Mainflux.mainflux

Commit Graph

Author	SHA1	Message	Date
Dušan Borovčanin	f9b17d5f24	MF-651 - X509 Mutual TLS authentication (#676 ) * Use NginX njs module for mutual authentication Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add Makefile for cert management Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Move certificates make context to scripts dir Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Move nginx.conf to separate directory Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Choose between two NginX configurations Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Move certs Makefile to docker/ssl/ Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use default key-based authentication Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add mTLS docs Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update Makefile Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add check if Authorization is present Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add check if Will Flag is 1 Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Return MQTT over WS Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix docker-compose.yml volume mapping Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename security section in docs Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add message type check before message parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove double comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove s.AGAIN in return Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update Makefile Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove CSR and key from the root Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Drop TLS version below 1.2 Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add comments for cert and key paths Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>	2019-04-02 17:54:24 +02:00
nwest1	260df3ae40	MF-426 - Add optional MF_CA_CERTS env variable to allow GRPC client to use TLS certs (#430 ) * MF-426-Add optional MF_CA_CERTS env variable to allow GRPC client to use TLS certs Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * enable things client to be configured with a ca cert path Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * MF_CA_CERTS docs for http adapter and things service, additional logging and improved error handling when setting up TLS gRPC client Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * refactor things connect to separate function Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * getting-started updates, corrected things env variable Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * clarifying ca certs default functionality Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * configuring tls termination at service endpoint Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * enable TLS configuration for users and things Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * nginx forwarding Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * go imports Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * bad logging change Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * naming specifically to the http adapter component Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * updated tls keys, slightly different grpc configuration set localhost, users and things as subject alternative names Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * log message consistency Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * readme updates related to server ssl configuration Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * Trying to resolve confilcts Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * removing conflicting lines from docker-compose Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * adding back http-adapter configuration Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * slight readme update Signed-off-by: nwest1 <nwest1@users.noreply.github.com> * readme tweaks Signed-off-by: nwest1 <nwest1@users.noreply.github.com>	2018-11-06 21:09:17 +01:00
Drasko DRASKOVIC	301d855015	Add CA cert (#215 ) Signed-off-by: drasko <drasko.draskovic@gmail.com>	2018-04-04 02:29:29 +02:00

Author

SHA1

Message

Date

Dušan Borovčanin

f9b17d5f24

MF-651 - X509 Mutual TLS authentication (#676 )

* Use NginX njs module for mutual authentication

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add Makefile for cert management

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Move certificates make context to scripts dir

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Move nginx.conf to separate directory

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Choose between two NginX configurations

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Move certs Makefile to docker/ssl/

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Use default key-based authentication

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add mTLS docs

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Update Makefile

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add check if Authorization is present

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add check if Will Flag is 1

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Return MQTT over WS

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Fix docker-compose.yml volume mapping

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Rename security section in docs

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add message type check before message parsing

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Remove double comments

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Remove s.AGAIN in return

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Update Makefile

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Remove CSR and key from the root

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Drop TLS version below 1.2

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

* Add comments for cert and key paths

Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>

2019-04-02 17:54:24 +02:00

nwest1

260df3ae40

MF-426 - Add optional MF_CA_CERTS env variable to allow GRPC client to use TLS certs (#430 )

* MF-426-Add optional MF_CA_CERTS env variable to allow GRPC client to use TLS certs

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* enable things client to be configured with a ca cert path

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* MF_CA_CERTS docs for http adapter and things service, additional logging and improved error handling when setting up TLS gRPC client

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* refactor things connect to separate function

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* getting-started updates, corrected things env variable

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* clarifying ca certs default functionality

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* configuring tls termination at service endpoint

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* enable TLS configuration for users and things

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* nginx forwarding

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* go imports

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* bad logging change

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* naming specifically to the http adapter component

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* updated tls keys, slightly different grpc configuration

set localhost, users and things as subject alternative names

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* log message consistency

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* readme updates related to server ssl configuration

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* Trying to resolve confilcts

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* removing conflicting lines from docker-compose

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* adding back http-adapter configuration

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* slight readme update

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

* readme tweaks

Signed-off-by: nwest1 <nwest1@users.noreply.github.com>

2018-11-06 21:09:17 +01:00

Drasko DRASKOVIC

301d855015

Add CA cert (#215 )

Signed-off-by: drasko <drasko.draskovic@gmail.com>

2018-04-04 02:29:29 +02:00

3 Commits