document options

2018-05-25 09:02:04 +00:00 · 2018-05-25 09:02:04 +00:00 · 194d8bcf20
parent ce70c75378
commit 194d8bcf20
4 changed files with 68 additions and 36 deletions
--- a/README.md
+++ b/README.md
@ -26,9 +26,11 @@ Mac & Linux
 Open Terminal and run this install script:

 ```bash
-curl -fsS https://get.telebit.cloud/ | bash
+curl -fsSL https://get.telebit.cloud/relay | bash
 ```

+Of course, feel free to inspect the install script before you run it.
+
 This will install Telebit Relay to `/opt/telebitd` and
 put a symlink to `/opt/telebitd/bin/telebitd` in `/usr/local/bin/telebitd`
 for convenience.
@ -36,14 +38,20 @@ for convenience.
 You can customize the installation:

 ```bash
-export NODEJS_VER=v8.11.2
+export NODEJS_VER=v10.2
 export TELEBITD_PATH=/opt/telebitd
-curl -fsS https://get.telebit.cloud/ | bash
+curl -fsSL https://get.telebit.cloud/relay
 ```

-This will change which version of node.js is bundled with Telebit Relay
+That will change the bundled version of node.js is bundled with Telebit Relay
 and the path to which Telebit Relay installs.

+You can get rid of the tos + email and server domain name prompts by providing them right away:
+
+```bash
+curl -fsSL https://get.telebit.cloud/relay | bash -- jon@example.com telebit.example.com
+```
+
 Windows & Node.js
 -----------------

@ -55,22 +63,6 @@ Windows & Node.js

 There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebitd to crash.

-Service Install
-===
-
-TODO automate this:
-
-`./dist/etc/systemd/system/telebitd.service` should be copied to `/etc/systemd/system/telebitd.service`.
-
-The user and group `telebit` should be created.
-
-**Privileged Ports without sudo**:
-
-```bash
-# Linux
-sudo setcap 'cap_net_bind_service=+ep' $(which node)
-```
-
 Usage
 ====

@ -82,13 +74,20 @@ Options

 `/etc/telebit/telebitd.yml:`
 ```
-servernames:
+email: 'jon@example.com'   # must be valid (for certificate recovery and security alerts)
+agree_tos: true            # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
+community_member: true     # receive infrequent relevant but non-critical updates
+telemetry: true            # contribute to project telemetric data
+secret: ''                 # JWT authorization secret. Generate like so:
+                           # node -e "console.log(crypto.randomBytes(16).toString('hex'))"
+servernames:               # hostnames that direct to the Telebit Relay admin console
  - telebit.example.com
  - telebit.example.net
-email: 'jon@example.com'
-agree_tos: true
-community_member: true
-secret: 'xxxyyyzzzaaabbbccc'
+vhost: /srv/www/:hostname  # securely serve local sites from this path (or false)
+                           # (uses template string, i.e. /var/www/:hostname/public)
+greenlock:
+  store: le-store-certbot  # certificate storage plugin
+  config_dir: /etc/acme    # directory for ssl certificates
 ```

 Security
@ -112,8 +111,11 @@ Why?

 We created this for anyone to use on their own server or VPS,
 but those generally cost $5 - $20 / month and so it's probably
-cheaper to purchase data transfer (which we supply, obviously),
-which is only $1/month for most people.
+cheaper to purchase data transfer, which is only $1/month for
+most people.
+
+In keeping with our no lock-in policy, we release a version of
+the server for anyone to use independently.

 TODO show how to do on 

@ -121,4 +123,18 @@ TODO show how to do on
 	* Heroku (zero cost)
 	* Chunk Host (best deal per TB/month)

+Useful Tidbits
+===

+## As a systemd service
+
+`./dist/etc/systemd/system/telebitd.service` should be copied to `/etc/systemd/system/telebitd.service`.
+
+The user and group `telebit` should be created.
+
+## Use privileged ports without sudo
+
+```bash
+# Linux
+sudo setcap 'cap_net_bind_service=+ep' $(which node)
+```
--- a/examples/telebitd.yml
+++ b/examples/telebitd.yml
@ -1,8 +1,12 @@
-email: 'jon@example.com'
-agree_tos: true
-community_member: true
-servernames: []
-vhost: /srv/www/:hostname
+email: 'jon@example.com'   # must be valid (for certificate recovery and security alerts)
+agree_tos: true	           # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
+community_member: true     # receive infrequent relevant updates
+telemetry: true            # contribute to project telemetric data
+servernames:               # hostnames that direct to the Telebit Relay admin console
+  - telebit.example.com
+  - telebit.example.net
+vhost: /srv/www/:hostname  # load secure websites at this path (uses template string, i.e. /var/www/:hostname/public)
 greenlock:
-  store: le-store-certbot
-  config_dir: /opt/telebitd/acme
+  store: le-store-certbot  # certificate storage plugin
+  config_dir: /etc/acme    # directory for ssl certificates
+secret: ''                 # generate with node -e "console.log(crypto.randomBytes(16).toString('hex'))"
--- a/examples/telebitd.yml.tpl
+++ b/examples/telebitd.yml.tpl
@ -1,5 +1,6 @@
 agree_tos: true
 community_member: true
+telemetry: true
 vhost: /srv/www/:hostname
 greenlock:
  store: le-store-certbot
--- a/installer/get.sh
+++ b/installer/get.sh
@ -65,6 +65,7 @@ echo ""
 echo ""

 my_email=${1:-}
+my_servername=${2:-}
 my_secret=""
 my_user="telebit"
 my_app="telebitd"
@ -82,9 +83,17 @@ if [ -z "${my_email}" ]; then
  echo ""
  read -p "email: " my_email
  echo ""
-  sleep 2
 fi

+if [ -z "${my_servername}" ]; then
+  echo "What is the domain of this server (for admin interface)?"
+  echo ""
+  read -p "domain (ex: telebit.example.com): " my_servername
+  echo ""
+fi
+sleep 2
+
+
 if [ -z "${TELEBITD_PATH:-}" ]; then
  echo 'TELEBITD_PATH="'${TELEBITD_PATH:-}'"'
  TELEBITD_PATH=/opt/$my_app
@ -94,7 +103,8 @@ echo "Installing $my_name to '$TELEBITD_PATH'"

 echo "Installing node.js dependencies into $TELEBITD_PATH"
 # v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
-export NODEJS_VER="v10"
+NODEJS_VER="${NODEJS_VER:-v10}"
+export NODEJS_VER
 export NODE_PATH="$TELEBITD_PATH/lib/node_modules"
 export NPM_CONFIG_PREFIX="$TELEBITD_PATH"
 export PATH="$TELEBITD_PATH/bin:$PATH"
@ -167,6 +177,7 @@ if [ ! -f "/etc/$my_user/$my_app.yml" ]; then
  #echo "sudo rsync -a examples/$my_app.yml /etc/$my_user/$my_app.yml"
  sudo bash -c "echo 'email: $my_email' >> /etc/$my_user/$my_app.yml"
  sudo bash -c "echo 'secret: $my_secret' >> /etc/$my_user/$my_app.yml"
+  sudo bash -c "echo 'servernames: [ $my_servername ]' >> /etc/$my_user/$my_app.yml"
  sudo bash -c "cat examples/$my_app.yml.tpl >> /etc/$my_user/$my_app.yml"
  sudo bash -c "echo 'servernames: []' >> /etc/$my_user/$my_app.yml"
 fi