forest
c563be03d3
|
3 years ago | |
---|---|---|
child-process-service | 3 years ago | |
windows-service-wrapper | 3 years ago | |
.gitignore | 3 years ago | |
README.md | 3 years ago | |
caddy-config.json | 3 years ago | |
config_service.go | 3 years ago | |
go.mod | 3 years ago | |
go.sum | 3 years ago | |
main.go | 3 years ago | |
mascot-daemon.png | 3 years ago | |
picopublish.sh | 3 years ago | |
telemetry.go | 3 years ago |
README.md
greenhouse-daemon
This is the background service which runs/manages threshold + caddy and responds to requests from the UI.
It depends on threshold and SequentialRead's forked version of Caddy 2.
For now you must also provide caddy-config.json
inside GREENHOUSE_DAEMON_PATH
. Example config:
caddy-config.json
{
"admin": {
"disabled": false,
"listen": "127.0.0.1:9574",
"authorized_clients_ca_file": "greenhouse_daemon_localhost_ca.crt",
"tls_key_file": "greenhouse-daemon.key",
"tls_cert_file": "greenhouse-daemon.crt",
"config": {
"persist": false
}
}
}
forest's dev environment notes
Build and deploy to both the daemon that the desktop app uses (/opt/greenhouse-daemon
) and the daemon that the greenhouse server uses (../greenhouse/greenhouse-daemon
).
go build -o greenhouse-daemon .
sudo cp greenhouse-daemon /opt/greenhouse-daemon/greenhouse-daemon
mv greenhouse-daemon ../greenhouse/greenhouse-daemon/greenhouse-daemon
environment variables
GREENHOUSE_DAEMON_PATH
Default Value:
- Linux:
/opt/greenhouse-daemon
- Windows:
%ProgramData%\greenhouse-background-service
- MacOS:
/Library/Application Support/greenhouse-daemon
Path to folder where it will store all its files. This folder should be exclusively owned by the user that runs the greenhouse-daemon process for security reasons.
GREENHOUSE_DAEMON_CLOUD_URL
Default Value: https://greenhouse-alpha.server.garden
URL the daemon will use to contact the greenhouse cloud service, for example, to log into the users account.
GREENHOUSE_DAEMON_USE_UNIX_SOCKETS
Default Value: false
If set to true then the daemon will listen HTTP on unix sockets instead of listening HTTPS on local TCP ports.
ports used
greenhouse-daemon api: https://localhost:9572 -- certificate signed by daemon CA, the GUI does not validate the cert (it can't)
threshold admin api: https://localhost:9573 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy admin api: https://localhost:9574 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy http port: https://localhost:9575 -- used by caddy for http -> https redirects
caddy https port: https://localhost:9576 -- certificate signed by Let's Encrypt CA, public internet TLS
caddy tls port: https://localhost:9577 -- certificate signed by Let's Encrypt CA, public internet TLS
unix sockets used (alternative to ports)
All of these socket files are owned by whatever user is running the greenhouse-daemon process. They all use plain http with no TLS.
greenhouse-daemon api: /var/run/greenhouse-daemon.sock
threshold admin api: /var/run/greenhouse-daemon-threshold.sock
caddy admin api: /var/run/greenhouse-daemon-caddy-admin.sock
caddy http port: /var/run/greenhouse-daemon-caddy-http.sock
caddy https port: /var/run/greenhouse-daemon-caddy-https.sock
caddy tls port: /var/run/greenhouse-daemon-caddy-tls.sock