Important Note:
Several configuration options have been added over the last few releases. I recommend comparing your compose against the latest compose template (👇 down there in the artifacts) to see if there are any new configuration values you want to include.
Changes:
- Added
ControlR_AppOptions__AgentClockSkewToleranceconfiguration item to control clock skew tolerance when the server verifies signed messages from the agent.- The value uses timespan format of
HH:MM:SS. So00:01:00would be one minute. - The agent uses ED25519 keys are used to sign the connection requests, so the server can authenticate the devices against its known public key.
- The signed connection request includes the timestamp of when the request was created.
- Timestamp verification is used to prevent replay attacks if an attacker managed to intercept a connection request.
- Without timestamp verification, the attacker could use the intercepted message to impersonate the device.
- Set this to
nullto bypass the timestamp verification, while preserving the public key verification. This isn't recommended, but there are scenarios where users may want to have it off. - By design, a device will never have access to destructive functions or sensitive data, so an impersonated device will never be as detrimental as a compromised user account.
- The value uses timespan format of
- Added
Bootstrapsection to the configuration, which enables bootstrapping the initial server admin account on first-time startup.- The functionality is idempotent. It has no effect if there are existing user accounts.
- You can use temporary environment variables or remove them from the configuration after the first boot.
- Fixed a bug that caused the installer to throw an exception when trying to set ACLs on the
appsettings.jsonfile.
Full Changelog: v0.24.14.0...v0.24.16.0