Skip to content

Latest commit

 

History

History
81 lines (64 loc) · 3.44 KB

nntp.md

File metadata and controls

81 lines (64 loc) · 3.44 KB
Raw
layout title
page
NNTP Server

The NNTP Content Server

The NNTP content server provides access to publicly exposed message conferences and areas over either secure NNTPS (NNTP over TLS or nttps://) and/or non-secure NNTP (nntp://).

Configuration

The following keys are available within the contentServers.nntp configuration block:

Item Required Description
nntp 👎 Configuration block for non-secure NNTP. See Non-Secure NNTP Configuration.
nntps 👎 Configuration block for secure NNTP. See Secure Configuration (NNTPS)
publicMessageConferences 👍 A map of conference tags to area tags that are publicly exposed over NNTP. Anonymous users will gain read-only access to these areas.
allowPosts 👎 Allow posting from authenticated users. See Write Access. Default is false.

Non-Secure Configuration

Under contentServers.nntp.nntp the following configuration is allowed:

Item Required Description
enabled 👍 Set to true to enable non-secure NNTP access.
port 👎 Override the default port of 8119.

Secure Configuration (NNTPS)

Under contentServers.nntp.nntps the following configuration is allowed:

Item Required Description
enabled 👍 Set to true to enable secure NNTPS access.
port 👎 Override the default port of 8565.
certPem 👎 Override the default certificate file path of ./config/nntps_cert.pem
keyPem 👎 Override the default certificate key file path of ./config/nntps_key.pem

Certificates and Keys

In order to use secure NNTPS, a TLS certificate and key pair must be provided. You may generate your own but most clients will not trust them. A certificate and key from a trusted Certificate Authority is recommended. Let's Encrypt provides free TLS certificates. Certificates and private keys must be in PEM format.

Generating a Certificate & Key Pair

An example of generating your own cert/key pair:

openssl req -newkey rsa:2048 -nodes -keyout ./config/nntps_key.pem -x509 -days 3050 -out ./config/nntps_cert.pem

Write Access

Authenticated users may write messages to a group given the following are true:

  1. allowPosts is set to true
  2. They are connected security (NNTPS). This is a strict requirement due to how NNTP authenticates in plain-text otherwise.
  3. The authenticated user has write ACS to the target message conference and area.

⚠️ Not all ACS checks can be made over NNTP. Any ACS requiring a "client" will return false (fail), such as LC ("is local?").

Example Configuration

contentServers: {
    nntp: {
        allowPosts: true

        publicMessageConferences: {
            fsxnet: [
                // Expose these areas of fsxNet
                "fsx_gen", "fsx_bbs"
            ]
        }

        nntp: {
            enabled: true
        }

        nntps: {
            enabled: true

            // These could point to Let's Encrypt provided pairs for example:
            certPem: /path/to/some/tls_cert.pem
            keyPem: /path/to/some/tls_private_key.pem
        }
    }
}