[tor-commits] [flashproxy/master] doc additions

infinity0 at torproject.org infinity0 at torproject.org
Thu Nov 21 13:18:46 UTC 2013 

commit bf52bbaf90d096810018217ca6d16f999b227194
Author: Ximin Luo <infinity0 at gmx.com>
Date:   Tue Nov 5 11:28:40 2013 +0000

    doc additions
    - relate flashproxy-reg-url to the end-to-end encrypted HTTP registration
    - facilitator.cgi also serves the browser proxies, so you must enable it
---
 facilitator/README                     |   11 ++++++-----
 facilitator/doc/facilitator-design.txt |   14 ++++++++++----
 facilitator/doc/http-howto.txt         |    6 ++++--
 3 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/facilitator/README b/facilitator/README
index 737d1b3..2b98c5c 100644
--- a/facilitator/README
+++ b/facilitator/README
@@ -15,15 +15,16 @@ as system services, and you should be able to configure them in the
 appropriate place for your system (e.g. /etc/default/facilitator for a
 Debian-based system using initscripts).
 
-At a minimum, each installation has its own public-private keypair at
-reg-daemon.{pub,key} in the flashproxy config directory. You will need
-to securely distribute the public part (.pub) to your users - e.g. by
-publishing it somewhere, signed by your own PGP key.
+Each installation has its own public-private keypair, stored in the
+flashproxy config directory. You will need to securely distribute the
+public key (reg-daemon.pub) to your users - e.g. by publishing it
+somewhere, signed by your own PGP key.
 
 There are three supported helper rendezvous methods: HTTP, email, and
 appspot. Each helper method may require additional manual configuration
 and might also depend on other helper methods; see the corresponding
-doc/x-howto.txt for more details.
+doc/x-howto.txt for more details. At a very minimum, you must configure
+and enable the HTTP method, since that also serves the browser proxies.
 
 For suggestions on configuring a dedicated facilitator machine, see
 doc/server-howto.txt.
diff --git a/facilitator/doc/facilitator-design.txt b/facilitator/doc/facilitator-design.txt
index 3f4f801..0d84da3 100644
--- a/facilitator/doc/facilitator-design.txt
+++ b/facilitator/doc/facilitator-design.txt
@@ -17,11 +17,17 @@ The HTTP rendezvous uses an HTTP server and a CGI program. The HTTP
 server is responsible for speaking TLS and invoking the CGI program. The
 CGI program receives client registrations and proxy requests for
 clients, parses them, and forwards them to the backend. We use Apache 2
-as the HTTP server. The CGI script is facilitator.cgi. There are two
-formats - plain vs. (end-to-end) encrypted. Direct client registrations
+as the HTTP server. The CGI script is facilitator.cgi. Currently this
+is also the only method for accepting browser proxy registrations, so
+you must enable this method, otherwise your clients will not be served.
+
+For the HTTP rendezvous, there are two formats you may use for a client
+registration - plain vs. (end-to-end) encrypted. Direct registrations
 (e.g. flashproxy-reg-http) can use the plain format over HTTPS, which
 provides transport encryption; but if you proxy registrations through
 another service (e.g. reg-appspot), you must use the end-to-end format.
+On the client side, you may use flashproxy-reg-url to generate
+registration URLs for the end-to-end encrypted format.
 
 The email rendezvous uses the helper program facilitator-email-poller.
 Clients use the flashproxy-reg-email program to send an encrypted
@@ -31,8 +37,8 @@ messages and forwards them to facilitator-reg.
 The appspot rendezvous uses Google's appengine platform as a proxy for
 the HTTP method, either yours or that of another facilitator. It takes
 advantage of the fact that a censor cannot distinguish between a TLS
-connection to appspot.com or google.com, since the IPs are the same, and
-it is highly unlikely that anyone will try to block the latter.
+connection to appspot.com or google.com, since the IPs are the same,
+and it is highly unlikely that anyone will try to block the latter.
 
 fac.py is a Python module containing code common to the various
 facilitator programs.
diff --git a/facilitator/doc/http-howto.txt b/facilitator/doc/http-howto.txt
index 99ebf9b..bd7daa4 100644
--- a/facilitator/doc/http-howto.txt
+++ b/facilitator/doc/http-howto.txt
@@ -1,5 +1,7 @@
-These are instructions for how to set up an Apache Web Server for handling
-the HTTP registration method (facilitator.cgi / flashproxy-reg-http).
+These are instructions for how to set up an Apache Web Server for
+handling the HTTP client registration method (facilitator.cgi /
+flashproxy-reg-http / flashproxy-reg-url), as well as for browser
+proxies to poll and receive a client to serve.
 
 == HTTP server setup

More information about the tor-commits mailing list