|
|
@@ -123,7 +123,7 @@ b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDRPNk5aUUMyTzVRNzdKRlJJT1BC
|
|
|
</item>
|
|
|
|
|
|
<item>
|
|
|
- <title>Docs: webUI and API</title>
|
|
|
+ <title>Docs: WebUI and API</title>
|
|
|
<link>https://mudler.github.io/edgevpn/docs/getting-started/api/</link>
|
|
|
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
|
|
|
|
|
@@ -198,10 +198,18 @@ b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDRPNk5aUUMyTzVRNzdKRlJJT1BC
|
|
|
<p>Returns the current data in the ledger inside the <code>:bucket</code></p>
|
|
|
<h4 id="apiledgerbucketkey"><code>/api/ledger/:bucket/:key</code></h4>
|
|
|
<p>Returns the current data in the ledger inside the <code>:bucket</code> at given <code>:key</code></p>
|
|
|
+<h4 id="apipeergate"><code>/api/peergate</code></h4>
|
|
|
+<p>Returns peergater status</p>
|
|
|
<h3 id="put">PUT</h3>
|
|
|
<h4 id="apiledgerbucketkeyvalue"><code>/api/ledger/:bucket/:key/:value</code></h4>
|
|
|
<p>Puts <code>:value</code> in the ledger inside the <code>:bucket</code> at given <code>:key</code></p>
|
|
|
-<h3 id="post">POST</h3>
|
|
|
+<h4 id="apipeergatestate"><code>/api/peergate/:state</code></h4>
|
|
|
+<p>Enables/disables peergating:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#8f5902;font-style:italic"># enable</span>
|
|
|
+$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/peergate/enable&#39;</span>
|
|
|
+<span style="color:#8f5902;font-style:italic"># disable</span>
|
|
|
+$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/peergate/disable&#39;</span>
|
|
|
+</code></pre></div><h3 id="post">POST</h3>
|
|
|
<h4 id="apidns-1"><code>/api/dns</code></h4>
|
|
|
<p>The endpoint accept a JSON payload of the following form:</p>
|
|
|
<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-json" data-lang="json"><span style="color:#000;font-weight:bold">{</span> <span style="color:#204a87;font-weight:bold">&#34;Regex&#34;</span><span style="color:#000;font-weight:bold">:</span> <span style="color:#4e9a06">&#34;&lt;regex&gt;&#34;</span><span style="color:#000;font-weight:bold">,</span>
|
|
|
@@ -219,7 +227,12 @@ b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDRPNk5aUUMyTzVRNzdKRlJJT1BC
|
|
|
<p>Deletes the <code>:key</code> into <code>:bucket</code> inside the ledger</p>
|
|
|
<h4 id="apiledgerbucket-1"><code>/api/ledger/:bucket</code></h4>
|
|
|
<p>Deletes the <code>:bucket</code> from the ledger</p>
|
|
|
-
|
|
|
+<h2 id="binding-to-a-socket">Binding to a socket</h2>
|
|
|
+<p>The API can also be bound to a socket, for instance:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ edgevpn api --listen <span style="color:#4e9a06">&#34;unix://&lt;path/to/socket&gt;&#34;</span>
|
|
|
+</code></pre></div><p>or as well while running the vpn:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ edgevpn api --api-listen <span style="color:#4e9a06">&#34;unix://&lt;path/to/socket&gt;&#34;</span>
|
|
|
+</code></pre></div>
|
|
|
</description>
|
|
|
</item>
|
|
|
|
|
|
@@ -232,8 +245,14 @@ b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDRPNk5aUUMyTzVRNzdKRlJJT1BC
|
|
|
<description>
|
|
|
|
|
|
|
|
|
- <h2 id="dns-server">DNS Server</h2>
|
|
|
-<p>Note: Experimental feature!</p>
|
|
|
+
|
|
|
+
|
|
|
+<div class="pageinfo pageinfo-warning">
|
|
|
+<p>Experimental feature!</p>
|
|
|
+
|
|
|
+</div>
|
|
|
+
|
|
|
+<h2 id="dns-server">DNS Server</h2>
|
|
|
<p>A DNS Server is available but disabled by default.</p>
|
|
|
<p>The DNS server will resolve DNS queries using the blockchain as a record and will forward unknown domains by default.</p>
|
|
|
<p>It can be enabled by specifying a listening address with <code>--dns</code>. For example, to bind to default <code>53</code> port locally, run in the console:</p>
|
|
|
@@ -279,6 +298,72 @@ b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDRPNk5aUUMyTzVRNzdKRlJJT1BC
|
|
|
</description>
|
|
|
</item>
|
|
|
|
|
|
+ <item>
|
|
|
+ <title>Docs: Peerguardian</title>
|
|
|
+ <link>https://mudler.github.io/edgevpn/docs/concepts/overview/peerguardian/</link>
|
|
|
+ <pubDate>Wed, 05 Jan 2022 00:00:00 +0000</pubDate>
|
|
|
+
|
|
|
+ <guid>https://mudler.github.io/edgevpn/docs/concepts/overview/peerguardian/</guid>
|
|
|
+ <description>
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+<div class="pageinfo pageinfo-warning">
|
|
|
+<p>Experimental feature!</p>
|
|
|
+
|
|
|
+</div>
|
|
|
+
|
|
|
+<h2 id="peerguardian">Peerguardian</h2>
|
|
|
+<p>PeerGuardian is a mechanism to prevent unauthorized access to the network if tokens are leaked or either revoke network access.</p>
|
|
|
+<p>In order to enable it, start edgevpn nodes adding the <code>--peerguradian</code> flag.</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">edgevpn --peerguardian
|
|
|
+</code></pre></div><p>To turn on peer gating, specify also <code>--peergate</code>.</p>
|
|
|
+<p>Peerguardian and peergating has several options:</p>
|
|
|
+<pre tabindex="0"><code> --peerguard Enable peerguard. (Experimental) [$PEERGUARD]
|
|
|
+ --peergate Enable peergating. (Experimental) [$PEERGATE]
|
|
|
+ --peergate-autoclean Enable peergating autoclean. (Experimental) [$PEERGATE_AUTOCLEAN]
|
|
|
+ --peergate-relaxed Enable peergating relaxation. (Experimental) [$PEERGATE_RELAXED]
|
|
|
+ --peergate-auth value Peergate auth [$PEERGATE_AUTH]
|
|
|
+ --peergate-interval value Peergater interval time (default: 120) [$EDGEVPNPEERGATEINTERVAL]
|
|
|
+</code></pre><p>When the PeerGuardian and Peergater are enabled, a VPN node will only accepts blocks from authorized nodes.</p>
|
|
|
+<p>Peerguardian is extensible to support different mechanisms of authentication, we will see below specific implementations.</p>
|
|
|
+<h2 id="ecdsa-auth">ECDSA auth</h2>
|
|
|
+<p>The ECDSA authentication mechanism is used to verify peers in the blockchain using ECDSA keys.</p>
|
|
|
+<p>To generate a new ECDSA keypair use <code>edgevpn peergater ecdsa-genkey</code>:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ edgevpn peergater ecdsa-genkey
|
|
|
+Private key: <span style="color:#000">LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JSGNBZ0VCQkVJQkhUZnRSTVZSRmlvaWZrdllhZEE2NXVRQXlSZTJSZHM0MW1UTGZlNlRIT3FBTTdkZW9sak0KZXVPbTk2V0hacEpzNlJiVU1tL3BCWnZZcElSZ0UwZDJjdUdnQndZRks0RUVBQ09oZ1lrRGdZWUFCQUdVWStMNQptUzcvVWVoSjg0b3JieGo3ZmZUMHBYZ09MSzNZWEZLMWVrSTlEWnR6YnZWOUdwMHl6OTB3aVZxajdpMDFVRnhVCnRKbU1lWURIRzBTQkNuVWpDZ0FGT3ByUURpTXBFR2xYTmZ4LzIvdEVySDIzZDNwSytraFdJbUIza01QL2tRNEIKZzJmYnk2cXJpY1dHd3B4TXBXNWxKZVZXUGlkeWJmMSs0cVhPTWdQbmRnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo</span><span style="color:#ce5c00;font-weight:bold">=</span>
|
|
|
+Public key: <span style="color:#000">LS0tLS1CRUdJTiBFQyBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFCbEdQaStaa3UvMUhvU2ZPS0syOFkrMzMwOUtWNApEaXl0MkZ4U3RYcENQUTJiYzI3MWZScWRNcy9kTUlsYW8rNHROVkJjVkxTWmpIbUF4eHRFZ1FwMUl3b0FCVHFhCjBBNGpLUkJwVnpYOGY5djdSS3g5dDNkNlN2cElWaUpnZDVERC81RU9BWU5uMjh1cXE0bkZoc0tjVEtWdVpTWGwKVmo0bmNtMzlmdUtsempJRDUzWT0KLS0tLS1FTkQgRUMgUFVCTElDIEtFWS0tLS0tCg</span><span style="color:#ce5c00;font-weight:bold">==</span>
|
|
|
+</code></pre></div><p>For example, to add a ECDSA public key, use the API as such from a node which is already trusted by PeerGuardian:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/ledger/trustzoneAuth/ecdsa_1/LS0tLS1CRUdJTiBFQyBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBL09TTjhsUU9Wa3FHOHNHbGJiellWamZkdVVvUAplMEpsWUVzOFAyU3o1TDlzVUtDYi9kQWkrVFVONXU0ZVk2REpGeU50dWZjK2p0THNVTTlPb0xXVnBXb0E0eEVDCk9VdDFmRVNaRzUxckc4MEdFVjBuQTlBRGFvOW1XK3p4dmkvQnd0ZFVvSTNjTDB0VTdlUGEvSGM4Z1FLMmVOdE0KeDdBSmNYcWpPNXZXWGxZZ2NkOD0KLS0tLS1FTkQgRUMgUFVCTElDIEtFWS0tLS0tCg==&#39;</span>
|
|
|
+</code></pre></div><p>Now the private key can be used while starting new nodes:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#000">PEERGATE_AUTH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{ &#39;ecdsa&#39; : { &#39;private_key&#39;: &#39;LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JSGNBZ0VCQkVJQkhUZnRSTVZSRmlvaWZrdllhZEE2NXVRQXlSZTJSZHM0MW1UTGZlNlRIT3FBTTdkZW9sak0KZXVPbTk2V0hacEpzNlJiVU1tL3BCWnZZcElSZ0UwZDJjdUdnQndZRks0RUVBQ09oZ1lrRGdZWUFCQUdVWStMNQptUzcvVWVoSjg0b3JieGo3ZmZUMHBYZ09MSzNZWEZLMWVrSTlEWnR6YnZWOUdwMHl6OTB3aVZxajdpMDFVRnhVCnRKbU1lWURIRzBTQkNuVWpDZ0FGT3ByUURpTXBFR2xYTmZ4LzIvdEVySDIzZDNwSytraFdJbUIza01QL2tRNEIKZzJmYnk2cXJpY1dHd3B4TXBXNWxKZVZXUGlkeWJmMSs0cVhPTWdQbmRnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=&#39; } }&#34;</span>
|
|
|
+$ edgevpn --peerguardian --peergate
|
|
|
+</code></pre></div><h2 id="enablingdisabling-peergating-in-runtime">Enabling/Disabling peergating in runtime</h2>
|
|
|
+<p>Peergating can be disabled in runtime by leveraging the api:</p>
|
|
|
+<h3 id="query-status">Query status</h3>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ curl -X GET <span style="color:#4e9a06">&#39;http://localhost:8080/api/peergate&#39;</span>
|
|
|
+</code></pre></div><h3 id="enable-peergating">Enable peergating</h3>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/peergate/enable&#39;</span>
|
|
|
+</code></pre></div><h3 id="disable-peergating">Disable peergating</h3>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/peergate/disable&#39;</span>
|
|
|
+</code></pre></div><h2 id="starting-a-new-network">Starting a new network</h2>
|
|
|
+<p>To init a new Trusted network, start nodes with <code>--peergate-relaxed</code> and add the neccessary auth keys:</p>
|
|
|
+<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ edgevpn --peerguardian --peergate --peergate-relaxed
|
|
|
+$ curl -X PUT <span style="color:#4e9a06">&#39;http://localhost:8080/api/ledger/trustzoneAuth/keytype_1/XXX&#39;</span>
|
|
|
+</code></pre></div>
|
|
|
+
|
|
|
+<div class="alert alert-primary" role="alert">
|
|
|
+<h4 class="alert-heading">Note</h4>
|
|
|
+
|
|
|
+ It is strongly suggested to use a local store for the blockchain with PeerGuardian. In this way nodes persist locally auth keys and you can avoid starting nodes with `&ndash;peergate-relaxed'
|
|
|
+
|
|
|
+</div>
|
|
|
+
|
|
|
+
|
|
|
+ </description>
|
|
|
+ </item>
|
|
|
+
|
|
|
<item>
|
|
|
<title>Docs: Contributing</title>
|
|
|
<link>https://mudler.github.io/edgevpn/docs/contribution-guidelines/</link>
|
|
|
@@ -318,7 +403,7 @@ updates:</p>
|
|
|
<ol>
|
|
|
<li>Fork the <a href="https://github.com/mudler/edgevpn">the repo</a> on GitHub.</li>
|
|
|
<li>Make your changes, if are related to docs
|
|
|
-to see the preview cd into <code>docs</code> and run <code>make serve</code>, then browse to <a href="http://localhost:1313">localhost:1313</a></li>
|
|
|
+to see the preview run <code>make serve</code> from the <code>docs</code> dir, then browse to <a href="http://localhost:1313">localhost:1313</a></li>
|
|
|
<li>If you&rsquo;re not yet ready for a review, add &ldquo;WIP&rdquo; to the PR name to indicate
|
|
|
it&rsquo;s a work in progress.</li>
|
|
|
<li>Continue updating your doc and pushing your changes until you&rsquo;re happy with
|
mudler