130 lines
3.2 KiB
Groff
130 lines
3.2 KiB
Groff
.Dd December 12, 2017
|
|
.Dt ROUTED 1 URM
|
|
|
|
|
|
.Sh NAME
|
|
.Nm routed
|
|
.Nd TLS termination and reverse reverse proxying daemon.
|
|
|
|
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
|
|
|
|
.Sh ENVIRONMENT
|
|
|
|
.Bl -tag -width "routed" -offset indent -compact
|
|
|
|
.It Ev BOLTDB_PATH
|
|
Specifies the path to the boltdb database
|
|
.Nm
|
|
stores all of its relevant data in.
|
|
|
|
.It Ev WEB_ADDR
|
|
Specifies the host+port that
|
|
.Nm
|
|
will listen on for unsecured HTTP traffic. This will only forward traffic to HTTPS.
|
|
|
|
.It Ev SSL_ADDR
|
|
Specifies the host+port that
|
|
.Nm
|
|
will listen on for secure (TLS) traffic. This should have port 443 if you want Let's Encrypt to work (you probably want Let's Encrypt to work).
|
|
|
|
.It Ev QUIC_ADDR
|
|
Specifies the host+port that
|
|
.Nm
|
|
will listen on for secure (TLS) QUIC traffic. For more information see https://datatracker.ietf.org/wg/quic/about/. This should also be port 443, but is not essential for Let's Encrypt to work.
|
|
|
|
.It Ev BACKEND_TCP_ADDR
|
|
Specifies the host+port that
|
|
.Nm
|
|
will listen on for secure (TLS) TCP connections from backends. Any client that is successfully able to authenticate with
|
|
.Nm
|
|
on this port will relay HTTP traffic from to and from end users.
|
|
|
|
.It Ev BACKEND_KCP_ADDR
|
|
Specifies the host+port that
|
|
.Nm
|
|
will listen on for secure (TLS) KCP (reliable-UDP) connections from backends. Any client that is successfully able to authenticate with
|
|
.Nm
|
|
on this port will relay HTTP traffic from to and from end users.
|
|
|
|
For more information about KCP, see https://github.com/xtaci/kcp-go
|
|
|
|
.It Ev GRPC_ADDR
|
|
Specifies the host+post that
|
|
.Nm
|
|
will listen on for secure (TLS) TCP gRPC connections from clients wishing to control
|
|
.Nm
|
|
configuration. Authentication is enforced and requires the use of an API token generated by the API call route.Tokens.Put.
|
|
|
|
.It Ev DOMAIN_SUFFIX
|
|
Specifies the domain suffix that
|
|
.Nm
|
|
will use when automatically generating a domain name for a newly created route. Please set this to something that has a wildcard DNS record pointing to your instances of routed.
|
|
|
|
.It Ev ACME_EMAIL
|
|
Specifies the email address that
|
|
.Nm
|
|
will use when creating a new account with Let's Encrypt. This assumes you have read (and agree to) the Let's Encrypt terms of service found here: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
|
|
|
|
.It Ev SSL_CERT_KEY
|
|
Specifies the encryption key that
|
|
.Nm
|
|
will use when encrypting and decrypting SSL certificates when loading them from and saving them to the database. This can be created with
|
|
.Xr route-cli 1 .
|
|
|
|
.El
|
|
|
|
|
|
.Sh IMPLEMENTATION NOTES
|
|
|
|
In order for
|
|
.Nm
|
|
to route traffic, a route must be set up using
|
|
.Xr route-cli 1 .
|
|
Please see its manpage for more information on how to do this.
|
|
|
|
.Nm
|
|
exposes debugging and introspection information on a randomly generated port every time it starts up. The message will look something like:
|
|
|
|
2017/12/13 02:06:56 manhole: Now listening on http://127.0.0.1:39245
|
|
|
|
Expose this using
|
|
.Xr route-httpagent 1
|
|
or similar tools.
|
|
|
|
.Nm
|
|
can be managed using terraform. See
|
|
.Xr terraform-provider-route 1
|
|
for more information.
|
|
|
|
|
|
.Sh EXAMPLES
|
|
|
|
routed
|
|
|
|
|
|
.Sh DIAGNOSTICS
|
|
|
|
.Ex -std routed
|
|
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Bl -bullet
|
|
|
|
.It
|
|
https://datatracker.ietf.org/wg/quic/about/
|
|
|
|
.It
|
|
https://github.com/xtaci/kcp-go
|
|
|
|
.It
|
|
https://grpc.io/
|
|
|
|
.It
|
|
https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
|
|
|
|
.El
|