+ NNTP docs

+ Gopher docs
* Minor doc cleanup
This commit is contained in:
Bryan Ashby 2018-12-17 11:09:42 -07:00
parent 12a1809a88
commit e0f6847581
8 changed files with 156 additions and 36 deletions

View File

@ -22,6 +22,8 @@ This document attempts to track **major** changes and additions in ENiGMA½. For
* `install.sh` will now attempt to use NPM's `--build-from-source` option when ARM is detected.
* `oputil.js config new` will now generate a much more complete configuration file with comments, examples, etc. `oputil.js config cat` dumps your current config to stdout.
* Handling of failed login attempts is now fully in. Disconnect clients, lock out accounts, ability to auto or unlock at (email-driven) password reset, etc. See `users.failedLogin` in `config.hjson`.
* NNTP support! See [NNTP docs](/docs/servers/nntp.md) for more information.
* `oputil.js user rm` and `oputil.js user info` are in! See [oputil CLI](/docs/admin/oputil.md).
## 0.0.8-alpha

View File

@ -56,6 +56,8 @@
- Build your own
- Content Servers
- [Web]({{ site.baseurl }}{% link servers/web-server.md %})
- [Gopher]({{ site.baseurl }}{% link servers/gopher.md %})
- [NNTP]({{ site.baseurl }}{% link servers/nntp.md %})
- Modding
- [Local Doors]({{ site.baseurl }}{% link modding/local-doors.md %})

View File

@ -6,7 +6,7 @@ title: File Area List
The built in `file_area_list` module provides a very flexible file listing UI.
## Configuration
## Config Block
### Config Block
Available `config` block entries:
* `art`: Sub-configuration block used to establish art files used for file browsing:
* `browse`: The main browse screen.

40
docs/servers/gopher.md Normal file
View File

@ -0,0 +1,40 @@
---
layout: page
title: Gopher Server
---
## The Gopher Content Server
The Gopher *content server* provides access to publicly exposed message conferences and areas over Gopher (gopher://).
## Configuration
Gopher configuration is found in `contentServers.gopher` in `config.hjson`.
| Item | Required | Description |
|------|----------|-------------|
| `enabled` | :+1: | Set to `true` to enable Gopher |
| `port` | :-1: | Override the default port of `8070` |
| `publicHostName` | :+1: | Set the **public** hostname/domain that Gopher will serve to the outside world. Example: `myfancybbs.com` |
| `publicPort` | :+1: | Set the **public** port that Gopher will serve to the outside world. |
| `messageConferences` | :+1: | An map of *conference tags* to *area tags* that are publicly exposed via Gopher. See example below. |
Notes on `publicHostName` and `publicPort`:
The Gopher protocol serves content that contains host/domain and port even when referencing it's own documents. Due to this, these members must be set to your publicly addressable Gopher server!
### Example
Let's suppose you are serving Gopher for your BBS at `myfancybbs.com`. Your ENiGMA½ system is listening on the default Gopher `port` of 8070 but you're behind a firewall and want port 70 exposed to the public. Lastly, you want to expose some fsxNet areas:
```hjson
contentServers: {
gopher: {
enabled: true
publicHostName: myfancybbs.com
publicPort: 70
messageConferences: {
fsxnet: { // fsxNet's conf tag
// Areas of fsxNet we want to expose:
"fsx_gen", "fsx_bbs"
}
}
}
}
```

66
docs/servers/nntp.md Normal file
View File

@ -0,0 +1,66 @@
---
layout: page
title: NNTP Server
---
## The NNTP Content Server
The NNTP *content server* provides access to publicly exposed message conferences and areas over either **secure** NNTPS (NNTP over TLS or nttps://) and/or non-secure NNTP (nntp://).
## Configuration
| Item | Required | Description |
|------|----------|-------------|
| `nntp` | :-1: | Configuration block for non-secure NNTP. See Non-Secure NNTP Configuration below. |
| `nntps` | :-1: | Configuration block for secure NNTP. See Secure NNTPS Configuration below. |
| `publicMessageConferences` | :+1: | A map of *conference tags* to *area tags* that are publicly exposed over NNTP. Anonymous users will get read-only access to these areas. |
### See Non-Secure NNTP Configuration
Under `contentServers.nntp.nntp` the following configuration is allowed:
| Item | Required | Description |
|------|----------|-------------|
| `enabled` | :+1: | Set to `true` to enable non-secure NNTP access. |
| `port` | :-1: | Override the default port of `8119`. |
### Secure NNTPS Configuration
Under `contentServers.nntp.nntps` the following configuration is allowed:
| Item | Required | Description |
|------|----------|-------------|
| `enabled` | :+1: | Set to `true` to enable secure NNTPS access. |
| `port` | :-1: | Override the default port of `8565`. |
| `certPem` | :-1: | Override the default certificate file path of `./config/nntps_cert.pem` |
| `keyPem` | :-1: | Override the default certificate key file path of `./config/nntps_key.pem` |
#### Certificates and Keys
In order to use secure NNTPS, a TLS certificate and key pair must be provided. You may generate your own but most clients **will not trust** them. A certificate and key from a trusted Certificate Authority is recommended. [Let's Encrypt](https://letsencrypt.org/) provides free TLS certificates. Certificates and private keys must be in [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail).
##### Generating Your Own
An example of generating your own cert/key pair:
```bash
openssl req -newkey rsa:2048 -nodes -keyout ./config/nntps_key.pem -x509 -days 3050 -out ./config/nntps_cert.pem
```
### Example Configuration
```hjson
contentServers: {
nntp: {
publicMessageConferences: {
fsxnet: [
// Expose these areas of fsxNet
"fsx_gen", "fsx_bbs"
]
}
nntp: {
enabled: true
}
nntps: {
enabled: true
// These could point to Let's Encrypt provided pairs for example:
certPem: /path/to/some/tls_cert.pem
keyPem: /path/to/some/tls_private_key.pem
}
}
}
```

View File

@ -2,38 +2,41 @@
layout: page
title: SSH Server
---
## Generate a SSH Private Key
## SSH Login Server
The ENiGMA½ SSH *login server* allows secure user logins over SSH (ssh://).
To utilize the SSH server, an SSH Private Key will need generated. From the ENiGMA installation directory:
## Configuration
Entries available under `config.loginServers.ssh`:
```bash
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
```
| Item | Required | Description |
|------|----------|-------------|
| `privateKeyPem` | :-1: | Path to private key file. If not set, defaults to `./config/ssh_private_key.pem` |
| `privateKeyPass` | :+1: | Password to private key file.
| `firstMenu` | :-1: | First menu an SSH connected user is presented with. Defaults to `sshConnected`. |
| `firstMenuNewUser` | :-1: | Menu presented to user when logging in with one of the usernames found within `users.newUserNames` in your `config.hjson`. Examples include `new` and `apply`. |
| `enabled` | :+1: | Set to `true` to enable the SSH server. |
| `port` | :-1: | Override the default port of `8443`. |
| `algorithms` | :-1: | Configuration block for SSH algorithms. Includes keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config.js`.
| `traceConnections` | :-1: | Set to `true` to enable full trace-level information on SSH connections.
You then need to enable the SSH server in your `config.hjson`:
### Example Configuration
```hjson
{
loginServers: {
ssh: {
loginServers: {
ssh: {
enabled: true
port: 8889
privateKeyPem: /path/to/ssh_private_key.pem
privateKeyPass: YOUR_PK_PASS
port: 8889
privateKeyPem: /path/to/ssh_private_key.pem
privateKeyPass: sup3rs3kr3tpa55
}
}
}
```
### SSH Server Options
## Generate a SSH Private Key
To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task:
| Option | Description
|---------------------|--------------------------------------------------------------------------------------|
| `privateKeyPem` | Path to private key file.
| `privateKeyPass` | Password to private key file.
| `firstMenu` | First menu an SSH connected user is presented with.
| `firstMenuNewUser` | Menu presented to user when logging in with `users::newUserNames` in your config.hjson (defaults to `new` and `apply`).
| `enabled` | Enable/disable SSH server.
| `port` | Configure a custom port for the SSH server.
| `algorithms` | Configuration block for SSH algoritms. Includes arrays with keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config.js`.
| `traceConnections` | Set to `true` to enable full trace-level information on SSH connections.
```bash
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
```

View File

@ -2,24 +2,28 @@
layout: page
title: Telnet Server
---
## Telnet Login Server
The Telnet *login server* provides a standard **non-secure** Telnet login experience.
Telnet is enabled by default on port `8888` in `config.hjson`:
## Configuration
The following configuration can be made in `config.hjson` under the `loginServers.telnet` block:
| Item | Required | Description |
|------|----------|-------------|
| `enabled` | :-1: Defaults to `true`. Set to `false` to disable Telnet |
| `port` | :-1: | Override the default port of `8888`. |
| `firstMenu` | :-1: | First menu a telnet connected user is presented with. Defaults to `telnetConnected`. |
### Example Configuration
```hjson
{
loginServers: {
telnet: {
enabled: true
port: 8888
}
}
loginServers: {
telnet: {
enabled: true
port: 8888
}
}
}
```
### Telnet Server Options
| Option | Description
|---------------------|--------------------------------------------------------------------------------------|
| `firstMenu` | First menu a telnet connected user is presented with
| `enabled` | Enable/disable telnet server
| `port` | Configure a custom port for the telnet server

View File

@ -2,6 +2,9 @@
layout: page
title: Web Socket / Web Interface Server
---
## WebSocket Login Server
The WebSocket Login Server provides **secure** (wss://) as well as non-secure (ws://) WebSocket login access. This is often combined with a browser based WebSocket client such as VTX or fTelnet.
# VTX Web Client
ENiGMA supports the VTX websocket client for connecting to your BBS from a web page. Example usage can be found at
[Xibalba](https://l33t.codes/vtx/xibalba.html) and [fORCE9](https://bbs.force9.org/vtx/force9.html).