incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Gonzalez <sten...@gmail.com>
Subject Re: Federating with self-signed certificates
Date Wed, 29 May 2013 21:53:14 GMT
On Wed, May 29, 2013 at 10:04 PM, Ali Lown <ali@lown.me.uk> wrote:

> Good luck with this. It has been ~a year since I last did got it
> working happily (since nobody else had something, I just had a few
> virtual machines setup for it).
>
> > I'm attempting again to make my wave server federable, and have some
> > questions that I hope someone can answer:
> > 1) Is there any wave server out there that will accept self-signed
> > certificates? I'd like to test this first, before I try ca-issued
> > certificates (because I'm guessing it may be more difficult to achieve
> that
> > and I want to start simple, though I may be wrong).
>
> None currently. I can make one available if needed, but the effort to
> get a certificate from StartCom is significantly less than the effort
> to make it all work together anyway.
> Neither route is any more difficult.
>
> Understood, I'll go with signed certs then. Any existing wiab servers I
could use for federation tests, my server having a ca-issued cert?


>  > 2) The check-certificates.sh script seems to be outdated, it assumes
> that
> > either run-config.sh or run-config.sh.example exist, but none of them
> exist
> > anymore (I'm in git master branch). Can I simpy comment out those checks
> in
> > check-certificates.sh and go ahead, or is something important really
> > missing if I did that?
>
> The problem with removing the run-config.sh check is that the rest of
> the script depends on the values it got from that. (In short the
> script is pretty much useless now).
>
> Remove or fix?
>
> Would it be appropriate to include those checks at the start of the
"run-server" ant target?
They seem to automate part of the checks outlined here:
http://www.waveprotocol.org/federation/certificates

> 3) The initial setup I'm aiming for is this: use my own desktop pc
> (running
> > debian sid), forward whatever ports are necessary in the router (so far
> > I've forwarded 9898 tcp incoming), and assume people can access my wiab
> > server through my dyndns subdomain (which is in the form "
> foobar.dyndns.org").
> > Is this setup enough for testing federation, or would I need to
> > purchase/use a domain that *I* fully control (e.g. "foobar.com") in
> order
> > to configure it in ways that dyndns may not allow?
>
> To allow XMPP communication to work, you need to be able to setup TXT
> records detailing which port to use for the wave service. I don't know
> if dyndns allows you to do this.
>

Just checked this, it looks like for free accounts you can barely do
anything.

Fortunately I have some regular domains that I could use (e.g. stenyak.com).
By reading the docs, it looks like I could set a "wave" SRV record that
points to my dyndns subdomain (foobar.dyndns.org) on port 9898. That dyndns
subdomain has the A record that actually points to my home network IP,
where the 9898 port is forwarded to the relevant computer in the lan.

Is this plan correct? Would wave addresses then be user1@stenyak.com,
user2@stenyak.com, etc?

If so, does all of this mean that I can only have one wave server on the
stenyak.com domain, or could I have several, for example a server on
wave1.stenyak.com and another one on wave2.stenyak.com? (I might try this
for testing federation in a controlled environment, before I try to
federate with 3rd party servers)


-- 
Saludos,
     Bruno González

_______________________________________________
Jabber: stenyak AT gmail.com
http://www.stenyak.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message