diff --git a/INSTALL.md b/INSTALL.md index dce4b89..6d96cca 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -488,24 +488,24 @@ Now edit the `etc/config` file ```sh TLD='mynet' LOCAL_SERVER='hn' -IPV4_NET='10.11.0.0/16' -IPV6_NET='fd69:1337:0:420:f4:11::/96' -WG_DNS='DNS=10.11.0.1' +IPV4_NET='10.99.0.0/16' +IPV6_NET='fd69:1337:0:420:f4:99::/96' +WG_DNS='DNS=10.99.0.1' SSL_CONFIG_DIR="/etc/ssl/private/${TLD}" SSL_CA_CERT="${SSL_CONFIG_DIR}/_ca.crt" SSL_CA_KEY="${SSL_CONFIG_DIR}/_ca.key" SSL_ORG='My Cool Organization' SSL_DAYS='3650' SSL_CA_PASS='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -DNS_KEY='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==' -DNS_MASTER='10.3.0.1' +DNS_KEY='hmac-sha512:wagon:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==' +DNS_MASTER='10.99.0.1' DNS_TTL='86400' ``` -This file should be mostly self-explanitory. "SSL_CA_PASS" is the CA key passphrase created in the last section. The "DNS_KEY" can be found in the "secret" section of the `/etc/bind/keys/wagon.keys` file, which looks like this: +This file should be mostly self-explanitory. "SSL_CA_PASS" is the CA key passphrase created in the last section. The "DNS_KEY" string should be created from the `/etc/bind/keys/wagon.keys` file, which looks like this: ```tsig -key "wgapi-ksn" { +key "wagon" { algorithm hmac-sha512; secret "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=="; }; @@ -533,11 +533,11 @@ That's not bad. We could take requests on that port, but let's take secure https # User API server { server_name wagon-dashboard-api.hn.mynet; - listen 10.11.0.1:443 ssl http2; + listen 10.99.0.1:443 ssl http2; ssl_certificate /etc/ssl/private/mynet/hn/server.crt; ssl_certificate_key /etc/ssl/private/mynet/hn/server.key; ssl_stapling off; - allow 10.11.0.0/16; # All users + allow 10.99.0.0/16; # All users deny all; # Everyone else location / { proxy_pass http://localhost:4442; @@ -547,12 +547,12 @@ server { # Admin API server { server_name wagon-admin-api.hn.mynet; - listen 10.11.0.1:443 ssl http2; + listen 10.99.0.1:443 ssl http2; ssl_certificate /etc/ssl/private/mynet/hn/server.crt; ssl_certificate_key /etc/ssl/private/mynet/hn/server.key; ssl_stapling off; - allow 10.11.1.0/24; # One admin - allow 10.11.7.0/24; # Another admin + allow 10.99.1.0/24; # One admin + allow 10.99.7.0/24; # Another admin deny all; # Everyone else location / { proxy_pass http://localhost:4441;