update to reflect v0.9 changes

2024-07-07 04:42:58 -05:00 · 2022-02-20 14:40:56 +02:00 · 2022-02-20 14:40:56 +02:00 · 1d14e39fa4
commit 1d14e39fa4
parent 0c41597eed
13 changed files with 59 additions and 51 deletions
--- a/docker/client/README.md
+++ b/docker/client/README.md
@ -5,14 +5,13 @@
 Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
 - bp.example.com: your admin domain
 - your-user-token: token generated by your server
- your-client-name: the name to identify your client
- your-user-name: the user associated with the server token
+- your-email-address: the email address to register with Let's Encrypt

 ### certmagic

-The certmagic volume is used to store certificats. This directory must also be passed to the container with the -cert-dir command.
+The certmagic volume is used to store certificates. This directory must also be passed to the container with the -cert-dir command.

-==If you make changes to this, make sure that the data in certmagic is persistent, otherwise new certificates will be generated everytime the container is started. This can result in triggering the [rate limits for Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)==
+==If you make changes to this, make sure that the data in certmagic is persistent, otherwise new certificates will be generated every time the container is started. This can result in triggering the [rate limits for Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)==

 ### /etc/ssl/certs
 Alpine doesn't include ca-certificates in the docker base image. You can add your OS ca-certificates to the docker container by linking your local certs directory to the image
--- a/docker/client/docker-compose.yml
+++ b/docker/client/docker-compose.yml
@ -3,7 +3,7 @@ services:
  boringproxy:
    container_name: boringproxy-client
    restart: unless-stopped
-    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "your-client-name", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-acme-email", "your-email-address", "-cert-dir", "/certmagic"]
    volumes:
      - certmagic:/certmagic
      - /etc/ssl/certs/:/etc/ssl/certs/:ro
--- a/docker/client/examples/home-assistant/README.md
+++ b/docker/client/examples/home-assistant/README.md
@ -5,7 +5,7 @@
 Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
 - bp.example.com: your admin domain
 - your-user-token: token generated by your server
- your-user-name: the user associated with the server token
+- your-email-address: the email address to register with Let's Encrypt


 ## Add tunnel in WebUI
--- a/docker/client/examples/home-assistant/docker-compose.yml
+++ b/docker/client/examples/home-assistant/docker-compose.yml
@ -2,9 +2,9 @@ version: '3.7'

 services:
  boringproxy:
-    image: ghcr.io/wgrobler/boringproxy:latest
+    image: ghcr.io/wgrobler/boringproxy-linux-amd64:latest
    restart: unless-stopped
-    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-homeassistant", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-acme-email", "your-email-address", "-cert-dir", "/certmagic"]
    volumes:
      - certmagic:/certmagic
      - /etc/ssl/certs/:/etc/ssl/certs/:ro
--- a/docker/client/examples/nginx/README.md
+++ b/docker/client/examples/nginx/README.md
@ -5,7 +5,7 @@
 Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
 - bp.example.com: your admin domain
 - your-user-token: token generated by your server
- your-user-name: the user associated with the server token
+- your-email-address: the email address to register with Let's Encrypt


 ## Add tunnel in WebUI
--- a/docker/client/examples/nginx/docker-compose.yml
+++ b/docker/client/examples/nginx/docker-compose.yml
@ -2,9 +2,9 @@ version: '3.7'

 services:
  boringproxy:
-    image: ghcr.io/wgrobler/boringproxy:latest
+    image: ghcr.io/wgrobler/boringproxy-linux-amd64:latest
    restart: unless-stopped
-    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-nginx", "-user", "your-user-name","-cert-dir", "/certmagic"]
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-acme-email", "your-email-address", "-cert-dir", "/certmagic"]
    volumes:
      - certmagic:/certmagic
      - /etc/ssl/certs/:/etc/ssl/certs/:ro
--- a/docker/client/prebuild.yml
+++ b/docker/client/prebuild.yml
@ -1,4 +1,4 @@
 version: '3.7'
 services:
  boringproxy:
-    image: ghcr.io/wgrobler/boringproxy:latest
+    image: ghcr.io/wgrobler/boringproxy-linux-amd64:latest
--- a/docker/server/docker-compose.yml
+++ b/docker/server/docker-compose.yml
@ -8,7 +8,8 @@ services:
      - "443:443"
    volumes:
      - data:/opt/boringproxy/
-    command: ["server", "-admin-domain", "bp.example.com"]
+    command: ["server", "-admin-domain", "bp.example.com", "-cert-dir", "/certmagic"]

 volumes:
-  data:
+  data:
+  certmagic:
--- a/docker/server/prebuild.yml
+++ b/docker/server/prebuild.yml
@ -1,4 +1,4 @@
 version: '3.7'
 services:
  boringproxy:
-    image: ghcr.io/wgrobler/boringproxy:latest
+    image: ghcr.io/wgrobler/boringproxy-linux-amd64:latest
--- a/systemd/README.md
+++ b/systemd/README.md
@ -2,7 +2,7 @@

 A service is a program that runs in the background outside the interactive control of system users. Services can also be automatically started on boot.

-*The systemd service instructions were writen for Linux*
+*The systemd service instructions were written for Linux*

 # Prerequisites

@ -11,8 +11,15 @@ The folling steps assume that boringproxy is already installed. If you haven't i

 Boringproxy needs to be installed in **/usr/local/bin/boringproxy** for the default service file to work. If you want to use another path, this can be changed in the service file.

+Remember to allow binding to ports 80 and 443 for non root users using setcap:
+
+```bash
+setcap cap_net_bind_service=+ep /usr/local/bin/boringproxy
+```
+
+
 ## Create boringproxy user & group
-The service will be run as user *boringproxy*. Runnning the service as *root* is not recomended.
+The service will be run as user *boringproxy*. Running the service as *root* is not recommended.

 Add user *boringproxy*
 ```bash
@ -50,12 +57,10 @@ wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/bo

 #### Working Directory

-Default working directory is */opt/boringproxy/*, you can change this in the service file to another directory.
+Default working directory is */home/boringproxy/*, you can change this in the service file to another directory.
+
+The default directory will be created as part of the user add command. If you choose another directory make sure it exists

-Create the directory if it does not alreay exists
-```bash
-mkdir -p /opt/boringproxy/
-```
 #### Boringproxy executable file path

 Default location for your boringproxy executable file is */usr/local/bin/boringproxy*, you can change this in the service file to another path.
@ -90,7 +95,7 @@ To start the server, you will need to change the current directory to your Worki

 If no changes were made to the default paths, change the *admin-domain* in the command below to your *admin-domain* and enter your email address when prompted
 ```bash
-runuser -l boringproxy -c 'cd /opt/boringproxy; /usr/local/bin/boringproxy server -admin-domain bp.example.com'
+runuser -l boringproxy -c 'cd /home/boringproxy; /usr/local/bin/boringproxy server -admin-domain bp.example.com'
 ```

 If your server was successfully started, close the running process and start it again using the service.
@ -149,12 +154,10 @@ wget https://raw.githubusercontent.com/boringproxy/boringproxy/master/systemd/bo

 #### Working Directory

-Default working directory is */opt/boringproxy/*, you can change this in the service file to another directory.
+Default working directory is */home/boringproxy/*, you can change this in the service file to another directory.
+
+The default directory will be created as part of the user add command. If you choose another directory make sure it exists

-Create the directory if it does not alreay exists
-```bash
-mkdir -p /opt/boringproxy/
-```
 #### Boringproxy executable file path

 Default location for your boringproxy executable file is */usr/local/bin/boringproxy*, you can change this in the service file to another path.
@ -166,17 +169,18 @@ mv ./boringproxy /usr/local/bin/boringproxy

 #### ExecStart

-Edit the service file and change the folowing:
+Edit the service file and change the following:
 - **bp.example.com** to your *admin-domain*
 - **your-bp-server-token** to your user token
+- **your-email-address** your email address to register with Let's Encrypt


 ### Install service file to systemd

 Copy service file to */etc/systemd/system/*
-*You can change your-server-name to any name you want to identify the server. This is usefull when connecting your client device to multiple servers using different client services.*
+*You can change your-server-name to any name you want to identify the server. This is useful when connecting your client device to multiple servers using different client services.*
 ```bash
-mv ./boringproxy-client@.service /etc/systemd/system/boringproxy-client@your-server-name.service
+mv ./boringproxy-client@.service /etc/systemd/system/boringproxy-client.service
 ```
 Reload the service files to include the new service.
 ```bash
@ -189,20 +193,20 @@ After the above steps are completed, you can execute the service by using the co

 Start your service
 ```bash
-systemctl start boringproxy-client@your-server-name.service
+systemctl start boringproxy-client.service
 ```

 To check the status of your service
 ```bash
-systemctl status boringproxy-client@your-server-name.service
+systemctl status boringproxy-client.service
 ```

 To enable your service on every reboot
 ```bash
-systemctl enable boringproxy-client@your-server-name.service
+systemctl enable boringproxy-client.service
 ```

 To disable your service on every reboot
 ```bash
-systemctl disable boringproxy-client@your-server-name.service
+systemctl disable boringproxy-client.service
 ```
--- a/systemd/boringproxy-client.service
+++ b/systemd/boringproxy-client.service
@ -0,0 +1,17 @@
+[Unit]
+Description=boringproxy client
+After=network.target
+
+[Service]
+PrivateTmp=true
+Type=simple
+User=boringproxy
+Group=boringproxy
+WorkingDirectory=/home/boringproxy/
+ExecStart=/usr/local/bin/boringproxy client \
+	-server bp.example.com \
+	-token your-bp-server-token \
+	-acme-email your-email-address
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/boringproxy-client@.service
+++ b/systemd/boringproxy-client@.service
@ -1,14 +0,0 @@
-[Unit]
-Description=boringproxy client (%I)
-After=network.target
-
-[Service]
-PrivateTmp=true
-Type=simple
-User=boringproxy
-Group=boringproxy
-WorkingDirectory=/opt/boringproxy/
-ExecStart=/usr/local/bin/boringproxy client -server bp.example.com -token your-bp-server-token -client-name %i
-
-[Install]
-WantedBy=multi-user.target
--- a/systemd/boringproxy-server.service
+++ b/systemd/boringproxy-server.service
@ -7,8 +7,9 @@ PrivateTmp=true
 Type=simple
 User=boringproxy
 Group=boringproxy
-WorkingDirectory=/opt/boringproxy/
-ExecStart=/usr/local/bin/boringproxy server -admin-domain bp.example.com
+WorkingDirectory=/home/boringproxy/
+ExecStart=/usr/local/bin/boringproxy server \
+	-admin-domain bp.example.com

 [Install]
 WantedBy=multi-user.target