feat: Switch OCSP configuration to use domain names

- Update OCSP URL in certificate generation from IP to domain name - Add OCSP hostname to docker-compose network configuration - Document useful hosts file entries in README.md The changes make it easier to test OCSP locally with clients by using domain names that can be mapped in host files.
2024-11-07 11:59:49 +00:00 · 2024-11-07 11:59:49 +00:00 · 26928c0762
parent 7102765241
commit 26928c0762
4 changed files with 20 additions and 3 deletions
--- a/federation/README.md
+++ b/federation/README.md
@ -48,6 +48,20 @@ XMPP 2 hosts the following MUC rooms:
 * `muc3`
 * `muc4`

+## Hosts file entries
+To access the XMPP servers and (optional) OCSP responder from your local machine you should 
+add entries to your hosts file:
+
+```
+127.0.0.1 xmpp.localhost.example
+127.0.0.1 xmpp1.localhost.example
+127.0.0.1 xmpp2.localhost.example
+127.0.0.1 xmpp3.localhost.example
+127.0.0.1 ocsp.localhost.example
+```
+
+This helps when testing with various clients and tools.
+
 ## Network

 The Docker compose file defines a custom bridge network with a single subnet of `172.50.0.0/24`
@ -154,6 +168,7 @@ All certificates are stored in `./_data/certs/`.
 This setup allows certificates to be checked for revocation status making a request to the 
 OCSP responder:
 ```bash
+```bash
 openssl ocsp -url http://localhost:8888 \
  -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
  -CAfile _data/certs/chain1.pem \
--- a/federation/docker-compose-network-ipv4-only.yml
+++ b/federation/docker-compose-network-ipv4-only.yml
@ -19,6 +19,7 @@ services:
      - "conference.xmpp1.localhost.example:172.50.0.10"
      - "xmpp2.localhost.example:172.50.0.20"
      - "conference.xmpp2.localhost.example:172.50.0.20"
+      - "ocsp.localhost.example:172.50.0.30"

  xmpp2:
    networks:
@ -29,6 +30,7 @@ services:
      - "conference.xmpp1.localhost.example:172.50.0.10"
      - "xmpp2.localhost.example:172.50.0.20"
      - "conference.xmpp2.localhost.example:172.50.0.20"
+      - "ocsp.localhost.example:172.50.0.30"

 networks:
  openfire-federated-net:
--- a/federation/docker-compose-ocsp-responder.yml
+++ b/federation/docker-compose-ocsp-responder.yml
@ -15,11 +15,11 @@ services:
  #
  # Test Certificate Status:
  # ----------------------
-  # openssl ocsp -url http://localhost:8888 \
+  # openssl ocsp -url http://ocsp.localhost.example:8888 \
  #   -issuer _data/certs/ca/intermediate-ca/intermediate.crt \
  #   -CAfile _data/certs/chain1.pem \
  #   -cert _data/certs/server1.crt \
-  #   -text   # Adds human-readable output
+  #   -text
  ocsp-responder:
    image: alpine:latest
    volumes:
--- a/federation/scripts/generate-certificates.sh
+++ b/federation/scripts/generate-certificates.sh
@ -2,7 +2,7 @@

 # OCSP server configuration
 # Defines where the OCSP responder will be accessible in the Docker network
-OCSP_URL="http://172.50.0.30:8888"
+OCSP_URL="http://ocsp.localhost.example:8888"

 # Base directory for all certificate-related files
 # All paths in this script will be relative to this directory