route/doc/man/routed.1

130 lines
3.2 KiB
Groff
Raw Normal View History

2017-12-13 01:17:06 +00:00
.Dd December 12, 2017
.Dt ROUTED 1 URM
.Sh NAME
.Nm routed
.Nd TLS termination and reverse reverse proxying daemon.
.Sh SYNOPSIS
.Nm
.Sh ENVIRONMENT
.Bl -tag -width "routed" -offset indent -compact
.It Ev BOLTDB_PATH
Specifies the path to the boltdb database
.Nm
stores all of its relevant data in.
.It Ev WEB_ADDR
Specifies the host+port that
.Nm
will listen on for unsecured HTTP traffic. This will only forward traffic to HTTPS.
.It Ev SSL_ADDR
Specifies the host+port that
.Nm
will listen on for secure (TLS) traffic. This should have port 443 if you want Let's Encrypt to work (you probably want Let's Encrypt to work).
.It Ev QUIC_ADDR
Specifies the host+port that
.Nm
will listen on for secure (TLS) QUIC traffic. For more information see https://datatracker.ietf.org/wg/quic/about/. This should also be port 443, but is not essential for Let's Encrypt to work.
.It Ev BACKEND_TCP_ADDR
Specifies the host+port that
.Nm
will listen on for secure (TLS) TCP connections from backends. Any client that is successfully able to authenticate with
.Nm
on this port will relay HTTP traffic from to and from end users.
.It Ev BACKEND_KCP_ADDR
Specifies the host+port that
.Nm
will listen on for secure (TLS) KCP (reliable-UDP) connections from backends. Any client that is successfully able to authenticate with
.Nm
on this port will relay HTTP traffic from to and from end users.
For more information about KCP, see https://github.com/xtaci/kcp-go
.It Ev GRPC_ADDR
Specifies the host+post that
.Nm
will listen on for secure (TLS) TCP gRPC connections from clients wishing to control
.Nm
configuration. Authentication is enforced and requires the use of an API token generated by the API call route.Tokens.Put.
.It Ev DOMAIN_SUFFIX
Specifies the domain suffix that
.Nm
will use when automatically generating a domain name for a newly created route. Please set this to something that has a wildcard DNS record pointing to your instances of routed.
.It Ev ACME_EMAIL
Specifies the email address that
.Nm
will use when creating a new account with Let's Encrypt. This assumes you have read (and agree to) the Let's Encrypt terms of service found here: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
.It Ev SSL_CERT_KEY
Specifies the encryption key that
.Nm
will use when encrypting and decrypting SSL certificates when loading them from and saving them to the database. This can be created with
.Xr route-cli 1 .
.El
.Sh IMPLEMENTATION NOTES
In order for
.Nm
to route traffic, a route must be set up using
.Xr route-cli 1 .
Please see its manpage for more information on how to do this.
.Nm
exposes debugging and introspection information on a randomly generated port every time it starts up. The message will look something like:
2017/12/13 02:06:56 manhole: Now listening on http://127.0.0.1:39245
Expose this using
.Xr route-httpagent 1
or similar tools.
.Nm
can be managed using terraform. See
.Xr terraform-provider-route 1
for more information.
.Sh EXAMPLES
routed
.Sh DIAGNOSTICS
.Ex -std routed
.Sh SEE ALSO
.Bl -bullet
.It
https://datatracker.ietf.org/wg/quic/about/
.It
https://github.com/xtaci/kcp-go
.It
https://grpc.io/
.It
https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
.El