Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 26928c0

Browse files
vivguusdk
authored andcommitted
feat: Switch OCSP configuration to use domain names
- Update OCSP URL in certificate generation from IP to domain name - Add OCSP hostname to docker-compose network configuration - Document useful hosts file entries in README.md The changes make it easier to test OCSP locally with clients by using domain names that can be mapped in host files.
1 parent 7102765 commit 26928c0

File tree

4 files changed

+20
-3
lines changed

4 files changed

+20
-3
lines changed

‎federation/README.md‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,20 @@ XMPP 2 hosts the following MUC rooms:
4848
* `muc3`
4949
* `muc4`
5050

51+
## Hosts file entries
52+
To access the XMPP servers and (optional) OCSP responder from your local machine you should
53+
add entries to your hosts file:
54+
55+
```
56+
127.0.0.1 xmpp.localhost.example
57+
127.0.0.1 xmpp1.localhost.example
58+
127.0.0.1 xmpp2.localhost.example
59+
127.0.0.1 xmpp3.localhost.example
60+
127.0.0.1 ocsp.localhost.example
61+
```
62+
63+
This helps when testing with various clients and tools.
64+
5165
## Network
5266

5367
The Docker compose file defines a custom bridge network with a single subnet of `172.50.0.0/24`
@@ -154,6 +168,7 @@ All certificates are stored in `./_data/certs/`.
154168
This setup allows certificates to be checked for revocation status making a request to the
155169
OCSP responder:
156170
```bash
171+
```bash
157172
openssl ocsp -url http://localhost:8888 \
158173
-issuer _data/certs/ca/intermediate-ca/intermediate.crt \
159174
-CAfile _data/certs/chain1.pem \

‎federation/docker-compose-network-ipv4-only.yml‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ services:
1919
- "conference.xmpp1.localhost.example:172.50.0.10"
2020
- "xmpp2.localhost.example:172.50.0.20"
2121
- "conference.xmpp2.localhost.example:172.50.0.20"
22+
- "ocsp.localhost.example:172.50.0.30"
2223

2324
xmpp2:
2425
networks:
@@ -29,6 +30,7 @@ services:
2930
- "conference.xmpp1.localhost.example:172.50.0.10"
3031
- "xmpp2.localhost.example:172.50.0.20"
3132
- "conference.xmpp2.localhost.example:172.50.0.20"
33+
- "ocsp.localhost.example:172.50.0.30"
3234

3335
networks:
3436
openfire-federated-net:

‎federation/docker-compose-ocsp-responder.yml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@ services:
1515
#
1616
# Test Certificate Status:
1717
# ----------------------
18-
# openssl ocsp -url http://localhost:8888 \
18+
# openssl ocsp -url http://ocsp.localhost.example:8888 \
1919
# -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
2020
# -CAfile _data/certs/chain1.pem \
2121
# -cert _data/certs/server1.crt \
22-
# -text # Adds human-readable output
22+
# -text
2323
ocsp-responder:
2424
image: alpine:latest
2525
volumes:

‎federation/scripts/generate-certificates.sh‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
# OCSP server configuration
44
# Defines where the OCSP responder will be accessible in the Docker network
5-
OCSP_URL="http://172.50.0.30:8888"
5+
OCSP_URL="http://ocsp.localhost.example:8888"
66

77
# Base directory for all certificate-related files
88
# All paths in this script will be relative to this directory

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /