Awesome
braidcert
This application serves as the Public Key Infrastructure (PKI) for braidnet.
Braidcert handles generating SSL certificates used for TLS distribution between braidnet instances, as well as braidnode instances.
Also refer to the README.md in the braidnet repository for braidnet-specific details on setting up the applications to work together.
Build
$ rebar3 compile
Local deployment
To run braidcert locally, just start a rebar3 shell:
$ rebar3 shell
Production environment
You might want to replace the throwaway CA certificate braidcert generates with a permanent one. See the Configuration section below for disabling the automatic CA certificate creation.
For now, braidcert (and braidnet) is meant to be deployed on Fly.io.
Create a new Fly application, replace the value of the app
field
in the fly.toml
file in this repo with your Fly app's name,
and deploy using flyctl
.
Configuration
Customize the certificate configuration files under certs/cfg/
.
When braidcert is ran via the rebar3 shell, config/shell.config
applies.
When the relx release is ran, config/container.config.src
applies.
The possible configuration values are:
[
{braidcert, [
% The port braidcert should listen on for requests from braidnet:
{cowboy_port, integer()},
% Token for HTTP Bearer authentication between braidcert and braidnet:
{key, binary()},
% Whether braidcert should generate a new CA certificate at startup:
{generate_ca, boolean()}
]}
].