1COAP-SERVER(5)                coap-server Manual                COAP-SERVER(5)
2
3
4

NAME

6       coap-server, coap-server-gnutls, coap-server-mbedtls, coap-server-
7       openssl, coap-server-notls - CoAP Server based on libcoap
8

SYNOPSIS

10       coap-server [-d max] [-e] [-g group] [-G group_if] [-l loss] [-p port]
11       [-v num] [-A address] [-L value] [-N] [-P
12       scheme://addr[:port],name1[,name2..]] [[-h hint] [-i
13       match_identity_file] [-k key] [-s match_psk_sni_file] [-u user]] [[-c
14       certfile] [-j keyfile] [-n] [-C cafile] [-J pkcs11_pin] [-M rpk_file]
15       [-R trust_casfile] [-S match_pki_sni_file]]
16
17       For coap-server versions that use libcoap compiled for different (D)TLS
18       libraries, coap-server-notls, coap-server-gnutls, coap-server-openssl,
19       coap-server-mbedtls or coap-server-tinydtls may be available.
20       Otherwise, coap-server uses the default libcoap (D)TLS support.
21

DESCRIPTION

23       coap-server is an example server for the 'Constrained Application
24       Protocol` (RFC 7252).
25

OPTIONS - GENERAL

27       -d max
28           Enable support for creation of dynamic resources when doing a PUT
29           up to a limit of max. If max is reached, a 4.06 code is returned
30           until one of the dynamic resources has been deleted.
31
32       -e
33           Echo back the data sent with a PUT.
34
35       -g group
36           Join specified multicast group on start up.  Note: DTLS over
37           multicast is not currently supported.
38
39       -G group_if
40           Use this interface for listening for the multicast group. This can
41           be different from the implied interface if the -A option is used.
42
43       -l list
44           Fail to send some datagrams specified by a comma separated list of
45           numbers or number ranges (debugging only).
46
47       -l loss%
48           Randomly failed to send datagrams with the specified probability -
49           100% all datagrams, 0% no datagrams (debugging only).
50
51       -p port
52           The port on the given address will be listening for incoming
53           connections. If (D)TLS is supported, then port + 1 will also be
54           listened on for (D)TLS connections. The default port is 5683 if not
55           given any other value.
56
57       -v num
58           The verbosity level to use (default 3, maximum is 9). Above 7,
59           there is increased verbosity in GnuTLS and OpenSSL logging.
60
61       -A address
62           The local address of the interface which the server has to listen
63           on.
64
65       -L value
66           Sum of one or more COAP_BLOCK_* flag values for different block
67           handling methods. Default is 1 (COAP_BLOCK_USE_LIBCOAP).
68
69               COAP_BLOCK_USE_LIBCOAP  1
70               COAP_BLOCK_SINGLE_BODY  2
71
72       -N
73           Send NON-confirmable message for "observe" responses. If option -N
74           is not specified, a confirmable response will be sent. Even if set,
75           every fifth response will still be sent as a confirmable response
76           (RFC 7641 requirement).
77
78       -P scheme://address[:port],name1[,name2[,name3..]]
79           Scheme, address, optional port of how to connect to the next proxy
80           server and one or more names (comma separated) that this proxy
81           server is known by. If the hostname of the incoming proxy request
82           matches one of these names, then this server is considered to be
83           the final endpoint. If scheme://address[:port] is not defined
84           before the leading , (comma) of the first name, then the ongoing
85           connection will be a direct connection. Scheme is one of coap,
86           coaps, coap+tcp and coaps+tcp.
87

OPTIONS - PSK

89       (If supported by underlying (D)TLS library)
90
91       -h hint
92           Identity Hint to send. Default is CoAP. Zero length is no hint.
93
94       -i match_identiity_file
95           This is a file that contains one or more lines of Identity Hints
96           and (user) Identities to match for a different new Pre-Shared Key
97           (PSK) (comma separated) to be used. E.g., per line
98
99           hint_to_match,identity_to_match,use_key
100
101           A line that starts with # is treated as a comment.
102
103           Note: -k still needs to be defined for the default case.
104
105           Note: A match using the -s option may mean that the current
106           Identity Hint is different to that defined by -h.
107
108       -k key
109           Pre-shared key to use for inbound connections. This cannot be empty
110           if defined.
111
112           Note: if -c cafile is defined, you need to define -k key as well to
113           have the server support both PSK and PKI.
114
115       -s match_psk_sni_file
116           This is a file that contains one or more lines of received Subject
117           Name Identifier (SNI) to match to use a different Identity Hint and
118           associated Pre-Shared Key (PSK) (comma separated) instead of the -h
119           hint and -k key options. E.g., per line
120
121           sni_to_match,use_hint,with_key
122
123           Note: -k key still needs to be defined for the default case if
124           there is not a match.
125
126           Note: The associated Pre-Shared Key will get updated if there is
127           also a -i match. The update checking order is -s followed by -i.
128
129       -u user
130           User identity for pre-shared key mode (only used if option -P is
131           set).
132

OPTIONS - PKI

134       (If supported by underlying (D)TLS library)
135
136       Note: If any one of certfile, keyfile or cafile is in PKCS11 URI naming
137       format (pkcs11: prefix), then any remaining non PKCS11 URI file
138       definitions have to be in DER, not PEM, format. Otherwise all of
139       certfile, keyfile or cafile are in PEM format.
140
141       -c certfile
142           PEM file or PKCS11 URI for the certificate. The private key can
143           also be in the PEM file, or has the same PKCS11 URI. If not, the
144           private key is defined by -j keyfile.
145
146           Note: if -k key is defined, you need to define -c certfile as well
147           to have the server support both PSK and PKI.
148
149       -j keyfile
150           PEM file or PKCS11 URI for the private key for the certificate in
151           -c certfile if the parameter is different from certfile in -c
152           certfile.
153
154       -n
155           Disable remote peer certificate checking. This gives clients the
156           ability to use PKI, but without any defined certificates.
157
158       -C cafile
159           PEM file or PKCS11 URI that contains a list of one or more CAs that
160           are to be passed to the client for the client to determine what
161           client certificate to use. Normally, this list of CAs would be the
162           root CA and and any intermediate CAs. Ideally the server
163           certificate should be signed by the same CA so that mutual
164           authentication can take place. The contents of cafile are added to
165           the trusted store of root CAs. Using the -C or -R options will will
166           trigger the validation of the client certificate unless overridden
167           by the -n option.
168
169       -J pkcs11_pin
170           The user pin to unlock access to the PKCS11 token.
171
172       -M
173           Raw Public Key (RPK) PEM file or PKCS11 URI that contains both
174           PUBLIC KEY and PRIVATE KEY or just EC PRIVATE KEY. (GnuTLS and
175           TinyDTLS(PEM) support only).  -C cafile or -R trust_casfile are not
176           required.
177
178       -R trust_casfile
179           PEM file containing the set of trusted root CAs that are to be used
180           to validate the client certificate. Alternatively, this can point
181           to a directory containing a set of CA PEM files. The -C cafile CA
182           does not have to be in this list and is trusted for the validation.
183           Using -R trust_casfile disables common CA mutual authentication
184           which can only be done by using -C cafile. Using the -C or -R
185           options will will trigger the validation of the server certificate
186           unless overridden by the -n option.
187
188       -S match_pki_sni_file
189           This option denotes a file that contains one or more lines of
190           Subject Name Identifier (SNI) to match for new certificate File and
191           new CA File (comma separated) to be used. E.g., entry per line
192
193           sni_to_match,new_cert_file,new_ca_file
194
195           A line that starts with # is treated as a comment.
196
197           Note: -c certfile and -C cafile still needs to be defined for the
198           default case
199

EXAMPLES

201       •   Example
202
203           coap-server -A ::1
204
205       Let the server listen on localhost (port 5683) for UDP/TCP.
206
207       •   Example
208
209           coap-server -A ::1 -k mysecretKey -h myhint
210
211       Let the server listen on localhost (port 5683 for UDP/TCP and port 5684
212       for DTLS/TLS) with the server set up for PSK authentication if the
213       client uses coaps:// or coaps+tcp://.
214
215       •   Example
216
217           coap-server -A ::1 -k mysecretKey -h myhint -p 13011
218
219       The same, except the UDP/TCP listening port is 13011 and the DTLS/TLS
220       listening port is 13012 (and not the default ports 5683 and 5684).
221
222       •   Example
223
224           coap-server -A 2001:db8:81a8:0:6ef0:dead:feed:beef -v 5
225
226       The listening address is set to 2001:db8:81a8:0:6ef0:dead:feed:beef and
227       the verbosity level is set to 5.
228
229       •   Example
230
231           coap-server -A 2001:db8:81a8:0:6ef0:dead:feed:beef -g FF02::FD
232
233       Set listening address to 2001:db8:81a8:0:6ef0:dead:feed:beef and join
234       the All CoAP Nodes multicast group FF02::FD.
235

FILES

237       There are no configuration files.
238

EXIT STATUS

240       0
241           Success
242
243       1
244           Failure (syntax or usage error; configuration error; document
245           processing failure; unexpected error)
246

BUGS

248       Please report bugs on the mailing list for libcoap:
249       libcoap-developers@lists.sourceforge.net or raise an issue on GitHub at
250       https://github.com/obgm/libcoap/issues
251

AUTHORS

253       The libcoap project <libcoap-developers@lists.sourceforge.net>
254
255
256
257coap-server 4.3.0                 07/22/2021                    COAP-SERVER(5)
Impressum