[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [meek/master] Regen man pages.



commit 451320610020753ccaee2d533972a6ae5a1873c0
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Sat Apr 22 23:30:37 2017 -0700

    Regen man pages.
---
 doc/meek-server.1 | 82 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 71 insertions(+), 11 deletions(-)

diff --git a/doc/meek-server.1 b/doc/meek-server.1
index 5dab7dd..09d198c 100644
--- a/doc/meek-server.1
+++ b/doc/meek-server.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: meek-server
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 08/10/2014
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 04/22/2017
 .\"    Manual: \ \&
 .\"    Source: \ \&
 .\"  Language: English
 .\"
-.TH "MEEK\-SERVER" "1" "08/10/2014" "\ \&" "\ \&"
+.TH "MEEK\-SERVER" "1" "04/22/2017" "\ \&" "\ \&"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,40 +31,96 @@
 meek-server \- The meek server transport plugin
 .SH "SYNOPSIS"
 .sp
-\fBmeek\-server\fR \fB\-\-cert\fR=\fIFILENAME\fR \fB\-\-key\fR=\fIFILENAME\fR [\fIOPTIONS\fR]
+\fBmeek\-server\fR \fB\-\-acme\-hostnames\fR=\fIHOSTNAME\fR [\fIOPTIONS\fR]
 .SH "DESCRIPTION"
 .sp
 meek\-server is a transport plugin for Tor that encodes a stream as a sequence of HTTP requests and responses\&.
 .sp
-The server runs in HTTPS mode by default, and the \fB\-\-cert\fR and \fB\-\-key\fR options are required\&. Use the \fB\-\-disable\-tls\fR option to run with plain HTTP\&.
+You will need to configure TLS certificates\&. There are two ways to set up certificates:
 .sp
-Configuration for meek\-server usually appears in a torrc file\&. Here is a sample configuration using HTTPS:
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-\-acme\-hostnames\fR=\fIHOSTNAME\fR
+(with optional
+\fB\-\-acme\-email\fR=\fIEMAIL\fR) will automatically get certificates for
+\fIHOSTNAME\fR
+using Let\(cqs Encrypt\&. This only works when meek\-server is running on port 443\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-\-cert\fR=\fIFILENAME\fR
+and
+\fB\-\-key\fR=\fIFILENAME\fR
+allow use to use your own externally acquired certificate\&.
+.RE
+.sp
+Configuration for meek\-server usually appears in a torrc file\&. Here is a sample configuration using automatic Let\(cqs Encrypt certificates:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 ExtORPort auto
-ServerTransportPlugin meek exec \&./meek\-server \-\-port 8443 \-\-cert cert\&.pem \-\-key key\&.pem \-\-log meek\-server\&.log
+ServerTransportListenAddr 0\&.0\&.0\&.0:443
+ServerTransportPlugin meek exec \&./meek\-server \-\-acme\-hostnames meek\-server\&.example \-\-log meek\-server\&.log
 .fi
 .if n \{\
 .RE
 .\}
 .sp
-Here is a sample configuration using plain HTTP:
+Here is a sample configuration using externally acquired certificates:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 ExtORPort auto
-ServerTransportPlugin meek exec \&./meek\-server \-\-port 8080 \-\-disable\-tls \-\-log meek\-server\&.log
+ServerTransportListenAddr meek 0\&.0\&.0\&.0:8443
+ServerTransportPlugin meek exec \&./meek\-server 8443 \-\-cert cert\&.pem \-\-key key\&.pem \-\-log meek\-server\&.log
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+To listen on port 443 without needed to run as root, on Linux, you can use the setcap program, part of libcap2:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+setcap \*(Aqcap_net_bind_service=+ep\*(Aq /usr/local/bin/meek\-server
 .fi
 .if n \{\
 .RE
 .\}
 .SH "OPTIONS"
 .PP
+\fB\-\-acme\-email\fR=\fIEMAIL\fR
+.RS 4
+Optional email address to register for Let\(cqs Encrypt notifications when using
+\fB\-\-acme\-hostnames\fR\&.
+.RE
+.PP
+\fB\-\-acme\-hostnames\fR=\fIHOSTNAME\fR[,\fIHOSTNAME\fR]\&...
+.RS 4
+Comma\-separated list of hostnames to honor when getting automatic certificates from Let\(cqs Encrypt\&. meek\-server has to be running on port 443 in order for the
+\fB\-\-acme\-hostnames\fR
+option to work\&. The certificates will be cached in the pt_state/meek\-certificate\-cache directory inside tor state directory\&.
+.RE
+.PP
 \fB\-\-cert\fR=\fIFILENAME\fR
 .RS 4
 Name of a PEM\-encoded TLS certificate file\&. Required unless
@@ -72,7 +128,7 @@ Name of a PEM\-encoded TLS certificate file\&. Required unless
 is used\&.
 .RE
 .sp
-\fB\-\-disable\-tls\fR: Use plain HTTP rather than HTTPS\&.
+\fB\-\-disable\-tls\fR: Use plain HTTP rather than HTTPS\&. This option is only for testing purposes\&. Don\(cqt use it in production\&.
 .sp
 \fB\-\-key\fR=\fIFILENAME\fR: Name of a PEM\-encoded TLS private key file\&. Required unless \fB\-\-disable\-tls\fR is used\&.
 .PP
@@ -83,7 +139,11 @@ Name of a file to write log messages to (default stderr)\&.
 .PP
 \fB\-\-port\fR=\fIPORT\fR
 .RS 4
-Port to listen on\&. Overrides the TOR_PT_SERVER_BINDADDR environment variable set by tor\&.
+Port to listen on\&. Overrides the TOR_PT_SERVER_BINDADDR environment variable set by tor\&. In most cases you should set the
+\fBServerTransportListenAddr\fR
+option in torrc, rather than use the
+\fB\-\-port\fR
+option\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits