Previous: , Up: Invoking disfluid   [Contents][Index]


2.2 Running a server

The disfluid code is published under the Affero GPL, which means that the service provider needs to publish all changes made to the program to users over the network. The ‘disfluid’ command provides a ‘--complete-corresponding-source’ option so that the system administrator can specify a means to download the source.

The servers will add a ‘Source:’ header in each response, containing the value of this configuration option. It can be, for instance, an URI where to download the modified source code.

The servers can be configured to redirect output and errors to a log file and an error file, with the ‘--log-file’ and ‘--error-file’ options.

The server will listen to port 8080 by default, but this may be configured with ‘--port’. Since the servers do not support TLS, and they only support HTTP/1.1, they are intended to run behind a reverse proxy (even for the authenticating reverse proxy).

Finally, you configure the server by passing the ‘--configuration’ parameter pointing to a configuration file. The configuration file is plain guile code, that must evaluate to an <endpoint>.

Here is an example configuration that runs a resource server with an identity provider:

(use-modules (webid-oidc server endpoint)
             (webid-oidc server endpoint resource-server)
             (webid-oidc server endpoint identity-provider)
             (webid-oidc server endpoint authentication)
             (webid-oidc oidc-configuration)
             (oop goops))

(make <identity-provider>
  #:host "example.com"
  #:oidc-discovery
  (make <oidc-discovery>
    #:path "/.well-known/openid-configuration"
    #:configuration
    (make <oidc-configuration>
      #:jwks-uri "https://example.com/keys"
      #:authorization-endpoint "https://example.com/authorize"
      #:token-endpoint "https://example.com/token"))
  #:authorization-endpoint
  (make <authorization-endpoint>
    #:path "/authorize"
    #:subject "https://example.com/profile/card#me"
    #:encrypted-password (crypt "secretpassword123" "$6$secret.salt")
    #:key-file "/var/lib/disfluid/key-file.jwk")
  #:token-endpoint
  (make <token-endpoint>
    #:path "/token"
    #:issuer "https://example.com"
    #:key-file "/var/lib/disfluid/key-file.jwk")
  #:jwks-endpoint
  (make <jwks-endpoint>
    #:path "/keys"
    #:key-file "/var/lib/disfluid/key-file.jwk")
  #:default
  (make <authenticator>
    #:backend
    (make <resource-server>
      #:server-name "https://example.com"
      #:owner "https://example.com/profile/card#me")
    #:server-uri "https://example.com"))

The server will make requests on the world-wide web, for instance to download client manifests. The requests can be redirected with XML Catalog, by setting the ‘XML_CATALOG_FILES’ to a space-separated list of URIs (can be file: URIs). The requests cannot be directed to the file system.


Previous: , Up: Invoking disfluid   [Contents][Index]