Skip to content
Snippets Groups Projects
Commit 07772f2f authored by 🥺's avatar 🥺 :transgender_flag: Committed by 🥺
Browse files

document conduit direct TLS support + logging 


Signed-off-by: default avatarstrawberry <strawberry@puppygock.gay>
parent 67b307c7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
conduwuit-example.toml
+ 12
1
View file @ 07772f2f
...@@ -276,4 +276,15 @@ allow_check_for_updates = true ...@@ -276,4 +276,15 @@ allow_check_for_updates = true
#presence_idle_timeout_s = 300 #presence_idle_timeout_s = 300
# Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes. # Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes.
#presence_offline_timeout_s = 1800 #presence_offline_timeout_s = 1800
\ No newline at end of file
# Other options not in [global]:
#
#
# Enables running conduwuit with direct TLS support
# It is strongly recommended you use a reverse proxy instead. This is primarily relevant for test suites like complement that require a private CA setup.
# [global.tls]
# certs = "/path/to/my/certificate.crt"
# key = "/path/to/my/private_key.key"
\ No newline at end of file
src/main.rs
+ 11
2
View file @ 07772f2f
...@@ -233,7 +233,7 @@ async fn main() { ...@@ -233,7 +233,7 @@ async fn main() {
info!("Starting server"); info!("Starting server");
if let Err(e) = run_server().await { if let Err(e) = run_server().await {
error!("Critical error running server: {}", e); error!("Critical error starting server: {}", e);
}; };
// if server runs into critical error and shuts down, shut down the tracer provider if jaegar is used. // if server runs into critical error and shuts down, shut down the tracer provider if jaegar is used.
...@@ -359,7 +359,13 @@ async fn run_server() -> io::Result<()> { ...@@ -359,7 +359,13 @@ async fn run_server() -> io::Result<()> {
} else { } else {
match &config.tls { match &config.tls {
Some(tls) => { Some(tls) => {
debug!(
"Using direct TLS. Certificate path {} and certificate private key path {}",
&tls.certs, &tls.key
);
info!("Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS.");
let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?; let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
debug!("Rustlsconfig: {:?}", conf);
let mut join_set = JoinSet::new(); let mut join_set = JoinSet::new();
for addr in &addrs { for addr in &addrs {
...@@ -373,7 +379,10 @@ async fn run_server() -> io::Result<()> { ...@@ -373,7 +379,10 @@ async fn run_server() -> io::Result<()> {
#[cfg(feature = "systemd")] #[cfg(feature = "systemd")]
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]); let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
info!("Listening on {:?}", addrs); info!(
"Listening on {:?} with TLS certificates {}",
addrs, &tls.certs
);
join_set.join_next().await; join_set.join_next().await;
} }
None => { None => {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment