Server Configuration: Difference between revisions

From Bondix Wiki
No edit summary
(Add descriptions and parameters)
 
Line 20: Line 20:
|
|
=== add-environment===
=== add-environment===
Adds an environment. Deprecated, you can directly create environments in the web interface instead.
Adds an environment. Deprecated, you can directly create environments in the web interface instead.  
{| class="wikitable"
{| class="wikitable"
|+Parameters
|+Parameters
|-
|-
|key||A secret string used to authenticate an API request.
|settings||Object with JSON settings for this environment
|-
|name
|Name used for the environment
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": "add-apikey",
    "action": "add-environment",
  "key": "a-secret-key"
    "name": "env123",
  }</nowiki>
    "settings": {
      "tunnelNetwork": "169.254.19.1/24",
      "udpListenerHost": "0.0.0.0",
      "udpListenerPort": "44343",
      "disableTunnelToTunnelTraffic": true
    }
  }
|-
|-
|
|
Line 39: Line 48:
|+Parameters
|+Parameters
|-
|-
|key||A secret string used to authenticate an API request.
|host||Host/IP to be used to for the listener. Use 0.0.0.0 to bind on all interfaces.
|-
|port
|Port used for the listener. Defaults to 80
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": "add-apikey",
    "action": "add-http",
  "key": "a-secret-key"
    "host": "0.0.0.0",
}</nowiki>
    "port": "80"
  }
|-
|-
|
|
=== add-https ===
=== add-https ===
Adds an authentication key to use with the [[Server HTTP Api | HTTP API]].
Adds an encrypted https listener for incoming tunnel connections and web interface access.
{| class="wikitable"
{| class="wikitable"
|+Parameters
|+Parameters
|-
|-
|key||A secret string used to authenticate an API request.
|host||Host/IP to be used to for the listener. Use 0.0.0.0 to bind on all interfaces.
|-
|port
|Port used for the listener. Defaults to 443
|-
|cert
|Certificate file to use in PEM format. If none is supplied, a self signed certificate will be used instead.
|-
|key
|Certifikate key to use in PEM format. If none is supplied, a self signed certificate key will be used instead.
|-
|rootCA
|Specifies a root CA file that should be used in order to authenticate client tunnels using certificates.
|-
|allowTunnel
|Specifies whether to accept incoming tunnel connections.
|-
|allowMonitor
|Specifies whether to enable the web interface on this port.
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": "add-apikey",
    "action": "add-https",
  "key": "a-secret-key"
    "host": "0.0.0.0",
}</nowiki>
    "port": "443",
    "allowMonitor": true
  }
|-
|-
|
|
Line 70: Line 103:
|-
|-
|user||The username
|user||The username
|password||and password
|-
|password
|The password
|}
|}
| style="width: 40%" |
| style="width: 40%" |
Line 83: Line 118:
|
|
=== set-fallback-watchdog ===
=== set-fallback-watchdog ===
Using this command, the server acts as a backup instance. When tunnels are connected, it will probe the specified url in regular intervals. If the probe succeeds, connected tunnels are instructed to connect to the primary server.
{| class="wikitable"
{| class="wikitable"
|+Parameters
|+Parameters
|-
|-
|user||The username
|url||The url used for probing the primary server.
|-
|interval
|The interval in seconds that should be probed
|-
|maxTunnel
|Amount of tunnels that should be disconnected in one go. This is useful to prevent many tunnels reconnecting at the same time to the primary server, causing unintended load spikes.
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": ""
    "action": "set-fallback-watchdog",
}</nowiki>
    "url": "https://10.1.2.3/api/v1/ping",
    "interval": 3000,
    "maxTunnel": 10
  }
|-
|-


|
|
=== slow-shutdown ===
=== slow-shutdown ===
Starts slow shutdown. This will disconnect all tunnels individually and tell them to connect to a different (backup) server.
{| class="wikitable"
{| class="wikitable"
|+Parameters
|+Parameters
|-
|-
|user||The username
| ||
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": ""
    "action": "slow-shutdown"
}</nowiki>
  }
|-
|-


|
|
=== set-password-authentication ===
=== set-password-authentication ===
Sets a global flag enabling or disabling password based authentication. When disabled, only certificate authentication is possible.
{| class="wikitable"
{| class="wikitable"
|+Parameters
|+Parameters
|-
|-
|user||The username
|enabled||true or false
|}
|}
| style="width: 40%" |
| style="width: 40%" |
  <nowiki>{
  {
  "target": "server",  
    "target": "server",  
  "action": ""
    "action": "set-password-authentication",
}</nowiki>
    "enabled": true
|-
  }
 
|
=== set-web-login ===
{| class="wikitable"
|+Parameters
|-
|user||The username
|}
| style="width: 40%" |
<nowiki>{
  "target": "server",  
  "action": ""
}</nowiki>
|-
 
|
=== enable-demo ===
{| class="wikitable"
|+Parameters
|-
|user||The username
|}
| style="width: 40%" |
<nowiki>{
  "target": "server",
  "action": ""
}</nowiki>
 
|}
|}



Latest revision as of 13:45, 6 February 2023

Server Commands

add-apikey

Adds an authentication key to use with the HTTP API.

Parameters
key A secret string used to authenticate an API request.
{
   "target": "server", 
   "action": "add-apikey",
   "key": "a-secret-key"
 }

add-environment

Adds an environment. Deprecated, you can directly create environments in the web interface instead.

Parameters
settings Object with JSON settings for this environment
name Name used for the environment
{
   "target": "server", 
   "action": "add-environment",
   "name": "env123",
   "settings": {
     "tunnelNetwork": "169.254.19.1/24",
     "udpListenerHost": "0.0.0.0",
     "udpListenerPort": "44343",
      "disableTunnelToTunnelTraffic": true
    }
}

add-http

Adds an unencrypted http listener for web interface access.

Parameters
host Host/IP to be used to for the listener. Use 0.0.0.0 to bind on all interfaces.
port Port used for the listener. Defaults to 80
{
   "target": "server", 
   "action": "add-http",
   "host": "0.0.0.0",
   "port": "80"
 }

add-https

Adds an encrypted https listener for incoming tunnel connections and web interface access.

Parameters
host Host/IP to be used to for the listener. Use 0.0.0.0 to bind on all interfaces.
port Port used for the listener. Defaults to 443
cert Certificate file to use in PEM format. If none is supplied, a self signed certificate will be used instead.
key Certifikate key to use in PEM format. If none is supplied, a self signed certificate key will be used instead.
rootCA Specifies a root CA file that should be used in order to authenticate client tunnels using certificates.
allowTunnel Specifies whether to accept incoming tunnel connections.
allowMonitor Specifies whether to enable the web interface on this port.
{
   "target": "server", 
   "action": "add-https",
   "host": "0.0.0.0",
   "port": "443",
   "allowMonitor": true
 }

add-user

Adds an user/password pair that can be used to log into the server's web interface.

Parameters
user The username
password The password
{
   "target": "server", 
   "action": "add-user",
   "user": "admin",
   "password": "bad password"
 }

set-fallback-watchdog

Using this command, the server acts as a backup instance. When tunnels are connected, it will probe the specified url in regular intervals. If the probe succeeds, connected tunnels are instructed to connect to the primary server.

Parameters
url The url used for probing the primary server.
interval The interval in seconds that should be probed
maxTunnel Amount of tunnels that should be disconnected in one go. This is useful to prevent many tunnels reconnecting at the same time to the primary server, causing unintended load spikes.
{
   "target": "server", 
   "action": "set-fallback-watchdog",
   "url": "https://10.1.2.3/api/v1/ping",
   "interval": 3000,
   "maxTunnel": 10
 }

slow-shutdown

Starts slow shutdown. This will disconnect all tunnels individually and tell them to connect to a different (backup) server.

Parameters
{
   "target": "server", 
   "action": "slow-shutdown"
 }

set-password-authentication

Sets a global flag enabling or disabling password based authentication. When disabled, only certificate authentication is possible.

Parameters
enabled true or false
{
   "target": "server", 
   "action": "set-password-authentication",
   "enabled": true
 }


System Commands

shutdown

Shuts down the client and terminates.

{
   "target": "system", 
   "action": "shutdown"
 }

set-log

Enables logging to file or changes output file.

Parameters
file The filename that the log should be written to. Required.
fileMode can be append or overwrite. Required.
{
   "target": "system", 
   "action": "set-log", 
   "file": "/var/log/saneclient.log", 
   "fileMode": "append"
 }

set-script-path

Changes the directory that points towards the client scripts. (/opt/bondix/client/scripts by default)

Parameters
path Path to the new bondix script directory.
{
   "target": "system", 
   "action": "set-script-path", 
   "path": "/etc/bondix/scripts"
 }

set-webinterface

Enables the integrated webserver & debug webinterface.

Parameters
host IP that the service should listen on. Required.
port TCP Port that the service should listen on. Required.
allowConfig En- or disables web configuration. Not required, enabled by default.
allowMonitor En- or disables web monitor. Not required, enabled by default.
configApiKey The password required to access configuration & monitor. Not required, "123456" by default.
webroot Web root directory. Points to the "www" subdirectory in installation directory. Not required, changing not advised.
{
   "target": "system", 
   "action": "set-webinterface", 
   "host": "0.0.0.0", 
   "port": "80",
   "allowConfig": false, 
   "allowMonitor": true, 
   "configApiKey": "123456", 
   "webroot": "/tmp/"
 }