1
mirror of https://github.com/rclone/rclone synced 2025-01-20 01:07:29 +01:00

docs: mention in serve tls options when value is path to file - fixes #8232

This commit is contained in:
albertony 2024-12-06 22:08:17 +01:00 committed by Nick Craig-Wood
parent 27f448d14d
commit 19f4580aca
2 changed files with 29 additions and 26 deletions

View File

@ -18,29 +18,31 @@ If you just want to run a remote control then see the [rcd](/commands/rclone_rcd
### --rc ### --rc
Flag to start the http server listen on remote requests Flag to start the http server listen on remote requests.
### --rc-addr=IP ### --rc-addr=IP
IPaddress:Port or :Port to bind server to. (default "localhost:5572") IPaddress:Port or :Port to bind server to. (default "localhost:5572").
### --rc-cert=KEY ### --rc-cert=KEY
SSL PEM key (concatenation of certificate and CA certificate)
SSL PEM key (concatenation of certificate and CA certificate).
### --rc-client-ca=PATH ### --rc-client-ca=PATH
Client certificate authority to verify clients with
Client certificate authority to verify clients with.
### --rc-htpasswd=PATH ### --rc-htpasswd=PATH
htpasswd file - if not provided no authentication is done htpasswd file - if not provided no authentication is done.
### --rc-key=PATH ### --rc-key=PATH
SSL PEM Private key TLS PEM private key file.
### --rc-max-header-bytes=VALUE ### --rc-max-header-bytes=VALUE
Maximum size of request header (default 4096) Maximum size of request header (default 4096).
### --rc-min-tls-version=VALUE ### --rc-min-tls-version=VALUE
@ -57,15 +59,15 @@ Password for authentication.
### --rc-realm=VALUE ### --rc-realm=VALUE
Realm for authentication (default "rclone") Realm for authentication (default "rclone").
### --rc-server-read-timeout=DURATION ### --rc-server-read-timeout=DURATION
Timeout for server reading data (default 1h0m0s) Timeout for server reading data (default 1h0m0s).
### --rc-server-write-timeout=DURATION ### --rc-server-write-timeout=DURATION
Timeout for server writing data (default 1h0m0s) Timeout for server writing data (default 1h0m0s).
### --rc-serve ### --rc-serve

View File

@ -66,20 +66,21 @@ https. You will need to supply the ` + "`--{{ .Prefix }}cert` and `--{{ .Prefix
If you wish to do client side certificate validation then you will need to If you wish to do client side certificate validation then you will need to
supply ` + "`--{{ .Prefix }}client-ca`" + ` also. supply ` + "`--{{ .Prefix }}client-ca`" + ` also.
` + "`--{{ .Prefix }}cert`" + ` should be a either a PEM encoded certificate or a concatenation ` + "`--{{ .Prefix }}cert`" + ` must be set to the path of a file containing
of that with the CA certificate. ` + "`--k{{ .Prefix }}ey`" + ` should be the PEM encoded either a PEM encoded certificate, or a concatenation of that with the CA
private key and ` + "`--{{ .Prefix }}client-ca`" + ` should be the PEM encoded client certificate. ` + "`--{{ .Prefix }}key`" + ` must be set to the path of a file
certificate authority certificate. with the PEM encoded private key. ` + "If setting `--{{ .Prefix }}client-ca`" + `,
it should be set to the path of a file with PEM encoded client certificate
authority certificates.
` + "`--{{ .Prefix }}min-tls-version`" + ` is minimum TLS version that is acceptable. Valid ` + "`--{{ .Prefix }}min-tls-version`" + ` is minimum TLS version that is acceptable. Valid
values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
"tls1.0").
### Socket activation ### Socket activation
Instead of the listening addresses specified above, rclone will listen to all Instead of the listening addresses specified above, rclone will listen to all
FDs passed by the service manager, if any (and ignore any arguments passed by ` + FDs passed by the service manager, if any (and ignore any arguments passed
"--{{ .Prefix }}addr`" + `). by ` + "`--{{ .Prefix }}addr`" + `).
This allows rclone to be a socket-activated service. This allows rclone to be a socket-activated service.
It can be configured with .socket and .service unit files as described in It can be configured with .socket and .service unit files as described in
@ -162,11 +163,11 @@ type Config struct {
ServerReadTimeout time.Duration `config:"server_read_timeout"` // Timeout for server reading data ServerReadTimeout time.Duration `config:"server_read_timeout"` // Timeout for server reading data
ServerWriteTimeout time.Duration `config:"server_write_timeout"` // Timeout for server writing data ServerWriteTimeout time.Duration `config:"server_write_timeout"` // Timeout for server writing data
MaxHeaderBytes int `config:"max_header_bytes"` // Maximum size of request header MaxHeaderBytes int `config:"max_header_bytes"` // Maximum size of request header
TLSCert string `config:"cert"` // Path to TLS PEM key (concatenation of certificate and CA certificate) TLSCert string `config:"cert"` // Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)
TLSKey string `config:"key"` // Path to TLS PEM Private key TLSKey string `config:"key"` // Path to TLS PEM private key file
TLSCertBody []byte `config:"-"` // TLS PEM key (concatenation of certificate and CA certificate) body, ignores TLSCert TLSCertBody []byte `config:"-"` // TLS PEM public key certificate body (can also include intermediate/CA certificates), ignores TLSCert
TLSKeyBody []byte `config:"-"` // TLS PEM Private key body, ignores TLSKey TLSKeyBody []byte `config:"-"` // TLS PEM private key body, ignores TLSKey
ClientCA string `config:"client_ca"` // Client certificate authority to verify clients with ClientCA string `config:"client_ca"` // Path to TLS PEM CA file with certificate authorities to verify clients with
MinTLSVersion string `config:"min_tls_version"` // MinTLSVersion contains the minimum TLS version that is acceptable. MinTLSVersion string `config:"min_tls_version"` // MinTLSVersion contains the minimum TLS version that is acceptable.
AllowOrigin string `config:"allow_origin"` // AllowOrigin sets the Access-Control-Allow-Origin header AllowOrigin string `config:"allow_origin"` // AllowOrigin sets the Access-Control-Allow-Origin header
} }
@ -177,9 +178,9 @@ func (cfg *Config) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix) flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix)
flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix) flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix)
flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix) flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix)
flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)", prefix) flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)", prefix)
flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "TLS PEM Private key", prefix) flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "Path to TLS PEM private key file", prefix)
flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Client certificate authority to verify clients with", prefix) flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Path to TLS PEM CA file with certificate authorities to verify clients with", prefix)
flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix) flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix)
flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix) flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix)
flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix) flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix)