incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angus Turner <angusisf...@gmail.com>
Subject Re: Federating with self-signed certificates
Date Wed, 29 May 2013 23:27:03 GMT
Just FYI i've moved over the start of the Federation docs to
here<https://cwiki.apache.org/confluence/display/WAVE/Federation>.
Will work on getting the rest of the Federation stuff over shortly, there's
a couple of TODOs If anyone could help out with this stuff or offer
suggestions that'd be great!

Thanks
Angus Turner
angusisfree@gmail.com


On Thu, May 30, 2013 at 7:53 AM, Bruno Gonzalez <stenyak@gmail.com> wrote:

> On Wed, May 29, 2013 at 10:04 PM, Ali Lown <ali@lown.me.uk> wrote:
>
> > Good luck with this. It has been ~a year since I last did got it
> > working happily (since nobody else had something, I just had a few
> > virtual machines setup for it).
> >
> > > I'm attempting again to make my wave server federable, and have some
> > > questions that I hope someone can answer:
> > > 1) Is there any wave server out there that will accept self-signed
> > > certificates? I'd like to test this first, before I try ca-issued
> > > certificates (because I'm guessing it may be more difficult to achieve
> > that
> > > and I want to start simple, though I may be wrong).
> >
> > None currently. I can make one available if needed, but the effort to
> > get a certificate from StartCom is significantly less than the effort
> > to make it all work together anyway.
> > Neither route is any more difficult.
> >
> > Understood, I'll go with signed certs then. Any existing wiab servers I
> could use for federation tests, my server having a ca-issued cert?
>
>
> >  > 2) The check-certificates.sh script seems to be outdated, it assumes
> > that
> > > either run-config.sh or run-config.sh.example exist, but none of them
> > exist
> > > anymore (I'm in git master branch). Can I simpy comment out those
> checks
> > in
> > > check-certificates.sh and go ahead, or is something important really
> > > missing if I did that?
> >
> > The problem with removing the run-config.sh check is that the rest of
> > the script depends on the values it got from that. (In short the
> > script is pretty much useless now).
> >
> > Remove or fix?
> >
> > Would it be appropriate to include those checks at the start of the
> "run-server" ant target?
> They seem to automate part of the checks outlined here:
> http://www.waveprotocol.org/federation/certificates
>
> > 3) The initial setup I'm aiming for is this: use my own desktop pc
> > (running
> > > debian sid), forward whatever ports are necessary in the router (so far
> > > I've forwarded 9898 tcp incoming), and assume people can access my wiab
> > > server through my dyndns subdomain (which is in the form "
> > foobar.dyndns.org").
> > > Is this setup enough for testing federation, or would I need to
> > > purchase/use a domain that *I* fully control (e.g. "foobar.com") in
> > order
> > > to configure it in ways that dyndns may not allow?
> >
> > To allow XMPP communication to work, you need to be able to setup TXT
> > records detailing which port to use for the wave service. I don't know
> > if dyndns allows you to do this.
> >
>
> Just checked this, it looks like for free accounts you can barely do
> anything.
>
> Fortunately I have some regular domains that I could use (e.g. stenyak.com
> ).
> By reading the docs, it looks like I could set a "wave" SRV record that
> points to my dyndns subdomain (foobar.dyndns.org) on port 9898. That
> dyndns
> subdomain has the A record that actually points to my home network IP,
> where the 9898 port is forwarded to the relevant computer in the lan.
>
> Is this plan correct? Would wave addresses then be user1@stenyak.com,
> user2@stenyak.com, etc?
>
> If so, does all of this mean that I can only have one wave server on the
> stenyak.com domain, or could I have several, for example a server on
> wave1.stenyak.com and another one on wave2.stenyak.com? (I might try this
> for testing federation in a controlled environment, before I try to
> federate with 3rd party servers)
>
>
> --
> Saludos,
>      Bruno González
>
> _______________________________________________
> Jabber: stenyak AT gmail.com
> http://www.stenyak.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message