diff --git a/docs/developer-guide/gateway-tunnelling-setup.md b/docs/developer-guide/gateway-tunnelling-setup.md index 034c5e8..91a1072 100644 --- a/docs/developer-guide/gateway-tunnelling-setup.md +++ b/docs/developer-guide/gateway-tunnelling-setup.md @@ -9,14 +9,16 @@ This guide describes the steps necessary to setup the gateway tunnelling functio ## Edge Instance Setup ### SSH keys + * `mkdir -p deployment/sish/pubkeys deployment/sish/client deployment/sish/keys` -* `ssh-keygen -t ed25519 -b 4096` -f client +* `ssh-keygen -t ed25519 -b 4096 -f client` * `mv client.pub deployment/sish/pubkeys` * `mv client deployment/sish/client` (this will be needed by the edge instances) - Optionally encrypt this file using gradle task -* `ssh-keygen -t ed25519 -b 4096` -f server_key +* `ssh-keygen -t ed25519 -b 4096 -f server_key` * `mv server_key deployment/sish/keys` ### Docker envrionment variables + * Set Keycloak container environment variables: * `KEYCLOAK_ISSUER_BASE_URI: https://${OR_HOSTNAME}/auth` * `KC_HOSTNAME:` This must be blank or completely removed (i.e. do not set this environment variable) @@ -25,8 +27,8 @@ This guide describes the steps necessary to setup the gateway tunnelling functio * `OR_WEBSERVER_ALLOWED_ORIGINS: *` * `OR_GATEWAY_TUNNEL_SSH_KEY_FILE=` (/deployment/sish/client/cert) - ## Central Instance Setup + * Set AWS_ROUTE53_ROLE on proxy container (this can be left as empty string to inherit from AWS EC2 instance provided the instance is using a cloudformation template that sets this value in `/etc/environment`) * Set `DOMAINNAMES` to include wildcard certificate e.g. `*.example.openremote.app` * Add wildcard DNS A/AAAA record(s) e.g. `*.example.openremote.app` @@ -35,4 +37,3 @@ This guide describes the steps necessary to setup the gateway tunnelling functio * Set TCP port range in sish service (to allow raw TCP tunnelling) * Allow inbound access to port `2222` and to the TCP port range exposed on the instance * Generate or select existing SSH private key and add this to the deployment image and set SISH variable: `--private-keys-directory` -