parent
12a1809a88
commit
e0f6847581
|
@ -22,6 +22,8 @@ This document attempts to track **major** changes and additions in ENiGMA½. For
|
||||||
* `install.sh` will now attempt to use NPM's `--build-from-source` option when ARM is detected.
|
* `install.sh` will now attempt to use NPM's `--build-from-source` option when ARM is detected.
|
||||||
* `oputil.js config new` will now generate a much more complete configuration file with comments, examples, etc. `oputil.js config cat` dumps your current config to stdout.
|
* `oputil.js config new` will now generate a much more complete configuration file with comments, examples, etc. `oputil.js config cat` dumps your current config to stdout.
|
||||||
* Handling of failed login attempts is now fully in. Disconnect clients, lock out accounts, ability to auto or unlock at (email-driven) password reset, etc. See `users.failedLogin` in `config.hjson`.
|
* Handling of failed login attempts is now fully in. Disconnect clients, lock out accounts, ability to auto or unlock at (email-driven) password reset, etc. See `users.failedLogin` in `config.hjson`.
|
||||||
|
* NNTP support! See [NNTP docs](/docs/servers/nntp.md) for more information.
|
||||||
|
* `oputil.js user rm` and `oputil.js user info` are in! See [oputil CLI](/docs/admin/oputil.md).
|
||||||
|
|
||||||
|
|
||||||
## 0.0.8-alpha
|
## 0.0.8-alpha
|
||||||
|
|
|
@ -56,6 +56,8 @@
|
||||||
- Build your own
|
- Build your own
|
||||||
- Content Servers
|
- Content Servers
|
||||||
- [Web]({{ site.baseurl }}{% link servers/web-server.md %})
|
- [Web]({{ site.baseurl }}{% link servers/web-server.md %})
|
||||||
|
- [Gopher]({{ site.baseurl }}{% link servers/gopher.md %})
|
||||||
|
- [NNTP]({{ site.baseurl }}{% link servers/nntp.md %})
|
||||||
|
|
||||||
- Modding
|
- Modding
|
||||||
- [Local Doors]({{ site.baseurl }}{% link modding/local-doors.md %})
|
- [Local Doors]({{ site.baseurl }}{% link modding/local-doors.md %})
|
||||||
|
|
|
@ -6,7 +6,7 @@ title: File Area List
|
||||||
The built in `file_area_list` module provides a very flexible file listing UI.
|
The built in `file_area_list` module provides a very flexible file listing UI.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
## Config Block
|
### Config Block
|
||||||
Available `config` block entries:
|
Available `config` block entries:
|
||||||
* `art`: Sub-configuration block used to establish art files used for file browsing:
|
* `art`: Sub-configuration block used to establish art files used for file browsing:
|
||||||
* `browse`: The main browse screen.
|
* `browse`: The main browse screen.
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
layout: page
|
||||||
|
title: Gopher Server
|
||||||
|
---
|
||||||
|
## The Gopher Content Server
|
||||||
|
The Gopher *content server* provides access to publicly exposed message conferences and areas over Gopher (gopher://).
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
Gopher configuration is found in `contentServers.gopher` in `config.hjson`.
|
||||||
|
|
||||||
|
| Item | Required | Description |
|
||||||
|
|------|----------|-------------|
|
||||||
|
| `enabled` | :+1: | Set to `true` to enable Gopher |
|
||||||
|
| `port` | :-1: | Override the default port of `8070` |
|
||||||
|
| `publicHostName` | :+1: | Set the **public** hostname/domain that Gopher will serve to the outside world. Example: `myfancybbs.com` |
|
||||||
|
| `publicPort` | :+1: | Set the **public** port that Gopher will serve to the outside world. |
|
||||||
|
| `messageConferences` | :+1: | An map of *conference tags* to *area tags* that are publicly exposed via Gopher. See example below. |
|
||||||
|
|
||||||
|
Notes on `publicHostName` and `publicPort`:
|
||||||
|
The Gopher protocol serves content that contains host/domain and port even when referencing it's own documents. Due to this, these members must be set to your publicly addressable Gopher server!
|
||||||
|
|
||||||
|
### Example
|
||||||
|
Let's suppose you are serving Gopher for your BBS at `myfancybbs.com`. Your ENiGMA½ system is listening on the default Gopher `port` of 8070 but you're behind a firewall and want port 70 exposed to the public. Lastly, you want to expose some fsxNet areas:
|
||||||
|
|
||||||
|
```hjson
|
||||||
|
contentServers: {
|
||||||
|
gopher: {
|
||||||
|
enabled: true
|
||||||
|
publicHostName: myfancybbs.com
|
||||||
|
publicPort: 70
|
||||||
|
|
||||||
|
messageConferences: {
|
||||||
|
fsxnet: { // fsxNet's conf tag
|
||||||
|
// Areas of fsxNet we want to expose:
|
||||||
|
"fsx_gen", "fsx_bbs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
|
@ -0,0 +1,66 @@
|
||||||
|
---
|
||||||
|
layout: page
|
||||||
|
title: NNTP Server
|
||||||
|
---
|
||||||
|
## The NNTP Content Server
|
||||||
|
The NNTP *content server* provides access to publicly exposed message conferences and areas over either **secure** NNTPS (NNTP over TLS or nttps://) and/or non-secure NNTP (nntp://).
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
| Item | Required | Description |
|
||||||
|
|------|----------|-------------|
|
||||||
|
| `nntp` | :-1: | Configuration block for non-secure NNTP. See Non-Secure NNTP Configuration below. |
|
||||||
|
| `nntps` | :-1: | Configuration block for secure NNTP. See Secure NNTPS Configuration below. |
|
||||||
|
| `publicMessageConferences` | :+1: | A map of *conference tags* to *area tags* that are publicly exposed over NNTP. Anonymous users will get read-only access to these areas. |
|
||||||
|
|
||||||
|
### See Non-Secure NNTP Configuration
|
||||||
|
Under `contentServers.nntp.nntp` the following configuration is allowed:
|
||||||
|
|
||||||
|
| Item | Required | Description |
|
||||||
|
|------|----------|-------------|
|
||||||
|
| `enabled` | :+1: | Set to `true` to enable non-secure NNTP access. |
|
||||||
|
| `port` | :-1: | Override the default port of `8119`. |
|
||||||
|
|
||||||
|
### Secure NNTPS Configuration
|
||||||
|
Under `contentServers.nntp.nntps` the following configuration is allowed:
|
||||||
|
|
||||||
|
| Item | Required | Description |
|
||||||
|
|------|----------|-------------|
|
||||||
|
| `enabled` | :+1: | Set to `true` to enable secure NNTPS access. |
|
||||||
|
| `port` | :-1: | Override the default port of `8565`. |
|
||||||
|
| `certPem` | :-1: | Override the default certificate file path of `./config/nntps_cert.pem` |
|
||||||
|
| `keyPem` | :-1: | Override the default certificate key file path of `./config/nntps_key.pem` |
|
||||||
|
|
||||||
|
#### Certificates and Keys
|
||||||
|
In order to use secure NNTPS, a TLS certificate and key pair must be provided. You may generate your own but most clients **will not trust** them. A certificate and key from a trusted Certificate Authority is recommended. [Let's Encrypt](https://letsencrypt.org/) provides free TLS certificates. Certificates and private keys must be in [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail).
|
||||||
|
|
||||||
|
##### Generating Your Own
|
||||||
|
An example of generating your own cert/key pair:
|
||||||
|
```bash
|
||||||
|
openssl req -newkey rsa:2048 -nodes -keyout ./config/nntps_key.pem -x509 -days 3050 -out ./config/nntps_cert.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
### Example Configuration
|
||||||
|
```hjson
|
||||||
|
contentServers: {
|
||||||
|
nntp: {
|
||||||
|
publicMessageConferences: {
|
||||||
|
fsxnet: [
|
||||||
|
// Expose these areas of fsxNet
|
||||||
|
"fsx_gen", "fsx_bbs"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
nntp: {
|
||||||
|
enabled: true
|
||||||
|
}
|
||||||
|
|
||||||
|
nntps: {
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
// These could point to Let's Encrypt provided pairs for example:
|
||||||
|
certPem: /path/to/some/tls_cert.pem
|
||||||
|
keyPem: /path/to/some/tls_private_key.pem
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
|
@ -2,15 +2,24 @@
|
||||||
layout: page
|
layout: page
|
||||||
title: SSH Server
|
title: SSH Server
|
||||||
---
|
---
|
||||||
## Generate a SSH Private Key
|
## SSH Login Server
|
||||||
|
The ENiGMA½ SSH *login server* allows secure user logins over SSH (ssh://).
|
||||||
|
|
||||||
To utilize the SSH server, an SSH Private Key will need generated. From the ENiGMA installation directory:
|
## Configuration
|
||||||
|
Entries available under `config.loginServers.ssh`:
|
||||||
|
|
||||||
```bash
|
| Item | Required | Description |
|
||||||
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
|
|------|----------|-------------|
|
||||||
```
|
| `privateKeyPem` | :-1: | Path to private key file. If not set, defaults to `./config/ssh_private_key.pem` |
|
||||||
|
| `privateKeyPass` | :+1: | Password to private key file.
|
||||||
|
| `firstMenu` | :-1: | First menu an SSH connected user is presented with. Defaults to `sshConnected`. |
|
||||||
|
| `firstMenuNewUser` | :-1: | Menu presented to user when logging in with one of the usernames found within `users.newUserNames` in your `config.hjson`. Examples include `new` and `apply`. |
|
||||||
|
| `enabled` | :+1: | Set to `true` to enable the SSH server. |
|
||||||
|
| `port` | :-1: | Override the default port of `8443`. |
|
||||||
|
| `algorithms` | :-1: | Configuration block for SSH algorithms. Includes keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config.js`.
|
||||||
|
| `traceConnections` | :-1: | Set to `true` to enable full trace-level information on SSH connections.
|
||||||
|
|
||||||
You then need to enable the SSH server in your `config.hjson`:
|
### Example Configuration
|
||||||
|
|
||||||
```hjson
|
```hjson
|
||||||
{
|
{
|
||||||
|
@ -19,21 +28,15 @@ You then need to enable the SSH server in your `config.hjson`:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 8889
|
port: 8889
|
||||||
privateKeyPem: /path/to/ssh_private_key.pem
|
privateKeyPem: /path/to/ssh_private_key.pem
|
||||||
privateKeyPass: YOUR_PK_PASS
|
privateKeyPass: sup3rs3kr3tpa55
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### SSH Server Options
|
## Generate a SSH Private Key
|
||||||
|
To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task:
|
||||||
|
|
||||||
| Option | Description
|
```bash
|
||||||
|---------------------|--------------------------------------------------------------------------------------|
|
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
|
||||||
| `privateKeyPem` | Path to private key file.
|
```
|
||||||
| `privateKeyPass` | Password to private key file.
|
|
||||||
| `firstMenu` | First menu an SSH connected user is presented with.
|
|
||||||
| `firstMenuNewUser` | Menu presented to user when logging in with `users::newUserNames` in your config.hjson (defaults to `new` and `apply`).
|
|
||||||
| `enabled` | Enable/disable SSH server.
|
|
||||||
| `port` | Configure a custom port for the SSH server.
|
|
||||||
| `algorithms` | Configuration block for SSH algoritms. Includes arrays with keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config.js`.
|
|
||||||
| `traceConnections` | Set to `true` to enable full trace-level information on SSH connections.
|
|
||||||
|
|
|
@ -2,9 +2,19 @@
|
||||||
layout: page
|
layout: page
|
||||||
title: Telnet Server
|
title: Telnet Server
|
||||||
---
|
---
|
||||||
|
## Telnet Login Server
|
||||||
|
The Telnet *login server* provides a standard **non-secure** Telnet login experience.
|
||||||
|
|
||||||
Telnet is enabled by default on port `8888` in `config.hjson`:
|
## Configuration
|
||||||
|
The following configuration can be made in `config.hjson` under the `loginServers.telnet` block:
|
||||||
|
|
||||||
|
| Item | Required | Description |
|
||||||
|
|------|----------|-------------|
|
||||||
|
| `enabled` | :-1: Defaults to `true`. Set to `false` to disable Telnet |
|
||||||
|
| `port` | :-1: | Override the default port of `8888`. |
|
||||||
|
| `firstMenu` | :-1: | First menu a telnet connected user is presented with. Defaults to `telnetConnected`. |
|
||||||
|
|
||||||
|
### Example Configuration
|
||||||
```hjson
|
```hjson
|
||||||
{
|
{
|
||||||
loginServers: {
|
loginServers: {
|
||||||
|
@ -16,10 +26,4 @@ Telnet is enabled by default on port `8888` in `config.hjson`:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Telnet Server Options
|
|
||||||
|
|
||||||
| Option | Description
|
|
||||||
|---------------------|--------------------------------------------------------------------------------------|
|
|
||||||
| `firstMenu` | First menu a telnet connected user is presented with
|
|
||||||
| `enabled` | Enable/disable telnet server
|
|
||||||
| `port` | Configure a custom port for the telnet server
|
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
layout: page
|
layout: page
|
||||||
title: Web Socket / Web Interface Server
|
title: Web Socket / Web Interface Server
|
||||||
---
|
---
|
||||||
|
## WebSocket Login Server
|
||||||
|
The WebSocket Login Server provides **secure** (wss://) as well as non-secure (ws://) WebSocket login access. This is often combined with a browser based WebSocket client such as VTX or fTelnet.
|
||||||
|
|
||||||
# VTX Web Client
|
# VTX Web Client
|
||||||
ENiGMA supports the VTX websocket client for connecting to your BBS from a web page. Example usage can be found at
|
ENiGMA supports the VTX websocket client for connecting to your BBS from a web page. Example usage can be found at
|
||||||
[Xibalba](https://l33t.codes/vtx/xibalba.html) and [fORCE9](https://bbs.force9.org/vtx/force9.html).
|
[Xibalba](https://l33t.codes/vtx/xibalba.html) and [fORCE9](https://bbs.force9.org/vtx/force9.html).
|
||||||
|
|
Loading…
Reference in New Issue