Sealing local directories into Mirage Unikernels
OCaml Other
Latest commit a371ad1 May 21, 2016 @samoht samoht Merge pull request #24 from hannesm/tls-0.7.0
since tls-0.7.0, keys aren't prefixed with tls/ anymore
Permalink
Failed to load latest commit information.
src since tls-0.7.0, keys aren't prefixed with tls/ anymore Dec 15, 2015
static since tls-0.7.0, keys aren't prefixed with tls/ anymore Dec 15, 2015
.gitignore Add .gitignore Mar 4, 2015
.merlin
.travis.yml Remove mirage-dev in tests Jun 12, 2015
CHANGES.md Update CHANGES Jul 28, 2015
Dockerfile Dockerfile: remove entrypoint Jul 14, 2015
Makefile Add a version file Mar 4, 2015
README.md
_oasis Bump version number Jul 28, 2015
_tags Initial commit Mar 3, 2015
configure Initial commit Mar 3, 2015
mirage-seal.install Add mirage-seal.install Apr 20, 2015
myocamlbuild.ml
opam Fix upstream urls following the repo migration Jun 2, 2015
setup.ml
test.sh Test mirage-seal on both unix and xen (the default) Jun 3, 2015

README.md

mirage-seal

Use this tool to seal the contents of a directory into a static unikernel, serving its contents over HTTPS.

Install

For now on, you need to set up few opam pins:

opam remote add mirage-dev https://github.com/mirage/mirage-dev.git

The you can install mirage-seal using opam:

$ opam install mirage-seal

Use

To serve the data in files/ using the certificates secrets/server.key and secrets/server.pem, simply do:

$ mirage-seal --data=files/ --keys=secrets/ [--ip=<IP>]
$ xl create seal.xl -c

If --ip is not specified, the unikernel will use DHCP to acquire an IP address on boot.

Test

If you want to test mirage-seal locally, you can generate a self-signed certificate using openSSL (from StackOverflow):

$ mkdir secrets
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout secrets/server.key -out secrets/server.pem -days 365 -subj '/CN=<IP>'