codex_server is the binary for the server.
The following command-line options are recognized:
-c <config_file> The configuration file for this server.-s <section> The relevant section of the configuration file. If not provided, the default section will be used.nhosts The number of servers in the quorum system.hostnum The number identifying this server. Valid numbers are 0 through nhosts-1.host<i> The address of server number <i>. There should be one of these fields for each of the nhosts servers.ciphers A list of ciphers to use in creating secure links, in order of preference. Since codex_server uses the TLSv1 protocol, the appropriate value of this parameter can be obtained by running the command openssl ciphers -tls1client_port This specifies the port on which this server listens for client connections.server_port [optional] If present, this specifies the port on which servers listen for connections from other servers.server_port<i> [optional] If present, this specifies the port on server <i> on which it listens for connections from other servers. Either server_port must be defined or this field must be specified for every server. A mixed mode is allowed, if some servers are exceptions to the general configuration.ca_cert_file The file (in PEM format) containing the certification authority's certificate.service_cert_file The file (in PEM format) containing the service's certificate.server<i>_cert_file The file (in PEM format) containing the certificate for server <i>.service_eg_public_file The file (in ASN.1 format) containing the service's ElGamal public key.server_private_file The file (in PEM format) containing this server's RSA private key.private_key_passwd [optional] The password for reading the private key in server_private_file. It is not advised to define this, but it is provided to simplify testing.rsa_shares_file The file (in ASN.1 format) containing this server's shares of the service's RSA private key.rsa_witness_file The file (in ASN.1 format) containing the public witness for the service's RSA private key.elgamal_shares_file The file (in ASN.1 format) containing this server's shares of the service's ElGamal private key.elgamal_witness_file The file (in ASN.1 format) containing the public witness for the service's ElGamal private key.apss_interval The amount of time between runs of the APSS protocol, in seconds. In order to optimize for a designated coordinator simply set one server's interval a suitable amount smaller than the rest.[ server1 ] nhosts = 4 hostnum = 1 # Refresh shares every 5 minutes. apss_interval = 300 # This is an artificially short list. ciphers = EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA host0 = foo1.bar.org host1 = foo2.bar.org host2 = foo3.bar.org host3 = foo4.bar.org # Server 2 listens for other servers on a different port than the others. client_port = 3456 server_port = 4567 server_port2 = 4568 public_dir = /etc/CODEX/pubkeys ca_cert_file = ${public_dir}/CA.cert.pem service_cert_file = ${public_dir}/service.cert.pem rsa_witness_file = ${public_dir}/service.rsa.witness server0_cert_file = ${public_dir}/foo1.cert.pem server1_cert_file = ${public_dir}/foo2.cert.pem server2_cert_file = ${public_dir}/foo3.cert.pem server3_cert_file = ${public_dir}/foo4.cert.pem service_eg_public_file = ${public_dir}/service.eg.pub elgamal_witness_file = ${public_dir}/service.eg.witness private_dir = /etc/CODEX/privkeys server_private_file = ${private_dir}/foo2.private.pem rsa_shares_file = ${private_dir}/foo2.rsa.shares elgamal_shares_file = ${private_dir}/foo2.elgamal.shares
The command-line option -s server1 would then be supplied to specify that this is the section to load. If multiple servers share a common configuration file, the common configuration can be put in the default (unnamed) section and server-specific information in the named sections.
1.2.18