run

Cluster handshake reception in ClusterConnection

Feb 11, 2018

2a97758 · Feb 11, 2018

Name	Name	Last commit message	Last commit date
parent directory ..
README.md	README.md	SSL certs generation commands: validity to 10 years	Jan 26, 2018
config.info	config.info	Cluster handshake reception in ClusterConnection	Feb 11, 2018
dev-ca.crt	dev-ca.crt	Better SSL certs & config readme	Jan 23, 2018
internal.full.pem	internal.full.pem	Better SSL certs & config readme	Jan 23, 2018
localhost.full.pem	localhost.full.pem	Better SSL certs & config readme	Jan 23, 2018

README.md

Run files

Server binaries should be executed in this folder for development.

For production, copy config.info and customize it. You should not copy the other files.

config.info

Default configuration file.

TODO

Development SSL files

All the keys and certificates in this folder are generated and for development purpose only.

You should never use any of these files in production.

localhost.full.pem

Used by front server, configuration keys: front.ssl.certificate_chain and front.ssl.private_key

This file correspond to the fullchain used for external communications (web, websockets...).

In production, you should not generate and sign it yourself, you should use the file(s) provided by your SSL provider instead.

For example, if your SSL provider is Letsencrypt, you should use this file: /etc/letsencrypt/live/<mywebsite.com>/fullchain.pem

Note that for development purpose this file has been signed with dev-ca.crt.

dev-ca.crt

Self signed Certificate Authority for the cluster. Configuration key: cluster.ssl.certificate_authority_file

For your own cluster, you should generate your own CA. It will be used to verify all internal connections (for example, between a front server and a game instance server).

Generation commands used for this file:

# Private key
openssl genrsa -passout pass:IAN-ca -out dev-ca.key 2048
# Self signed CA
openssl req -new -x509 -days 3650 -key dev-ca.key -out dev-ca.crt

The private key dev-ca.key will only be used for certificate generation, and should not be deployed to your servers.

internal.full.pem

Used by all servers for internal communications, configuration keys: cluster.ssl.certificate_chain and cluster.ssl.private_key

Actual chain used for internal communications, must be signed using the cluster's CA.

Generation commands used for this file:

# Private key
openssl genrsa -passout pass:IAN-internal -out internal.key 2048
# Sign request
openssl req -new -days 3650 -key internal.key -out internal.csr
# Sign with CA
openssl x509 -req -days 3650 -in internal.csr -CA dev-ca.crt -CAkey dev-ca.key -CAcreateserial -out internal.crt
# Create bundle
cat internal.key internal.crt dev-ca.crt > internal.full.pem

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

run

run

README.md

Run files

config.info

Development SSL files

localhost.full.pem

dev-ca.crt

internal.full.pem

Files

run

Directory actions

More options

Directory actions

More options

Latest commit

History

run

Folders and files

parent directory

README.md

Run files

config.info

Development SSL files

localhost.full.pem

dev-ca.crt

internal.full.pem