From ec8334d67bd68601b272346b2042538b08093cb0 Mon Sep 17 00:00:00 2001 From: Christine Dodrill Date: Tue, 12 Dec 2017 17:17:06 -0800 Subject: [PATCH] doc: add manpage for routed(1) --- doc/man/routed.1 | 129 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 doc/man/routed.1 diff --git a/doc/man/routed.1 b/doc/man/routed.1 new file mode 100644 index 0000000..14736b1 --- /dev/null +++ b/doc/man/routed.1 @@ -0,0 +1,129 @@ +.Dd December 12, 2017 +.Dt ROUTED 1 URM + + +.Sh NAME +.Nm routed +.Nd TLS termination and reverse reverse proxying daemon. + + +.Sh SYNOPSIS +.Nm + + +.Sh ENVIRONMENT + +.Bl -tag -width "routed" -offset indent -compact + +.It Ev BOLTDB_PATH +Specifies the path to the boltdb database +.Nm +stores all of its relevant data in. + +.It Ev WEB_ADDR +Specifies the host+port that +.Nm +will listen on for unsecured HTTP traffic. This will only forward traffic to HTTPS. + +.It Ev SSL_ADDR +Specifies the host+port that +.Nm +will listen on for secure (TLS) traffic. This should have port 443 if you want Let's Encrypt to work (you probably want Let's Encrypt to work). + +.It Ev QUIC_ADDR +Specifies the host+port that +.Nm +will listen on for secure (TLS) QUIC traffic. For more information see https://datatracker.ietf.org/wg/quic/about/. This should also be port 443, but is not essential for Let's Encrypt to work. + +.It Ev BACKEND_TCP_ADDR +Specifies the host+port that +.Nm +will listen on for secure (TLS) TCP connections from backends. Any client that is successfully able to authenticate with +.Nm +on this port will relay HTTP traffic from to and from end users. + +.It Ev BACKEND_KCP_ADDR +Specifies the host+port that +.Nm +will listen on for secure (TLS) KCP (reliable-UDP) connections from backends. Any client that is successfully able to authenticate with +.Nm +on this port will relay HTTP traffic from to and from end users. + +For more information about KCP, see https://github.com/xtaci/kcp-go + +.It Ev GRPC_ADDR +Specifies the host+post that +.Nm +will listen on for secure (TLS) TCP gRPC connections from clients wishing to control +.Nm +configuration. Authentication is enforced and requires the use of an API token generated by the API call route.Tokens.Put. + +.It Ev DOMAIN_SUFFIX +Specifies the domain suffix that +.Nm +will use when automatically generating a domain name for a newly created route. Please set this to something that has a wildcard DNS record pointing to your instances of routed. + +.It Ev ACME_EMAIL +Specifies the email address that +.Nm +will use when creating a new account with Let's Encrypt. This assumes you have read (and agree to) the Let's Encrypt terms of service found here: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. + +.It Ev SSL_CERT_KEY +Specifies the encryption key that +.Nm +will use when encrypting and decrypting SSL certificates when loading them from and saving them to the database. This can be created with +.Xr route-cli 1 . + +.El + + +.Sh IMPLEMENTATION NOTES + +In order for +.Nm +to route traffic, a route must be set up using +.Xr route-cli 1 . +Please see its manpage for more information on how to do this. + +.Nm +exposes debugging and introspection information on a randomly generated port every time it starts up. The message will look something like: + +2017/12/13 02:06:56 manhole: Now listening on http://127.0.0.1:39245 + +Expose this using +.Xr route-httpagent 1 +or similar tools. + +.Nm +can be managed using terraform. See +.Xr terraform-provider-route 1 +for more information. + + +.Sh EXAMPLES + +routed + + +.Sh DIAGNOSTICS + +.Ex -std routed + + +.Sh SEE ALSO + +.Bl -bullet + +.It +https://datatracker.ietf.org/wg/quic/about/ + +.It +https://github.com/xtaci/kcp-go + +.It +https://grpc.io/ + +.It +https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf + +.El