update readme

2025-03-15 23:29:31 +01:00 · 2025-03-15 23:29:31 +01:00 · 8878e86045
commit 8878e86045
parent afb504e3c2
2 changed files with 41 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -12,6 +12,8 @@ no_hosts=true

 ```shell
 ./reset.sh # (re)initialize data
+cp data/reg/servnest.test.zone.default data/reg/servnest.test.zone
+cp data/reg/test.servnest.test.zone.default data/reg/test.servnest.test.zone
 ./upstream.sh # download and verify upstream software
 git clone https://code.antopie.org/servnest/sernvest/ core
 sqlite3 core/db/servnest.db < core/db/schema.sql
@ -24,6 +26,8 @@ mkdir data/ht/uri/ht.servnest.test

 ### Build

+Add `--no-cache` after `build` to update packages.
+
 ```shell
 # build base images
 podman-compose -f compose.yaml -f base.yaml build alpine
@ -32,21 +36,54 @@ podman-compose -f compose.yaml -f base.yaml build php
 podman-compose build
 ```

+### TLS certificates
+
+```shell
+podman-compose run -u root core certbot register
+podman-compose run -u root core certbot register --test-cert
+podman-compose run -u root core cat /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json
+podman-compose run -u root core find /etc/letsencrypt/accounts/ -name regr.json -exec cat {} \;
+# Set CAA records for servnest.test and ht.servnest.test
+podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "servnest.test"
+podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "ht.servnest.test"
+podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest-dns.ini" -d "*.ht.servnest.test" --cert-name "*.ht.servnest.test"
+# Update certificates paths in conf/nginx/
+```
+
 ### Run

-Optionally, to enable the `knot-secondary` service:
+Optionally, to enable the `knot-secondary` service, uncomment `notify:` lines in `knot.conf`, then:
 ```shell
-# uncomment "notify:" lines in knot.conf, then:
 podman-compose --profile=secondary up knot knot-secondary # generate QUIC keys
 ./setup-xoq.sh # setup mutual XFR over QUIC
 ```

 ```shell
-podman-compose up --detach # start containers
+podman-compose --podman-run-args="--replace" up --detach # start containers
 podman-compose logs # get logs
-podman-compose exec core sh -c 'php$PHP_VERSION /srv/servnest/core/jobs/check.php' # test main features
 ```

+### Test
+
+```shell
+podman-compose exec core sh -c 'php$PHP_VERSION /srv/servnest/core/jobs/check.php'
+```
+
+#### Test without public IP
+
+Before running `check.php`:
+
+- Set [`local_only_check`](https://servnest.niv.re/back/configuration#local_only_check) to `false` in `config.ini`.
+- Add the following configuration to `/etc/hosts` on the host system:
+```
+::1 servnest.test
+::1 ht.servnest.test
+::1 sftp.servnest.test
+```
+- For `ht`, the subdomain and dedicated site tests will fail anyway.
+
+### Bugs
+
 When running `up`, the only expected error messages are:
 > [sftpgo] | WRN provider initialized but data loading failed: stat sftpgo.db: no such file or directory
 > [tor]    | [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
--- a/reset.sh
+++ b/reset.sh
@ -41,5 +41,3 @@ rm -Rf \

 knotc --confdb data/knot/confdb conf-import conf/knot.conf
 knotc --confdb data/knot-secondary/confdb conf-import conf/knot-secondary.conf
-cp data/reg/servnest.test.zone.default data/reg/servnest.test.zone
-cp data/reg/test.servnest.test.zone.default data/reg/test.servnest.test.zone