caddyfile etc + removed incorrect notary.codes

heeckhau · heeckhau · commit 595cfa326e84 · 2025-02-27T15:53:07.000+01:00
diff --git a/cd-scripts/tee/azure/Caddyfile b/cd-scripts/tee/azure/Caddyfile
@@ -5,7 +5,7 @@
 
 {
   key_type p256
-  email mac@pse.dev # for acme
+  email hendrik@pse.dev # for acme
   servers {
     metrics
   }
@@ -26,18 +26,9 @@
 #    will always deliver to :4000 if its up, but if :4000 is down for more than 4s it trys the next one
 # # # #
 
-notary.codes {
-    handle_path /v0.1.0-alpha.8* {
-        reverse_proxy :4003 :3333 {
-            lb_try_duration 4s
-            fail_duration 10s
-            lb_policy header X-Upstream {
-                fallback first
-            }
-        }
-    }
+notary.pse.dev {
     handle_path /v0.1.0-alpha.7* {
-        reverse_proxy :4002 :3333 {
+        reverse_proxy :4007 :3333 {
             lb_try_duration 4s
             fail_duration 10s
             lb_policy header X-Upstream {
@@ -66,7 +57,7 @@ notary.codes {
     }
 
     handle_path /proxy* {
-     reverse_proxy :55688 proxy.notary.codes:443 {
+     reverse_proxy :55688 {
      lb_try_duration 4s
      fail_duration 10s
      lb_policy header X-Upstream {
diff --git a/cd-scripts/tee/azure/github_runner.md b/cd-scripts/tee/azure/github_runner.md
@@ -77,4 +77,37 @@ docker build -t tee_hendrik .
 docker tag tee_hendrik notaryserverbuilds/tee_hendrik
 docker images
 docker push notaryserverbuilds.azurecr.io/tee_hendrik
+```
+
+
+## Install Intel SGX software
+
+https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf
+
+```
+wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
+
+# Add the following repository to your sources:
+echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+
+
+sudo apt-get update
+sudo apt-get install libsgx-epid libsgx-quote-ex libsgx-dcap-ql -y
+```
+
+Note: when I first got it working I also installed this: (not sure if this is necessary)
+# sudo apt-get install build-essential ocaml automake autoconf libtool wget python-is-python3 libssl-dev -y
+
+
+## Install Caddy
+
+https://caddyserver.com/docs/install#debian-ubuntu-raspbian
+
+```
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt update
+sudo apt install caddy
 ```
diff --git a/cd-scripts/tee/azure/updateproxy.sh b/cd-scripts/tee/azure/updateproxy.sh
@@ -24,17 +24,17 @@ get_last_port() {
     grep -Po "reverse_proxy :([0-9]+)" "$CADDYFILE" | awk -F: '{print $2}' | sort -n | tail -1
 }
 
-# Function to add a new handle_path block with incremented port inside notary.codes block
+# Function to add a new handle_path block with incremented port inside notary.pse.dev block
 add_new_handle_path() {
     local new_port=$1
     local commit_hash=$2
 
     # Use a temporary file for inserting the handle_path block
     tmp_file=$(mktemp)
 
-    # Add the new handle_path in the notary.codes block
+    # Add the new handle_path in the notary.pse.dev block
     awk -v port="$new_port" -v hash="$commit_hash" '
-        /notary\.codes \{/ {
+        /notary\.pse\.dev \{/ {
             print;
             print "    handle_path /" hash "* {";
             print "        reverse_proxy :" port " :3333 {";
@@ -70,7 +70,7 @@ else
     fi
     new_port=$((last_port + 1))
 
-    # Add the new handle_path block inside notary.codes block
+    # Add the new handle_path block inside notary.pse.dev block
     add_new_handle_path "$new_port" "$GIT_COMMIT_HASH"
     echo $new_port
     # commit the changes
diff --git a/crates/notary/server/tee/config/config.yaml b/crates/notary/server/tee/config/config.yaml
@@ -1,5 +1,5 @@
 server:
-  name: "notary-server"
+  name: "notary.pse.dev"
   host: "0.0.0.0"
   port: 7047
   html_info: |
diff --git a/crates/notary/server/tee/gramine-hendrik2/config/config.yaml b/crates/notary/server/tee/gramine-hendrik2/config/config.yaml
@@ -1,5 +1,5 @@
 server:
-  name: "notary.codes"
+  name: "notary.pse.dev"
   host: "0.0.0.0"
   port: 7047
   html_info: |
