update documentation to remove references to multi instance

2FA.md

@@ -29,7 +29,7 @@ users to enroll for 2FA when they (first) authenticate to the service.
 
 ### Optional 2FA
 
-The default configuration, in `/etc/vpn-user-portal/default/config.php`:
+The default configuration, in `/etc/vpn-user-portal/config.php`:
 
     'requireTwoFactor' => false,
     'twoFactorMethods' => ['totp'],
@@ -68,7 +68,7 @@ the admin portal for that particular user.
 If access to the admin portal is not available (anymore), the 2FA enrollment
 can also be removed manually. 
 
-    $ sudo sqlite3 /var/lib/vpn-server-api/default/db.sqlite
+    $ sudo sqlite3 /var/lib/vpn-server-api/db.sqlite
 
 Perform the following query to remove the OTP secret for the user `foo`:
 

ACL.md

@@ -20,14 +20,14 @@ all authentication backends have a way to validate the permissions
 
 The configuration is done in two locations:
 
-- `/etc/vpn-user-portal/default/config.php`: configure which access control
+- `/etc/vpn-user-portal/config.php`: configure which access control
   mechanism is used and the period for which to _cache_ the permissions;
-- `/etc/vpn-server-api/default/config.php`: configure which profiles are 
+- `/etc/vpn-server-api/config.php`: configure which profiles are 
   restricted by access control.
 
 ## Cache
 
-The permission cache is configured in `/etc/vpn-user-portal/default/config.php`
+The permission cache is configured in `/etc/vpn-user-portal/config.php`
 using the `sessionExpiry` option. The default is 90 days, `P90D`. The following
 is a list of common values you can use:
 
@@ -50,7 +50,7 @@ membership. Typically, that would be `eduPersonEntitlement` or
 the OID variant as shown in the example below depending on your IdP / identity
 federation.
 
-In order to configure this, modify `/etc/vpn-user-portal/default/config.php` 
+In order to configure this, modify `/etc/vpn-user-portal/config.php` 
 and set the `entitlementAttribute` to the name of the attribute:
 
     // SAML
@@ -82,7 +82,7 @@ We assume [LDAP](LDAP.md) is already configured and working.
 You have to choose an LDAP attribute you want to use for determining the 
 membership. Typically, that would be `memberOf`, but any LDAP attribute will work.
 
-In order to configure this, modify `/etc/vpn-user-portal/default/config.php` 
+In order to configure this, modify `/etc/vpn-user-portal/config.php` 
 and set the `entitlementAttribute` to the name of the attribute:
 
     // LDAP
@@ -108,7 +108,7 @@ Once you authenticate to the portal, on the "Account" page, i.e.
 
 ## Profile Mapping
 
-Modify `/etc/vpn-server-api/default/config.php`, and set the `enableAcl` to 
+Modify `/etc/vpn-server-api/config.php`, and set the `enableAcl` to 
 `true` and add the authorized attribute values to `aclGroupList` for each of 
 the profiles where you want to restrict access, for example:
 

API.md

@@ -281,4 +281,4 @@ A list of OAuth client registrations that are available for all installations
 can be found [here](https://github.com/eduvpn/vpn-user-portal/blob/master/src/OAuthClientInfo.php).
 
 Administrators MAY define additional OAuth clients in the 
-`/etc/vpn-user-portal/default/config.php` configuration file.
+`/etc/vpn-user-portal/config.php` configuration file.

BRANDING.md

@@ -20,8 +20,8 @@ your server installation. By default a simple "plain" branding is used.
 
 # Configuration
 
-Now you can enable the `styleName` in `/etc/vpn-user-portal/default/config.php` 
-and `/etc/vpn-admin-portal/default/config.php`. Set it to `LC` (or `eduVPN`).
+Now you can enable the `styleName` in `/etc/vpn-user-portal/config.php` 
+and `/etc/vpn-admin-portal/config.php`. Set it to `LC` (or `eduVPN`).
 
 For `vpn-admin-portal` you can also configure the color of the bar graphs on
 the "Stats" page.

CUSTOM_BRANDING.md

@@ -11,8 +11,8 @@ The portals use templates, located in the following folders:
     /usr/share/vpn-admin-portal/views
 
 You can copy the `base.php` from these folders to 
-`/etc/vpn-user-portal/default/views/base.php` and 
-`/etc/vpn-admin-portal/default/views/base.php` respectively and modify them to
+`/etc/vpn-user-portal/views/base.php` and 
+`/etc/vpn-admin-portal/views/base.php` respectively and modify them to
 override the defaults. For instance by adding an extra line pointing to an 
 additional CSS file.
 

GUEST_USAGE.md

@@ -28,7 +28,7 @@ There are two ways to configure other public keys:
 
 ## Manual
 
-Inside the `Api` section in `/etc/vpn-user-portal/default/config.php`, see 
+Inside the `Api` section in `/etc/vpn-user-portal/config.php`, see 
 configuration file
 [template](https://github.com/eduvpn/vpn-user-portal/blob/master/config/config.php.example).
 
@@ -47,7 +47,7 @@ server(s).
 
 ## Registry
 
-Inside the `Api` section in `/etc/vpn-user-portal/default/config.php`, see 
+Inside the `Api` section in `/etc/vpn-user-portal/config.php`, see 
 configuration file
 [template](https://github.com/eduvpn/vpn-user-portal/blob/master/config/config.php.example).
 

LDAP.md

@@ -15,8 +15,8 @@ The first one is what we focus on here, the second one is documented in the
 # Configuration
 
 You can configure both `vpn-user-portal` and `vpn-admin-portal` to use LDAP. 
-This is configured in the files `/etc/vpn-user-portal/default/config.php` and
-`/etc/vpn-admin-portal/default/config.php`.
+This is configured in the files `/etc/vpn-user-portal/config.php` and
+`/etc/vpn-admin-portal/config.php`.
 
 You have to set `authMethod` first:
 

LOCAL_DNS.md

@@ -69,7 +69,7 @@ Enable Unbound during boot, and (re)start it:
 
 ## Profile Configuration
 
-Modify `/etc/vpn-server-api/default/config.php` for each of the VPN profiles 
+Modify `/etc/vpn-server-api/config.php` for each of the VPN profiles 
 where you want to use "local DNS", set the `dns` entry to:
 
     'dns' => ['@GW4@', '@GW6@'],

MULTI_PROFILE.md

@@ -19,7 +19,7 @@ You may also need to take a look at the [SELinux](SELINUX.md) instructions.
 
 # Configuration
 
-The configuration file `/etc/vpn-server-api/default/config.php` needs to be 
+The configuration file `/etc/vpn-server-api/config.php` needs to be 
 modified, you can remove the `internet` profile that was there by default:
 
     'vpnProfiles' => [
@@ -75,18 +75,18 @@ If you had an old profile, e.g. the default `internet`, as is the default when
 deploying using `deploy_${DIST}.sh` it needs to be stopped first, and can be 
 removed:
 
-    $ sudo systemctl disable --now openvpn-server@default-internet-{0,1}
-    $ sudo rm "/etc/openvpn/server/default-internet-*.conf"
-    $ sudo rm -rf /etc/openvpn/server/tls/default/internet
+    $ sudo systemctl disable --now openvpn-server@internet-{0,1}
+    $ sudo rm "/etc/openvpn/server-internet-*.conf"
+    $ sudo rm -rf /etc/openvpn/server/tls/internet
 
 Now the new configurations can be generated:
 
     $ sudo vpn-server-node-server-config
 
 Enable and start them:
 
-    $ sudo systemctl enable --now openvpn-server@default-office-{0,1}
-    $ sudo systemctl enable --now openvpn-server@default-admin-{0,1}
+    $ sudo systemctl enable --now openvpn-server@office-{0,1}
+    $ sudo systemctl enable --now openvpn-server@admin-{0,1}
 
 If you changed UDP/TCP ports, you also need to update the firewall 
 configuration in `/etc/vpn-server-node/firewall.php`.

PORT_SHARING.md

@@ -13,7 +13,7 @@ sharing is not needed, i.e. OpenVPN can claim `tcp/443` directly.
 
 ## VPN
 
-We need to modify `/etc/vpn-server-api/default/config.php` and modify 
+We need to modify `/etc/vpn-server-api/config.php` and modify 
 `exposedVpnProtoPorts` to announce to VPN clients that we also want to 
 advertise `tcp/443` to clients:
 

PROFILE_CONFIG.md

@@ -2,7 +2,7 @@
 
 For this document we assume you used the included `deploy_${DIST}.sh` script.
 
-Profiles, are configured in `/etc/vpn-server-api/default/config.php` and
+Profiles, are configured in `/etc/vpn-server-api/config.php` and
 can contain many options to support various deployment scenarios. These are 
 described in the table below.
 
@@ -147,19 +147,19 @@ The OpenVPN server configuration can be regenerated like this:
 
 To restart all OpenVPN processes, do this:
 
-    $ sudo systemctl restart "openvpn-server@default-*"
+    $ sudo systemctl restart "openvpn-server@*"
 
 If you changed the entry `vpnProtoPorts`, to say 
 `['udp/1194', 'udp/1195', 'tcp/1194', 'tcp/1195']` you now have two more 
 OpenVPN processes to deal with:
 
 Enable the two extra processes on boot:
 
-    $ sudo systemctl enable openvpn-server@default-internet-{2,3}
+    $ sudo systemctl enable openvpn-server@internet-{2,3}
 
 (Re)start them all:
 
-    $ sudo systemctl restart "openvpn-server@default-*"
+    $ sudo systemctl restart "openvpn-server@*"
 
 If you changed any of the port configuration(s), you also need to update the
 firewall to allow the UDP/TCP ports through, in that case modify 

RADIUS.md

@@ -10,8 +10,8 @@ authorization/ACL purposes.
 # Configuration
 
 You can configure both `vpn-user-portal` and `vpn-admin-portal` to use RADIUS. 
-This is configured in the files `/etc/vpn-user-portal/default/config.php` and
-`/etc/vpn-admin-portal/default/config.php`. We will only show how to configure
+This is configured in the files `/etc/vpn-user-portal/config.php` and
+`/etc/vpn-admin-portal/config.php`. We will only show how to configure
 `vpn-user-portal` as `vpn-admin-portal` is exactly the same.
 
 You have to set `authMethod` first:

SAML.md

@@ -66,7 +66,7 @@ at your IdP. You can use the following URL with metadata:
 You also need to modify the `vpn-user-portal` configuration to specify the 
 attribute that should be used to identify the users.
 
-Edit `/etc/vpn-user-portal/default/config.php` and set:
+Edit `/etc/vpn-user-portal/config.php` and set:
 
     'authMethod' => 'MellonAuthentication'
 
@@ -78,7 +78,7 @@ you uncomment the `<Location /vpn-admin-portal>` section in
 `/etc/httpd/conf.d/vpn.example.conf` and figure out the attribute values that 
 are associated with the administrator(s). 
 
-Also modify `/etc/vpn-admin-portal/default/config.php` in the same way as 
+Also modify `/etc/vpn-admin-portal/config.php` in the same way as 
 the user portal.
 
 **NOTE** if you want to allow access to the admin portal, you MUST also 
@@ -160,5 +160,5 @@ you'll directly end up at the IdP.
 
 **NOTE**: if you want to add multiple IdPs that use identifiers that are not 
 guaranteed globally unique, you MUST set `addEntityID` to `true` in 
-`/etc/vpn-user-portal/default/config.php` and 
-`/etc/vpn-admin-portal/default/config.php`.
+`/etc/vpn-user-portal/config.php` and 
+`/etc/vpn-admin-portal/config.php`.

STATS.md

@@ -1,7 +1,7 @@
 # Statistics
 
 Some very basic anonymous statistics are recorded regarding VPN usage. The 
-files are stored in e.g. `/var/lib/vpn-server-api/default/stats.json`.
+files are stored in e.g. `/var/lib/vpn-server-api/stats.json`.
 
 The statistics only store information about the last 30 days, information older
 than that is automatically removed.

USER_DELETE.md

@@ -16,7 +16,7 @@ delete the user from the user database. This is *NOT* relevant for SAML, LDAP
 and RADIUS authentication:
 
 ```bash
-    $ sudo sqlite3 /var/lib/vpn-user-portal/default/userdb.sqlite
+    $ sudo sqlite3 /var/lib/vpn-user-portal/userdb.sqlite
     SQLite version 3.7.17 2013-05-20 00:56:22
     Enter ".help" for instructions
     Enter SQL statements terminated with a ";"
@@ -27,7 +27,7 @@ and RADIUS authentication:
 Delete the OAuth tokens for the user, relevant for all authentication backends:
 
 ```bash
-    $ sudo sqlite3 /var/lib/vpn-user-portal/default/tokens.sqlite
+    $ sudo sqlite3 /var/lib/vpn-user-portal/tokens.sqlite
     SQLite version 3.7.17 2013-05-20 00:56:22
     Enter ".help" for instructions
     Enter SQL statements terminated with a ";"
@@ -42,7 +42,7 @@ this is to delete the user data from all other tables that have a foreign key
 associated with the user in the users table.
 
 ```bash
-    $ sudo sqlite3 /var/lib/vpn-server-api/default/db.sqlite
+    $ sudo sqlite3 /var/lib/vpn-server-api/db.sqlite
     SQLite version 3.7.17 2013-05-20 00:56:22
     Enter ".help" for instructions
     Enter SQL statements terminated with a ";"

deploy_debian.sh

@@ -125,8 +125,8 @@ sudo -u www-data vpn-user-portal-init
 ###############################################################################
 
 # On Debian different user/group for running OpenVPN
-sed -i "s|'vpnUser' => 'openvpn'|'vpnUser' => 'nobody'|" /etc/vpn-server-node/default/config.php
-sed -i "s|'vpnGroup' => 'openvpn'|'vpnGroup' => 'nogroup'|" /etc/vpn-server-node/default/config.php
+sed -i "s|'vpnUser' => 'openvpn'|'vpnUser' => 'nobody'|" /etc/vpn-server-node/config.php
+sed -i "s|'vpnGroup' => 'openvpn'|'vpnGroup' => 'nogroup'|" /etc/vpn-server-node/config.php
 
 ###############################################################################
 # NETWORK

development_setup.sh

@@ -14,45 +14,45 @@ git clone https://github.com/eduvpn/vpn-lib-common.git
 # vpn-server-api
 cd "${BASE_DIR}/vpn-server-api" || exit
 composer update
-mkdir config/default
-cp config/config.php.example config/default/config.php
-mkdir -p data/default
+mkdir config
+cp config/config.php.example config/config.php
+mkdir -p data
 php bin/init.php
 
 # vpn-user-portal
 cd "${BASE_DIR}/vpn-user-portal" || exit
 composer update
-mkdir config/default
-cp config/config.php.example config/default/config.php
-mkdir -p data/default
+mkdir config
+cp config/config.php.example config/config.php
+mkdir -p data
 php bin/init.php
 php bin/add-user.php --user foo --pass bar
 # XXX the secureCookie option is not there anymore in the default config 
 # template, deal with this differently!
-sed -i "s/'secureCookie' => true/'secureCookie' => false/" config/default/config.php
-sed -i "s|'apiUri' => 'http://localhost/vpn-server-api/api.php'|'apiUri' => 'http://localhost:8008/api.php'|" config/default/config.php
+sed -i "s/'secureCookie' => true/'secureCookie' => false/" config/config.php
+sed -i "s|'apiUri' => 'http://localhost/vpn-server-api/api.php'|'apiUri' => 'http://localhost:8008/api.php'|" config/config.php
 
 # vpn-server-node
 cd "${BASE_DIR}/vpn-server-node" || exit
 composer update
-mkdir config/default
-cp config/config.php.example config/default/config.php
+mkdir config
+cp config/config.php.example config/config.php
 cp config/firewall.php.example config/firewall.php
-mkdir -p data/default
+mkdir -p data
 mkdir openvpn-config
-sed -i "s|'apiUri' => 'http://localhost/vpn-server-api/api.php'|'apiUri' => 'http://localhost:8008/api.php'|" config/default/config.php
+sed -i "s|'apiUri' => 'http://localhost/vpn-server-api/api.php'|'apiUri' => 'http://localhost:8008/api.php'|" config/config.php
 
 # launch script
 cat << 'EOF' | tee "${BASE_DIR}/launch.sh" > /dev/null
 #!/bin/sh
 (
     cd vpn-server-api || exit
-    VPN_INSTANCE_ID=default php -S localhost:8008 -t web &
+    php -S localhost:8008 -t web &
 )
 
 (
     cd vpn-user-portal || exit
-    VPN_INSTANCE_ID=default php -S localhost:8082 -t web &
+    php -S localhost:8082 -t web &
 )
 EOF
 chmod +x "${BASE_DIR}/launch.sh"

rpm-dev/vpn-lib-common.spec

@@ -1,8 +1,8 @@
-%global git 9dfc5177551e63be77d4205028473317fc76940d
+%global git b04fb4e20b70f6870cc2d038954a123ec0472721
 
 Name:       vpn-lib-common
 Version:    2.0.0
-Release:    0.4%{?dist}
+Release:    0.5%{?dist}
 Summary:    Common VPN library
 Group:      System Environment/Libraries
 License:    AGPLv3+
@@ -158,6 +158,9 @@ AUTOLOAD
 %license LICENSE
 
 %changelog
+* Tue Jan 15 2019 François Kooman <fkooman@tuxed.net> - 2.0.0-0.5
+- rebuilt
+
 * Tue Jan 15 2019 François Kooman <fkooman@tuxed.net> - 2.0.0-0.4
 - rebuilt