Jonathan Cobb
4 년 전
1개의 변경된 파일과 17개의 추가작업 그리고 12개의 파일을 삭제
분할 보기
Diff Options
-
+17 -12README.md
+ 17
- 12
README.md
파일 보기
| @@ -37,18 +37,29 @@ If you want to build from source: | |||
| # Installation | |||
| There are a few steps to installation: | |||
| * Generate the flex-router password | |||
| * Create an SSH key pair | |||
| * Create an auth token file | |||
| * Create an SSH key pair | |||
| * Install system service | |||
| ## Generate the bubble-flexrouter password | |||
| During installation, choose a password for the service. It should be random and at least 30 characters long. | |||
| Store this password in securely someplace where the Bubble app can read it. Ideally this is *not* on the filesystem, | |||
| Bcrypt the password (use 12 rounds). | |||
| Store the plaintext (not bcrypted) password securely someplace where the Bubble app can read it. It will need | |||
| this password to register and unregister the router with the Bubble. Ideally this is *not* on the filesystem, | |||
| but in some internal app storage mechanism, since it will be stored in plaintext. | |||
| Bcrypt the password (use 12 rounds) and store the bcrypted value in a file. This file should only be readable by | |||
| the bubble-flexrouter system service. | |||
| Store the bcrypted value securely somewhere someplace where only the bubble-flexrouter service can read it. | |||
| If you store the bcrypted value in a file, ensure that only the bubble-flexrouter service can read the file. | |||
| ## Create an auth token file | |||
| bubble-flexrouter uses an auth token to secure its connection to a Bubble. | |||
| During installation, generate a random token. This token must be at least 50 characters long. | |||
| Store the token securely somewhere someplace where only the bubble-flexrouter service can read it. | |||
| If you store the token in a file, ensure that only the bubble-flexrouter service can read the file. | |||
| ## Create an SSH key pair | |||
| During installation, generate an RSA key pair: | |||
| @@ -60,12 +71,6 @@ In the above, `/some/secure/location` should be a path that is only readable by | |||
| When this step is done, `/some/secure/location` should be the path to the SSH private key and | |||
| `/some/secure/location.pub` should be the path to the SSH public key. | |||
| ## Create an auth token file | |||
| bubble-flexrouter uses an auth token to secure its connection to a Bubble. | |||
| During installation, write a random token to a file. This token must be at least 50 characters long. | |||
| After writing the file, ensure that it is only readable by the bubble-flexrouter service. | |||
| ## Install system service | |||
| Install bubble-flexrouter as a system service (Windows Service or Mac OS launch daemon) during Bubble app installation. | |||
| @@ -77,8 +82,8 @@ system routing table. This usually means Administrator (on Windows) or root (on | |||
| The service requires some environment variables to be set: | |||
| * `BUBBLE_FR_SSH_KEY` - full path to the *private* SSH key | |||
| * `BUBBLE_FR_PASS` - full path to the bcrypted password file | |||
| * `BUBBLE_FR_TOKEN` - full path to the auth token file | |||
| * `BUBBLE_FR_PASS` - full path to the bcrypted password file, or the actual bcrypted password prefixed with `@` | |||
| * `BUBBLE_FR_TOKEN` - full path to the auth token file, or the actual token prefixed with `@` | |||
| Run the service with these environment variables set. | |||