Requires system with systemd and Go (at least 1.18).
sudo make installmake install builds, and sets up /opt/licensing-server directory, where the
built binary will be copied to. Also generates keys file and sets up
LICENSING_SERVER_KEY variable in .env. keys file includes licensing
server's public and private keys, used by licensing protocol to function.
Client's software should have public part (aka id) hard-coded into the binary.
For system to work, couple environment config variables are required, this includes:
DB_DSN(See PostgreSQL)LICENSING_SERVER_KEY(Autogenerated bymake install)
PostgreSQL is required for system to function. Database credentials should be
entered in /opt/licensing-server/.env in the following format:
DB_DSN=postgres://licensingUname:securePasswd@localhost:5432/licensingDB?sslmode=disable
Using systemd service:
sudo systemctl enable --now licensing.server.serviceSystem has a lot of options to configure to fit your needs. Default location of
the config is located in /opt/licensing-server/.env.
Supported environment config variables include:
| Variable | Meaning |
|---|---|
DB_DSN |
Used for connecting to a database (should start with postgres://). |
DISABLE_GUI |
Disables integrated webpage (default: false). |
HTTP_LISTEN |
Specifies TCP address for server to listen on (default: :http/:https depending on TLS). |
HTTP_READ_TIMEOUT |
Maximum duration for reading entire request (default: 30s). |
HTTP_WRITE_TIMEOUT |
Maximum duration before timing out writes of the response (default: 30s). |
HTTP_SHUTDOWN_TIMEOUT |
Maximum duration before server shutdown is forced (default `30s). |
HTTP_GZIP |
Use gzip compression for requests (default false). |
HTTP_CORS_RESOURCE_API_ENABLED |
Use CORS for resource API (issuers, products, licenses) (default: false). |
HTTP_CORS_LICENSING_API_ENABLED |
Use CORS for licensing API (creating, refreshing license sessions) (default: false). |
HTTP_CORS_ALLOWED_ORIGINS |
Allowed origins for CORS. |
HTTP_TLS_CERT_FILE |
TLS certificate file. |
HTTP_TLS_KEY_FILE |
TLS private key file. |
INTERNAL_SOCKET |
Socket path for internal CLI (default: /run/licensing-server.sock). |
LICENSING_SERVER_KEY |
Licensing server's private key, base64 encoded. |
LICENSING_MAX_TIME_DRIFT |
Max allowed time drift between server and client (default: 6h). |
LICENSING_CLEANUP_INTERVAL |
Inactive/expired/overused license sessions cleanup interval (default: 20m). |
LICENSING_REFRESH_MIN |
License session minimum refresh duration (default: 5m). |
LICENSING_REFRESH_MAX |
License session maximum refresh duration (default: 2h). |
LICENSING_REFRESH_JITTER |
License session refresh duration variance, 0.0-1.0 (default: 0.1). |
LICENSING_LIMITER_SESSION_EVERY |
New license sessions creation rate limiter to allow every x interval (default: 10m). |
LICENSING_LIMITER_BURST_TOTAL |
New license sessions creation rate limiter max burst worth in session time (default: 8h). |
LICENSING_LIMITER_CACHE_EXPIRATION |
New license sessions creation rate limiter cache expiration (default: 24h). |
LICENSING_LIMITER_CACHE_CLEANUP_INTERVAL |
New license sessions creation rate limiter cache cleanup interval (default: 1h). |
MIN_PASSWD_ENTROPY |
Minimum required entropy for issuer passwords, see zxcvbn (default: 30). |
See cmd/server/config.go.