER_ADDR> |
|
|
|
#acme: |
|
|
|
[env: DOMANI_DOMAIN_CHECKER_RESOLVER_ADDR=] [default: 1.1.1.1:53] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--domain-config-store-dir-path <DOMAIN_CONFIG_STORE_DIR_PATH> |
|
|
|
# Contact email to use when creating HTTPS certificates using LetsEncrypt. |
|
|
|
[env: DOMANI_DOMAIN_CONFIG_STORE_DIR_PATH=] |
|
|
|
# This email will be used for notifying you if certificates are not being |
|
|
|
|
|
|
|
# renewed. |
|
|
|
|
|
|
|
#contact_email: REQUIRED if service.http.https_addr is set |
|
|
|
|
|
|
|
|
|
|
|
--domain-acme-store-dir-path <DOMAIN_ACME_STORE_DIR_PATH> |
|
|
|
service: |
|
|
|
[env: DOMANI_DOMAIN_ACME_STORE_DIR_PATH=] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--domain-acme-contact-email <DOMAIN_ACME_CONTACT_EMAIL> |
|
|
|
# Passphrase which must be given by users who are configuring new domains via |
|
|
|
[env: DOMANI_DOMAIN_ACME_CONTACT_EMAIL=] |
|
|
|
# the web interface. |
|
|
|
|
|
|
|
passphrase: foobar |
|
|
|
|
|
|
|
|
|
|
|
-h, --help |
|
|
|
# DNS records which users must add to their domain's DNS so that |
|
|
|
Print help |
|
|
|
# Domani can serve the domains. All records given must route to this Domani |
|
|
|
|
|
|
|
# instance. At least one record must be given. |
|
|
|
|
|
|
|
dns_records: |
|
|
|
|
|
|
|
#- type: A |
|
|
|
|
|
|
|
# addr: 127.0.0.1 |
|
|
|
|
|
|
|
|
|
|
|
-V, --version |
|
|
|
# The domain name which will be used to serve the web interface of Domani. If |
|
|
|
Print version |
|
|
|
# service.http.https_addr is enabled then an HTTPS certificate for this domain |
|
|
|
``` |
|
|
|
# will be retrieved automatically. |
|
|
|
|
|
|
|
# primary_domain: "localhost" |
|
|
|
|
|
|
|
|
|
|
|
### HTTPS Support |
|
|
|
#http: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The address to listen for HTTP requests on. This must use port 80 if |
|
|
|
|
|
|
|
# https_addr is set. |
|
|
|
|
|
|
|
#http_addr: "[::]:3030" |
|
|
|
|
|
|
|
|
|
|
|
Domani will automatically handle setting up HTTPS via LetsEncrypt for both the |
|
|
|
# The address to listen for HTTPS requests on. This is optional. |
|
|
|
domani frontend site and all domains which it has been configured to serve. |
|
|
|
#https_addr: "[::]:443" |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
By default HTTPS is not enabled, but can be easily enabled by setting the |
|
|
|
The YAML config file can be passed to the Domani process via the `--config-path` |
|
|
|
following arguments: |
|
|
|
CLI parameter: |
|
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
``` |
|
|
|
--https-listen-addr='[::]:443' |
|
|
|
domani --config-path <path> |
|
|
|
--domain-acme-contact-email='foo@example.com' |
|
|
|
|
|
|
|
--domain-acme-store-dir-path='/some/secure/directory' |
|
|
|
|
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
The contact email can be anything, it doesn't have to be real. The store |
|
|
|
### HTTPS Support |
|
|
|
directory will have all SSL private keys written to it, and so should be |
|
|
|
|
|
|
|
secured as best as possible. |
|
|
|
By default HTTPS is not enabled, but can be enabled by setting the |
|
|
|
|
|
|
|
`service.http.https_addr` field in the YAML config. There are a few other fields |
|
|
|
|
|
|
|
in the configuration file which must be correctly configured if HTTPS is set up, |
|
|
|
|
|
|
|
please read through the example file above carefully. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Once HTTPS is enabled, Domani will automatically handle setting it up via |
|
|
|
|
|
|
|
LetsEncrypt for both the Domani web interface and all domains which it is |
|
|
|
|
|
|
|
configured to serve. |
|
|
|
|
|
|
|
|
|
|
|
## Development |
|
|
|
## Development |
|
|
|
|
|
|
|
|
|
|
|
|
Brian Picciano
12 months ago