diff --git a/.gitignore b/.gitignore index fab9aad1..4ea24f82 100644 --- a/.gitignore +++ b/.gitignore @@ -13,11 +13,7 @@ **/target # Certificates -/chirpstack/configuration/certs/*.crt -/chirpstack/configuration/certs/*.key -/chirpstack/configuration/certs/*.trust -/chirpstack/configuration/certs/*.pem -/chirpstack/configuration/certs/*.csr +/chirpstack/configuration/certs/* /chirpstack/configuration/private_*.toml # UI diff --git a/chirpstack/Cargo.toml b/chirpstack/Cargo.toml index 57775ff0..071757e7 100644 --- a/chirpstack/Cargo.toml +++ b/chirpstack/Cargo.toml @@ -120,13 +120,9 @@ bytes = "1.1" assets = [ ["target/release/chirpstack", "usr/bin/", "755"], ["configuration/*.toml", "etc/chirpstack/", "640"], - ["configuration/certs/*.json", "etc/chirpstack/certs", "640"], ["debian/environment.conf", "etc/systemd/system/chirpstack.service.d/environment.conf", "640"], ] conf-files = [ - "/etc/chirpstack/certs/ca-config.json", - "/etc/chirpstack/certs/ca-csr.json", - "/etc/chirpstack/certs/mqtt-server.json", "/etc/chirpstack/chirpstack.toml", "/etc/chirpstack/region_as923.toml", "/etc/chirpstack/region_as923_2.toml", @@ -156,7 +152,6 @@ conf-files = [ "/etc/chirpstack/region_us915_6.toml", "/etc/chirpstack/region_us915_7.toml", ] -depends = "$auto, golang-cfssl" suggests = "postgresql, mosquitto, redis" maintainer-scripts = "debian/" systemd-units = { enable = true } diff --git a/chirpstack/Makefile b/chirpstack/Makefile index 0294e3b5..285f5738 100644 --- a/chirpstack/Makefile +++ b/chirpstack/Makefile @@ -111,14 +111,8 @@ test: test-lrwn: cd ../lrwn && make test -test-server: debug-amd64 configuration/certs/ca.pem +test-server: debug-amd64 ../target/debug/chirpstack -c ./configuration dbshell: psql -h postgres -U chirpstack chirpstack - -configuration/certs/ca.pem: - cfssl gencert -initca configuration/certs/ca-csr.json | cfssljson -bare configuration/certs/ca - -configuration/certs/mqtt-server.pem: configuration/certs/ca.pem - cfssl gencert -ca configuration/certs/ca.pem -ca-key configuration/certs/ca-key.pem -config configuration/certs/ca-config.json -profile server configuration/certs/mqtt-server.json | cfssljson -bare configuration/certs/mqtt-server diff --git a/chirpstack/configuration/certs/ca-config.json b/chirpstack/configuration/certs/ca-config.json deleted file mode 100644 index 3cf34d5d..00000000 --- a/chirpstack/configuration/certs/ca-config.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "8760h" - }, - "profiles": { - "server": { - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment", - "server auth" - ] - } - } - } -} diff --git a/chirpstack/configuration/certs/ca-csr.json b/chirpstack/configuration/certs/ca-csr.json deleted file mode 100644 index a5be2270..00000000 --- a/chirpstack/configuration/certs/ca-csr.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "CN": "ChirpStack CA", - "key": { - "algo": "rsa", - "size": 4096 - } -} diff --git a/chirpstack/configuration/certs/mqtt-server.json b/chirpstack/configuration/certs/mqtt-server.json deleted file mode 100644 index 0e4f5bc5..00000000 --- a/chirpstack/configuration/certs/mqtt-server.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "CN": "mqtt-broker", - "hosts": [ - "*" - ], - "key": { - "algo": "rsa", - "size": 4096 - } -} diff --git a/chirpstack/configuration/chirpstack.toml b/chirpstack/configuration/chirpstack.toml index f22e1ef9..5c6877a5 100644 --- a/chirpstack/configuration/chirpstack.toml +++ b/chirpstack/configuration/chirpstack.toml @@ -97,19 +97,9 @@ secret="you-must-replace-this" -[gateway] - client_cert_lifetime="365days" - ca_cert="configuration/certs/ca.pem" - ca_key="configuration/certs/ca-key.pem" - [integration] enabled=["mqtt"] [integration.mqtt] server="tcp://$MQTT_BROKER_HOST:1883/" json=true - - [integration.mqtt.client] - client_cert_lifetime="365days" - ca_cert="configuration/certs/ca.pem" - ca_key="configuration/certs/ca-key.pem" diff --git a/chirpstack/debian/postinst b/chirpstack/debian/postinst index e319ea60..0aa83ba6 100644 --- a/chirpstack/debian/postinst +++ b/chirpstack/debian/postinst @@ -3,18 +3,6 @@ # Set config-file permissions chown -R chirpstack:chirpstack /etc/chirpstack chmod 750 /etc/chirpstack -chmod 750 /etc/chirpstack/certs chmod 640 /etc/chirpstack/*.toml -# Generate certificates -CERTROOT=/etc/chirpstack/certs - -if [ ! -f $CERTROOT/ca.pem ]; then - cfssl gencert -initca $CERTROOT/ca-csr.json | cfssljson -bare $CERTROOT/ca -fi - -if [ ! -f $CERTROOT/mqtt-server.pem ]; then - cfssl gencert -ca $CERTROOT/ca.pem -ca-key $CERTROOT/ca-key.pem -config $CERTROOT/ca-config.json -profile server $CERTROOT/mqtt-server.json | cfssljson -bare $CERTROOT/mqtt-server -fi - #DEBHELPER#