Versions Compared

Old Version 62

changes.mady.by.user Charles Wernicke

Saved on

compared with

New Version 63

changes.mady.by.user Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

We encourage you to consult with an IT professional to minimize security risks.

...

Overview

This API implements SSL/TLS using a self-signed certificate. These types of certificates cannot be authenticated by web browsers - and are therefore unverified and thus: unusable. A proxy server (on the same host) can override that “self-signed” limitation and present the REST API to the Internet with a different, valid certificate that can be seamlessly authenticated by any browser.

Port 7743 exposes the CAS REST API. Exposing that port The REST API is natively exposed by CAS on port 7743. Exposing the REST API to the world (when necessary) in this manner will enable the CAS REST API it to be authenticated as a service originating from a genuine, verified site (origin). Port 7743 is a non-standard port. After a successful installation here, NGINX will certify the REST API content using verifiable credentials on the standard port 443. The REST API can then be validated online, and the “self-signed certificate” restrictions will be disregarded. You’ll be “legit”.

...

Code Block
sudo ufw allow "Nginx Full"

...

Panel
bgColor#E3FCEF

AUTOMATED

INSTRUCTIONS: batm-manage install-reverse-proxy

INSTALLATION

The CAS CLI tool batm-manage includes an automated script to install NGINX and Let’s Encrypt.

To start the installation, use:

Code Block
sudo /batm/batm-manage install-reverse-proxy

...

  • Veriff example: https://agent86.yourcasdomain.com/server/serverapi/apiv1/identity-check/veriffwh/

  • lnurl example: https://agent86.yourcasdomain.com/server/extensions/lnurl/

  • When properly configured, either URL should connect to their respective REST API and display success.

...

Panel
bgColor#FFF0B3

MANUAL

INSTRUCTIONS

INSTALLATION:

These instructions are provided for finer control over your installation, modification of the installation, and troubleshooting. The automated instructions are recommended for most situations.

...

Code Block
sudo certbot renew --dry-run

...

You're done!

Test your domain by navigating with your browser toconfiguration as identified above: https://agent86generalbytes.yourcasdomain.com/extensions/lnurl/

  • Replace “agent86.yourcasdomain.com” with your actual domain.

Perfect:

...

atlassian.net/wiki/spaces/ESD/pages/edit-v2/2942631937#Testing

  • All CAS services that rely upon the REST API may use the same sub+domain.

...