forked from TrueCloudLab/rclone
docs: mention in serve tls options when value is path to file - fixes #8232
This commit is contained in:
parent
27f448d14d
commit
19f4580aca
2 changed files with 29 additions and 26 deletions
|
@ -18,29 +18,31 @@ If you just want to run a remote control then see the [rcd](/commands/rclone_rcd
|
||||||
|
|
||||||
### --rc
|
### --rc
|
||||||
|
|
||||||
Flag to start the http server listen on remote requests
|
Flag to start the http server listen on remote requests.
|
||||||
|
|
||||||
### --rc-addr=IP
|
### --rc-addr=IP
|
||||||
|
|
||||||
IPaddress:Port or :Port to bind server to. (default "localhost:5572")
|
IPaddress:Port or :Port to bind server to. (default "localhost:5572").
|
||||||
|
|
||||||
### --rc-cert=KEY
|
### --rc-cert=KEY
|
||||||
SSL PEM key (concatenation of certificate and CA certificate)
|
|
||||||
|
SSL PEM key (concatenation of certificate and CA certificate).
|
||||||
|
|
||||||
### --rc-client-ca=PATH
|
### --rc-client-ca=PATH
|
||||||
Client certificate authority to verify clients with
|
|
||||||
|
Client certificate authority to verify clients with.
|
||||||
|
|
||||||
### --rc-htpasswd=PATH
|
### --rc-htpasswd=PATH
|
||||||
|
|
||||||
htpasswd file - if not provided no authentication is done
|
htpasswd file - if not provided no authentication is done.
|
||||||
|
|
||||||
### --rc-key=PATH
|
### --rc-key=PATH
|
||||||
|
|
||||||
SSL PEM Private key
|
TLS PEM private key file.
|
||||||
|
|
||||||
### --rc-max-header-bytes=VALUE
|
### --rc-max-header-bytes=VALUE
|
||||||
|
|
||||||
Maximum size of request header (default 4096)
|
Maximum size of request header (default 4096).
|
||||||
|
|
||||||
### --rc-min-tls-version=VALUE
|
### --rc-min-tls-version=VALUE
|
||||||
|
|
||||||
|
@ -57,15 +59,15 @@ Password for authentication.
|
||||||
|
|
||||||
### --rc-realm=VALUE
|
### --rc-realm=VALUE
|
||||||
|
|
||||||
Realm for authentication (default "rclone")
|
Realm for authentication (default "rclone").
|
||||||
|
|
||||||
### --rc-server-read-timeout=DURATION
|
### --rc-server-read-timeout=DURATION
|
||||||
|
|
||||||
Timeout for server reading data (default 1h0m0s)
|
Timeout for server reading data (default 1h0m0s).
|
||||||
|
|
||||||
### --rc-server-write-timeout=DURATION
|
### --rc-server-write-timeout=DURATION
|
||||||
|
|
||||||
Timeout for server writing data (default 1h0m0s)
|
Timeout for server writing data (default 1h0m0s).
|
||||||
|
|
||||||
### --rc-serve
|
### --rc-serve
|
||||||
|
|
||||||
|
|
|
@ -66,20 +66,21 @@ https. You will need to supply the ` + "`--{{ .Prefix }}cert` and `--{{ .Prefix
|
||||||
If you wish to do client side certificate validation then you will need to
|
If you wish to do client side certificate validation then you will need to
|
||||||
supply ` + "`--{{ .Prefix }}client-ca`" + ` also.
|
supply ` + "`--{{ .Prefix }}client-ca`" + ` also.
|
||||||
|
|
||||||
` + "`--{{ .Prefix }}cert`" + ` should be a either a PEM encoded certificate or a concatenation
|
` + "`--{{ .Prefix }}cert`" + ` must be set to the path of a file containing
|
||||||
of that with the CA certificate. ` + "`--k{{ .Prefix }}ey`" + ` should be the PEM encoded
|
either a PEM encoded certificate, or a concatenation of that with the CA
|
||||||
private key and ` + "`--{{ .Prefix }}client-ca`" + ` should be the PEM encoded client
|
certificate. ` + "`--{{ .Prefix }}key`" + ` must be set to the path of a file
|
||||||
certificate authority certificate.
|
with the PEM encoded private key. ` + "If setting `--{{ .Prefix }}client-ca`" + `,
|
||||||
|
it should be set to the path of a file with PEM encoded client certificate
|
||||||
|
authority certificates.
|
||||||
|
|
||||||
` + "`--{{ .Prefix }}min-tls-version`" + ` is minimum TLS version that is acceptable. Valid
|
` + "`--{{ .Prefix }}min-tls-version`" + ` is minimum TLS version that is acceptable. Valid
|
||||||
values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
|
values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
|
||||||
"tls1.0").
|
|
||||||
|
|
||||||
### Socket activation
|
### Socket activation
|
||||||
|
|
||||||
Instead of the listening addresses specified above, rclone will listen to all
|
Instead of the listening addresses specified above, rclone will listen to all
|
||||||
FDs passed by the service manager, if any (and ignore any arguments passed by ` +
|
FDs passed by the service manager, if any (and ignore any arguments passed
|
||||||
"--{{ .Prefix }}addr`" + `).
|
by ` + "`--{{ .Prefix }}addr`" + `).
|
||||||
|
|
||||||
This allows rclone to be a socket-activated service.
|
This allows rclone to be a socket-activated service.
|
||||||
It can be configured with .socket and .service unit files as described in
|
It can be configured with .socket and .service unit files as described in
|
||||||
|
@ -162,11 +163,11 @@ type Config struct {
|
||||||
ServerReadTimeout time.Duration `config:"server_read_timeout"` // Timeout for server reading data
|
ServerReadTimeout time.Duration `config:"server_read_timeout"` // Timeout for server reading data
|
||||||
ServerWriteTimeout time.Duration `config:"server_write_timeout"` // Timeout for server writing data
|
ServerWriteTimeout time.Duration `config:"server_write_timeout"` // Timeout for server writing data
|
||||||
MaxHeaderBytes int `config:"max_header_bytes"` // Maximum size of request header
|
MaxHeaderBytes int `config:"max_header_bytes"` // Maximum size of request header
|
||||||
TLSCert string `config:"cert"` // Path to TLS PEM key (concatenation of certificate and CA certificate)
|
TLSCert string `config:"cert"` // Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)
|
||||||
TLSKey string `config:"key"` // Path to TLS PEM Private key
|
TLSKey string `config:"key"` // Path to TLS PEM private key file
|
||||||
TLSCertBody []byte `config:"-"` // TLS PEM key (concatenation of certificate and CA certificate) body, ignores TLSCert
|
TLSCertBody []byte `config:"-"` // TLS PEM public key certificate body (can also include intermediate/CA certificates), ignores TLSCert
|
||||||
TLSKeyBody []byte `config:"-"` // TLS PEM Private key body, ignores TLSKey
|
TLSKeyBody []byte `config:"-"` // TLS PEM private key body, ignores TLSKey
|
||||||
ClientCA string `config:"client_ca"` // Client certificate authority to verify clients with
|
ClientCA string `config:"client_ca"` // Path to TLS PEM CA file with certificate authorities to verify clients with
|
||||||
MinTLSVersion string `config:"min_tls_version"` // MinTLSVersion contains the minimum TLS version that is acceptable.
|
MinTLSVersion string `config:"min_tls_version"` // MinTLSVersion contains the minimum TLS version that is acceptable.
|
||||||
AllowOrigin string `config:"allow_origin"` // AllowOrigin sets the Access-Control-Allow-Origin header
|
AllowOrigin string `config:"allow_origin"` // AllowOrigin sets the Access-Control-Allow-Origin header
|
||||||
}
|
}
|
||||||
|
@ -177,9 +178,9 @@ func (cfg *Config) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
|
||||||
flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix)
|
flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix)
|
||||||
flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix)
|
flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix)
|
||||||
flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix)
|
flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)", prefix)
|
flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "TLS PEM Private key", prefix)
|
flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "Path to TLS PEM private key file", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Client certificate authority to verify clients with", prefix)
|
flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Path to TLS PEM CA file with certificate authorities to verify clients with", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix)
|
flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix)
|
flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix)
|
||||||
flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix)
|
flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix)
|
||||||
|
|
Loading…
Reference in a new issue