Move documentation from branch to subfolder

Author: axxelG

docs/config.md

@@ -0,0 +1,54 @@
+# Config
+
+## Config settings
+
+| Property            | Description | Default |
+|---------------------|-------------|---------|
+| ConfigFile          | Path and filename to the config file     | OS dependent |
+| LogFileMain         | Path and filename to the main log file   | stdout |
+| LogFileHTTPError    | Path and filename to the HTTP error log  | stdout |
+| LogFileHTTPAccess   | Path and filename to the HTTP access log | stdout |
+| ControlsFiles       | Path of the directory containing controls files | OS dependent |
+| ListenPort          | Local TCP port where loxwebhook will listen. You can choose any [valid](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers) and free local port as long as loxwebhook is reachable on port 443 from the public internet.  | 443 |
+| PublicURI           | URI (host and domain) where loxwebhook will be reachable on the public internet | none |
+| LetsEncryptCache    | Path of the directory where we will store the Let's Encrypt cache. It's important to keep the cache during restarts to avoid hitting Let's Encrypt [rate limits](https://letsencrypt.org/docs/rate-limits/) | `./cache/letsencrypt` |
+| MiniserverURL       | URL to reach the Loxone Miniserver including protocol and port `http://192.168.123.1:80` | none |
+| MiniserverUser      | Username to access the Loxone Miniserver | `admin` |
+| MiniserverPassword  | Password to access the Loxone Miniserver | `admin` |
+| MiniserverTimeout   | Timeout (seconds) for requests to Loxone Miniserver | 2 |
+
+## Set config values
+
+You can set config values in a config file, set environment variables or set flags when you start loxwebhook.
+
+Settings in environment variables will overwrite settings in a config file and settings given by flags will overwrite both.
+
+## Config file
+
+You can use `config.example.toml` ([online](https://github.com/axxelG/loxwebhook/blob/master/config.example.toml)) as a starting point
+
+The default location for the config file depends on the operating system.
+
+- Windows: `.\config.toml`
+- Other (Linux): `/etc/loxwebhook/config.toml`
+
+You can set a custom file location via environment variable or by flag
+
+- Environment variable: Set `LOXWEBHOOK_CONFIG` to `<path>/<filename>`
+- Flag: Call `loxwebhook --config <path>/<filename>`
+
+## Environment variables
+
+- Must be prefixed with `LOXWEBHOOK_`
+- Must be all uppercase
+
+Examples:
+
+- Windows:
+  - cmd `set LOXWEBHOOK_LISTENPORT=1234`
+  - powershell `$env:LOXWEBHOOK_LISTENPORT = 1234`
+- Linux: `export LOXWEBHOOK_LISTENPORT=1234`
+
+## Flags
+
+Use `loxwebhook -h` to get a list with all possible flags

docs/controls_files.md

@@ -0,0 +1,68 @@
+# controls files
+
+## Controls directory
+
+You can use `controls.d/example.toml.disable` ([online version](https://github.com/axxelG/loxwebhook/blob/master/controls.d/example.toml.disabled)) as a good starting point to create your own controls file.
+
+All filles ending with `.toml` in the controls directory will be imported.
+
+The decision to keep everything in one file or use multiple files is up to you. All authentication keys and names of controls must be unique for all files. If you have configured an authentication key `Key1` in `file1.toml` you cannot configure `Key1` again in `file2.toml` but you can use `Key1` in a control definition in `file2.toml`.
+
+## Controls files
+
+Control files must be valid [TOML](https://github.com/toml-lang/toml)
+
+### Section `[AuthKeys]`
+
+List of key/value pairs. Format: `name = "key"`
+You can use any ASCII-Character (A-Z upper and lower case), numbers, hyphens (-) and underscores (_). Authentication keys are case sensitive.
+
+Example
+
+```toml
+[AuthKeys]
+testOne   = "43b2c690-f281-42bb-af2d-979f5dbe9517"
+testTwo   = "69b9a1ad-1224-4c93-8411-e88e65ebe582"
+testThree = "84627dbd-bd68-476f-9e53-35522285783b"
+```
+
+### Section `[Controls]`
+
+Table (dictionary) of control definitions.
+
+### Control definition
+
+The name of a control definition must only consist of ASCII-Characters (A-Z), numbers, hyphens (-) and underscores (_).
+
+| Field    | Descriptions                                                  |
+|----------|---------------------------------------------------------------|
+| Category | Type of control. Currently only `dvi` for "digital virtual input" is supported  |
+| ID | Miniserver internal ID number of the control. You can find the ID number in Loxone Config if you select the control and look at Property / Common / Connection |
+| Allowed  | Array of allowed commands. You can find a list of allowed command on the [Loxone website](https://www.loxone.com/enen/kb/web-services/) |
+| AuthKeys | Array of key names that can access this control. The names must exactly match a name configured in Section `[AuthKeys]`. You can use authentication keys defined in another controls file. |
+
+Examples
+
+```toml
+[Controls.test1]
+Category = "dvi"
+ID = 7
+Allowed = [
+    "on",
+]
+AuthKeys = [
+    "testOne",
+]
+
+[Controls.test2]
+Category = "dvi"
+ID = 6
+Allowed = [
+    "on",
+    "off",
+]
+AuthKeys = [
+    "testTwo",
+    "testThree",
+]
+```

docs/index.md

@@ -0,0 +1,12 @@
+# loxwebhook
+
+## Quickstart
+
+You can find everything you need for a quick start on the projects github page: [https://github.com/axxelG/loxwebhook](https://github.com/axxelG/loxwebhook)
+
+## Documentation
+
+- [Security Q & A](security_qa.md)
+- [Config](config.md)
+- [Request](request.md)
+- [Controls files](controls_files.md)

docs/request.md

@@ -0,0 +1,25 @@
+# Request
+
+## Parts of a request
+
+A request to loxwebhook looks like this:
+
+`https://your.domain.com/dvi/garage_door/open?k=11111111-1111-1111-1111-111111111111`
+
+or more abstract
+
+`https://domain/control_type/control_name/control_action?k=SecretKey`
+
+| Part             | Description |
+| ---------        | ---------------------------------- |
+| domain           | The domain where the server that runs loxwebhook is reachable |
+| control_type     | The type of the control we are accessing. Currently only `dvi` for "Digital virtual input" is supported |
+| control_name     | The name of the control. It must exactly match the name we used in the [controls file](controls_files.md). |
+| control_action | The action we want to send to the control. The action must be allowed in the [controls file](controls_files.md). |
+| SecretKey        | A secret key configured in the [controls file](controls_files.md). Please read and understand the [Security Q&A](security_qa.md) before you choose a key. |
+
+## Additional parameters
+
+| Parameter   | Descriptions |
+|-------------|--------------|
+| simulate    | Prevents loxwebhook from sending requests to the Loxone Miniserver and returns config details |

docs/security_qa.md

@@ -0,0 +1,21 @@
+# Security Q & A
+
+## Is it secure to use loxwebhook and expose my Loxone Miniserver to the public internet?
+
+Yes, beside the fact that it is never 100 % secure to connect something to the internet, you can consider the usage as secure. Loxwebhook has implemented measurements to mitigate the risks:
+
+1. **Key authentication** A request is only forwarded to the Loxone Miniserver if a matching authentication key is provided. Please read the question "How can I be sure my authentication keys are secure?" on this page.
+
+1. **Transport layer encryption** Data that is transferred over the public internet is [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) encrypted. Only [https](https://en.wikipedia.org/wiki/HTTPS) connections are allowed. A widely trusted [CA](https://en.wikipedia.org/wiki/Certificate_authority) ([Let's Encrypt](https://letsencrypt.org/)) is used. This keeps the data save while it is on the public internet.
+
+1. **Rate limiting for Requests** Loxwebhook does not accept more than ~1 request per second. This makes [brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) on the secret keys nearly impossible and prevents the Loxone Miniserver from being overloaded.
+
+Beside all security measurements provided by Loxwebhook you need to be aware that every use case for loxwebhook involves someone who sends requests. You need to trust this second party.
+
+## How can I be sure my authentication keys are secure?
+
+Everybody who knows a key can access the assigned control(s) on you Loxone Miniserver. That's why you must keep them secret. You can (and should) use any ASCII-Character (A-Z upper and lower case), numbers, hyphens (-) and underscores (_).
+
+- Use hard to guess and long keys. It's obvious that a key like "lamp" is not suitable. UUIDs are a good choice. You can easily create them. Use `cat /proc/sys/kernel/random/uuid` on Linux or `[guid]::NewGuid()` in Windows Powershell.
+
+- Create a unique authentication key for every purpose.

docs/supported_os.md

@@ -0,0 +1,9 @@
+# Supported operating systems
+
+| OS          | Support                             | Install |
+|-------------|-------------------------------------|---------|
+| Raspian     | Fully tested and used in production | .deb-package
+| Debian      | Not tested but very likely to work  | .deb-package
+| Other Linux | Not tested but might work           | binaries provided manually config necessary |
+| Windows 10  | Tested during development but not in production | binaries provided manually config necessary |
+| Windows Server 2016 | Will most probably work but is not tested | binaries provided manually config necessary |