summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2013-10-08 22:36:43 +0200
committervarac <varacanero@zeromail.org>2013-10-08 22:36:43 +0200
commita78b90b0d4f06e21297de63ab57058dd2f005e0b (patch)
treee8ad086eedd8bea9071959604b42ea2c1ae48023
parent42ca71d1e5c4d18ab8816b251bd9748d575b285a (diff)
parent869cc545ead62fd4cd67cbd60883bdda4349ed14 (diff)
Merge branch 'master' of ssh://code.leap.se/leap_doc
Conflicts: docs/platform/quick-start.md
-rw-r--r--docs/platform/quick-start.md16
1 files changed, 7 insertions, 9 deletions
diff --git a/docs/platform/quick-start.md b/docs/platform/quick-start.md
index ccd62a1..0bce271 100644
--- a/docs/platform/quick-start.md
+++ b/docs/platform/quick-start.md
@@ -33,7 +33,7 @@ In order to complete this Quick Start, you will need a few things:
* The ability to create/modify DNS entries for your domain is preferable, but not needed. If you don't have access to DNS, you can workaround this by modifying your local resolver, i.e. editing `/etc/hosts`.
* You need to be aware that this process will make changes to your systems, so please be sure that these machines are a basic install with nothing configured or running for other purposes
* Your machines will need to be connected to the internet, and not behind a restrictive firewall.
-* You should work locally on your laptop/workstation (one that you trust and that is ideally full-disk encrypted) while going through this guide. This is important because the provider configuration you are creating contains sensible data that should not reside on a remote machine. The leap cli utility will login to your servers and configure the services.
+* You should work locally on your laptop/workstation (one that you trust and that is ideally full-disk encrypted) while going through this guide. This is important because the provider configurations you are creating contain sensitive data that should not reside on a remote machine. The leap cli utility will login to your servers and configure the services.
All the commands in this tutorial are run on your sysadmin machine. In order to complete the tutorial, the sysadmin will do the following:
@@ -62,7 +62,7 @@ Install pre-requisites
Install core prerequisites:
- $ sudo apt-get install git ruby ruby-dev rsync openssh-client openssl rake make
+ $ sudo apt-get install git ruby ruby-dev rsync openssh-client openssl rake make bzip2
<!--
*Mac OS*
@@ -122,6 +122,7 @@ First we'll create a directory for LEAP things, and then we'll check out the pla
$ mkdir ~/leap
$ cd ~/leap
$ git clone https://leap.se/git/leap_platform.git
+ $ cd leap_platform
$ git submodule sync; git submodule update --init
@@ -173,7 +174,8 @@ NOTE: in most cases, `leap` must be run from within a provider instance director
Create provider certificates
----------------------------
-Create two certificate authorities, one for server certs and one for client certs:
+Create two certificate authorities, one for server certs and one for client
+certs (note: you only need to run this one command to get both):
$ leap cert ca
@@ -189,11 +191,7 @@ Create the Diffie-Hellman parameters file, needed for forward secret OpenVPN cip
$ leap cert dh
-Create server certificates for all the nodes you have added:
-
- $ leap cert update
-
-NOTE: the file `files/ca/ca.key` is extremely sensitive and must be carefully protected. The other key files are much less sensitive and can simply be regenerated if needed.
+NOTE: the files `files/ca/*.key` are extremely sensitive and must be carefully protected. The other key files are much less sensitive and can simply be regenerated if needed.
Edit provider.json configuration
@@ -249,7 +247,7 @@ Set up your DNS with these hostnames:
$ leap list --print ip_address,domain.full,dns.aliases
couch1 x.x.x.w, couch1.example.org, null
- web1 x.x.x.x, web1.example.org, api.example.org
+ web1 x.x.x.x, web1.example.org, api.example.org, nicknym.example.org
vpn1 x.x.x.y, vpn1.example.org, null
Alternately, you can adapt this zone file snippet: