- Notifications
You must be signed in to change notification settings - Fork2
sewiti/licensing-system
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Requires system withsystemd andGo(at least 1.18).
sudo make install
make install builds, and sets up/opt/licensing-server directory, where thebuilt binary will be copied to. Also generateskeys file and sets upLICENSING_SERVER_KEY variable in.env.keys file includes licensingserver's public and private keys, used by licensing protocol to function.
Client's software should have public part (akaid) hard-coded into the binary.
For system to work, couple environment config variables are required, thisincludes:
DB_DSN(SeePostgreSQL)LICENSING_SERVER_KEY(Autogenerated bymake install)
PostgreSQL is required for system to function. Database credentials should beentered in/opt/licensing-server/.env in the following format:
DB_DSN=postgres://licensingUname:securePasswd@localhost:5432/licensingDB?sslmode=disableUsing systemd service:
sudo systemctlenable --now licensing.server.serviceSystem has a lot of options to configure to fit your needs. Default location ofthe config is located in/opt/licensing-server/.env.
Supported environment config variables include:
| Variable | Meaning |
|---|---|
DB_DSN | Used for connecting to a database (should start withpostgres://). |
DISABLE_GUI | Disables integrated webpage (default:false). |
HTTP_LISTEN | Specifies TCP address for server to listen on (default::http/:https depending on TLS). |
HTTP_READ_TIMEOUT | Maximum duration for reading entire request (default:30s). |
HTTP_WRITE_TIMEOUT | Maximum duration before timing out writes of the response (default:30s). |
HTTP_SHUTDOWN_TIMEOUT | Maximum duration before server shutdown is forced (default `30s). |
HTTP_GZIP | Use gzip compression for requests (defaultfalse). |
HTTP_CORS_RESOURCE_API_ENABLED | Use CORS for resource API (issuers, products, licenses) (default:false). |
HTTP_CORS_LICENSING_API_ENABLED | Use CORS for licensing API (creating, refreshing license sessions) (default:false). |
HTTP_CORS_ALLOWED_ORIGINS | Allowed origins for CORS. |
HTTP_TLS_CERT_FILE | TLS certificate file. |
HTTP_TLS_KEY_FILE | TLS private key file. |
INTERNAL_SOCKET | Socket path for internal CLI (default:/run/licensing-server.sock). |
LICENSING_SERVER_KEY | Licensing server's private key, base64 encoded. |
LICENSING_MAX_TIME_DRIFT | Max allowed time drift between server and client (default:6h). |
LICENSING_CLEANUP_INTERVAL | Inactive/expired/overused license sessions cleanup interval (default:20m). |
LICENSING_REFRESH_MIN | License session minimum refresh duration (default:5m). |
LICENSING_REFRESH_MAX | License session maximum refresh duration (default:2h). |
LICENSING_REFRESH_JITTER | License session refresh duration variance, 0.0-1.0 (default:0.1). |
LICENSING_LIMITER_SESSION_EVERY | New license sessions creation rate limiter to allow every x interval (default:10m). |
LICENSING_LIMITER_BURST_TOTAL | New license sessions creation rate limiter max burst worth in session time (default:8h). |
LICENSING_LIMITER_CACHE_EXPIRATION | New license sessions creation rate limiter cache expiration (default:24h). |
LICENSING_LIMITER_CACHE_CLEANUP_INTERVAL | New license sessions creation rate limiter cache cleanup interval (default:1h). |
MIN_PASSWD_ENTROPY | Minimum required entropy for issuer passwords, seezxcvbn (default:30). |