Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add command for starting ctfe to ManualDeploy doc #1069

Merged
merged 2 commits into from
May 5, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 27 additions & 18 deletions trillian/docs/ManualDeployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -285,24 +285,6 @@ for feeding to `ct-server` can thus be produced with:
% cat /etc/ssl/certs/* > ca-roots.pem
```

**Cross-check**: Once the CTFE is configured and running
([below](#ctfe-start-up)), opening
`http://localhost:<port>/<prefix>/ct/v1/get-roots` shows the configured roots.
Alternatively, the `ctclient` command-line tool shows the same information in a
more friendly way:

```bash
% go install github.com/google/certificate-transparency-go/client/ctclient
% ctclient --log_uri http://localhost:6966/aramis getroots
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67554046 (0x406cafe)
Signature Algorithm: ECDSA-SHA256
...
```


### CTFE Configuration

The information from the previous steps now needs to be assembled into a
Expand Down Expand Up @@ -344,6 +326,14 @@ can be started.
it should match the `--rpc_endpoint` for the [log server](#trillian-services).
- The `--http_endpoint` option indicates the port that the CTFE should respond
to HTTP(S) requests on.

e.g.
```bash
CTFE_CONFIG=/path/to/your/ctfe_config_file
TRILLIAN_LOG_SERVER_RPC_ENDPOINT=localhost:8080
go run github.com/google/certificate-transparency-go/trillian/ctfe/ct_server --log_config ${CTFE_CONFIG} --http_endpoint=localhost:6966 --log_rpc_server ${TRILLIAN_LOG_SERVER_RPC_ENDPOINT} --logtostderr

```

At this point, a complete (but minimal) CT Log setup is available. The manual
set up steps up to this point match the
Expand All @@ -352,14 +342,33 @@ script should (mostly) make sense.

**Cross-check**: Opening `http://localhost:<port>/<prefix>/ct/v1/get-sth` in a
browser should show JSON that indicates an empty tree.

Alternatively, the `ctclient` command-line tool shows the same information:
e.g.
```bash
go run github.com/google/certificate-transparency-go/client/ctclient@master get-sth --log_uri http://localhost:6966/aramis
2018-10-12 11:28:08.544 +0100 BST (timestamp 1539340088544): Got STH for V1 log (size=11718) at http://localhost:6966/aramis, hash 6fb36fcca60d61aa85e04ff0c34a87782f12d08568118602eec0208d85c3a40d
Signature: Hash=SHA256 Sign=ECDSA
Value=3045022100df855f0fd097a45070e2eb244c7cb63effda942f2d30308e3b84a72e1d16118b0220038e55f142501402cf03790b3997081f82ffe47f2d3f3b667e1c484aecf40a33
```

**Cross-check**: Once the CTFE is configured and running, opening
`http://localhost:<port>/<prefix>/ct/v1/get-roots` shows the configured roots.

Alternatively, the `ctclient` command-line tool shows the same information in a
more friendly way:
e.g.
```bash
go run github.com/google/certificate-transparency-go/client/ctclient@master get-roots --log_uri http://localhost:6966/aramis
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67554046 (0x406cafe)
Signature Algorithm: ECDSA-SHA256
...
```


<img src="images/Deployment3CTFE.png" width="650">


Expand Down