torch-subscriber-docker/README.md

106 lines
4.5 KiB
Markdown
Raw Normal View History

2020-10-23 09:19:32 +00:00
# TORch Subscriber Docker Compose
2020-10-23 09:42:37 +00:00
This is a [Docker Compose](https://docs.docker.com/compose/) project for assembling a service to receive [TORch](https://git.rudefox.io/bj/torch-agent) notifications from remote nodes and store them for access via RESTful interface.
2020-10-23 09:19:32 +00:00
It is composed of the following micro-services:
* Tor proxy - for receving notifications from remote TORch clients via Tor
* Broker - for managing publications and subscriptions
* Torchsub - for receiving notifications, maintaining a database of the latest connection info for each remote note and serving them via HTTP
2020-10-23 09:42:37 +00:00
## Dependencies
2020-10-23 10:48:46 +00:00
* [Install Docker](https://docs.docker.com/engine/install/ubuntu/)
* [Install Docker Compose](https://docs.docker.com/compose/install/)
2020-10-23 09:42:37 +00:00
## Quick Start
2020-10-23 09:19:32 +00:00
2020-10-23 10:48:46 +00:00
1. Create an `.env` file based on [`.env.example`](.env.example) in the project root
2020-10-23 09:19:32 +00:00
2020-10-23 09:42:37 +00:00
* **CONFIG_DIR**: points to the local configuration directory for the broker and torchsub micro-services (you will create this in the next step)
2020-10-23 09:19:32 +00:00
2020-10-23 09:42:37 +00:00
* **BROKER_MQTT_PORT**: (suggested: 1883) must match the port that you configured mosquitto to listen for MQTT on
2020-10-23 09:19:32 +00:00
2020-10-23 10:13:00 +00:00
* **BROKER_MQTTS_PORT**: (suggested: 8883) must match the port that you configured mosquitto to listen for MQTTS on
2020-10-23 09:19:32 +00:00
2020-10-23 09:42:37 +00:00
* **HTTP_PORT**: the port that you would like Torchsub to listen on for incoming HTTP-REST requests for client connection info
2020-10-23 09:19:32 +00:00
2. Create the local configuration directory pointed to by `.env`
1. Create [Mosquitto](https://mosquitto.org/man/mosquitto-conf-5.html) configuration files
* Create a `mosquitto.conf` based on the [example](example-config/mosquitto.conf)
* Add applicable `ca.crt`, key and/or broker certificate files as applicable for the mosquitto configuration
2. Create a `torch-sub.conf` per the [torch-subscriber-simple](https://git.rudefox.io/bj/torch-subscriber-simple) project
* Add applicable `ca.crt`, key and/or broker certificate files as applicable for the `torch-sub.conf` configuration
3. Run `docker-compose up -d` from the project directory to launch the services
4. Get the Tor onion hostname of your newly launched TORch node monitor
2020-10-23 09:42:37 +00:00
* Keep the onion hostname private
2020-10-23 09:19:32 +00:00
```bash
2020-10-23 10:13:00 +00:00
ubuntu@broker:~$ docker-compose exec tor svc-hostname
2020-10-23 09:19:32 +00:00
*****
* Service Onion Hostname: 24xb3hb2pajid44ugroua2ndvpipvmuw6pfjrivlbupxhpwbugfhdeqd.onion
*****
```
2020-10-23 10:13:00 +00:00
5. Configure any remote [TORch agent](https://git.rudefox.io/bj/torch-agent) instances with the above onion hostname by editing their `torch.conf` files
2020-10-23 09:19:32 +00:00
2020-10-23 10:13:00 +00:00
* The idea is really to provision new nodes with this instances of TORch Agent configured with this onion hostname, so that when they boot they will phone home with Tor connection info
2020-10-23 09:19:32 +00:00
2020-10-23 10:13:00 +00:00
1. Set `BrokerHost` to the Tor onion hostname
2020-10-23 09:19:32 +00:00
2020-10-23 10:13:00 +00:00
2. Set `BrokerPort` to the Mosquitto MQTT broker port you used above (ex. `1883`)
2020-10-23 09:19:32 +00:00
2020-10-23 10:13:00 +00:00
3. You should set `RequiredCertificate` to `false` because torch-agent won't be able to match the broker's certificate to the Tor onion hostname
4. Be sure to match the `Topic` with the pattern you told Torchsub to subscribe to when you configured Torchsub using `torch-sub.conf` above
2020-10-23 09:19:32 +00:00
```bash
# Example TORch Agent torch.conf configuration
[tor]
ControllerPort = 9051
[ssh]
Port = 22
[mqtt]
BrokerHost = 7v4jfonpcvvv4cy32po3uwqr56hvjag6ljpauennshecmzv4deq27lyd.onion
BrokerPort = 1883
ClientID = vagrant
Topic = torch/vagrant/wake
RequireCertificate = false
CaFile = ca.crt
CertFile = vagrant.crt
KeyFile = vagrant.key
```
2020-10-23 09:42:37 +00:00
6. Check the latest client connection info using the RESTful interface on the port you specified in the `.env` file above:
```bash
2020-10-23 10:13:00 +00:00
ubuntu@broker:~$ curl http://localhost:7700/clients
2020-10-23 09:42:37 +00:00
{"vagrant": {"clientId": "vagrant", "timestamp": "23-Oct-2020 (09:35:12.282901)", "onionAddress": "xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion", "sshPort": 22}}
```
7. You should be able to connect to this remote node using SSH through your local Tor proxy
```bash
ubuntu@broker:~$ torify ssh vagrant@xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion
The authenticity of host 'xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion (127.42.42.0)' can't be established.
ECDSA key fingerprint is SHA256:WSLn8lruVwPfqw5vmeZgZeTrulxboDKdJnnFMKiEGv8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynotglyd.onion' (ECDSA) to the list of known hosts.
vagrant@xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion's password:
Last login: Fri Oct 23 09:34:22 2020 from 10.0.2.2
vagrant@ubuntu2004:~$
```