docs: mention in serve tls options when value is path to file - fixes #8232

This commit is contained in:
albertony 2024-12-06 22:08:17 +01:00 committed by Nick Craig-Wood
parent 27f448d14d
commit 19f4580aca
2 changed files with 29 additions and 26 deletions

View File

@ -18,29 +18,31 @@ If you just want to run a remote control then see the [rcd](/commands/rclone_rcd
### --rc
Flag to start the http server listen on remote requests
Flag to start the http server listen on remote requests.
### --rc-addr=IP
IPaddress:Port or :Port to bind server to. (default "localhost:5572")
IPaddress:Port or :Port to bind server to. (default "localhost:5572").
### --rc-cert=KEY
SSL PEM key (concatenation of certificate and CA certificate)
SSL PEM key (concatenation of certificate and CA certificate).
### --rc-client-ca=PATH
Client certificate authority to verify clients with
Client certificate authority to verify clients with.
### --rc-htpasswd=PATH
htpasswd file - if not provided no authentication is done
htpasswd file - if not provided no authentication is done.
### --rc-key=PATH
SSL PEM Private key
TLS PEM private key file.
### --rc-max-header-bytes=VALUE
Maximum size of request header (default 4096)
Maximum size of request header (default 4096).
### --rc-min-tls-version=VALUE
@ -57,15 +59,15 @@ Password for authentication.
### --rc-realm=VALUE
Realm for authentication (default "rclone")
Realm for authentication (default "rclone").
### --rc-server-read-timeout=DURATION
Timeout for server reading data (default 1h0m0s)
Timeout for server reading data (default 1h0m0s).
### --rc-server-write-timeout=DURATION
Timeout for server writing data (default 1h0m0s)
Timeout for server writing data (default 1h0m0s).
### --rc-serve

View File

@ -66,20 +66,21 @@ https. You will need to supply the ` + "`--{{ .Prefix }}cert` and `--{{ .Prefix
If you wish to do client side certificate validation then you will need to
supply ` + "`--{{ .Prefix }}client-ca`" + ` also.
` + "`--{{ .Prefix }}cert`" + ` should be a either a PEM encoded certificate or a concatenation
of that with the CA certificate. ` + "`--k{{ .Prefix }}ey`" + ` should be the PEM encoded
private key and ` + "`--{{ .Prefix }}client-ca`" + ` should be the PEM encoded client
certificate authority certificate.
` + "`--{{ .Prefix }}cert`" + ` must be set to the path of a file containing
either a PEM encoded certificate, or a concatenation of that with the CA
certificate. ` + "`--{{ .Prefix }}key`" + ` must be set to the path of a file
with the PEM encoded private key. ` + "If setting `--{{ .Prefix }}client-ca`" + `,
it should be set to the path of a file with PEM encoded client certificate
authority certificates.
` + "`--{{ .Prefix }}min-tls-version`" + ` is minimum TLS version that is acceptable. Valid
values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default
"tls1.0").
values are "tls1.0", "tls1.1", "tls1.2" and "tls1.3" (default "tls1.0").
### Socket activation
Instead of the listening addresses specified above, rclone will listen to all
FDs passed by the service manager, if any (and ignore any arguments passed by ` +
"--{{ .Prefix }}addr`" + `).
FDs passed by the service manager, if any (and ignore any arguments passed
by ` + "`--{{ .Prefix }}addr`" + `).
This allows rclone to be a socket-activated service.
It can be configured with .socket and .service unit files as described in
@ -162,11 +163,11 @@ type Config struct {
ServerReadTimeout time.Duration `config:"server_read_timeout"` // Timeout for server reading data
ServerWriteTimeout time.Duration `config:"server_write_timeout"` // Timeout for server writing data
MaxHeaderBytes int `config:"max_header_bytes"` // Maximum size of request header
TLSCert string `config:"cert"` // Path to TLS PEM key (concatenation of certificate and CA certificate)
TLSKey string `config:"key"` // Path to TLS PEM Private key
TLSCertBody []byte `config:"-"` // TLS PEM key (concatenation of certificate and CA certificate) body, ignores TLSCert
TLSKeyBody []byte `config:"-"` // TLS PEM Private key body, ignores TLSKey
ClientCA string `config:"client_ca"` // Client certificate authority to verify clients with
TLSCert string `config:"cert"` // Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)
TLSKey string `config:"key"` // Path to TLS PEM private key file
TLSCertBody []byte `config:"-"` // TLS PEM public key certificate body (can also include intermediate/CA certificates), ignores TLSCert
TLSKeyBody []byte `config:"-"` // TLS PEM private key body, ignores TLSKey
ClientCA string `config:"client_ca"` // Path to TLS PEM CA file with certificate authorities to verify clients with
MinTLSVersion string `config:"min_tls_version"` // MinTLSVersion contains the minimum TLS version that is acceptable.
AllowOrigin string `config:"allow_origin"` // AllowOrigin sets the Access-Control-Allow-Origin header
}
@ -177,9 +178,9 @@ func (cfg *Config) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) {
flags.DurationVarP(flagSet, &cfg.ServerReadTimeout, prefix+"server-read-timeout", "", cfg.ServerReadTimeout, "Timeout for server reading data", prefix)
flags.DurationVarP(flagSet, &cfg.ServerWriteTimeout, prefix+"server-write-timeout", "", cfg.ServerWriteTimeout, "Timeout for server writing data", prefix)
flags.IntVarP(flagSet, &cfg.MaxHeaderBytes, prefix+"max-header-bytes", "", cfg.MaxHeaderBytes, "Maximum size of request header", prefix)
flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "TLS PEM key (concatenation of certificate and CA certificate)", prefix)
flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "TLS PEM Private key", prefix)
flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Client certificate authority to verify clients with", prefix)
flags.StringVarP(flagSet, &cfg.TLSCert, prefix+"cert", "", cfg.TLSCert, "Path to TLS PEM public key certificate file (can also include intermediate/CA certificates)", prefix)
flags.StringVarP(flagSet, &cfg.TLSKey, prefix+"key", "", cfg.TLSKey, "Path to TLS PEM private key file", prefix)
flags.StringVarP(flagSet, &cfg.ClientCA, prefix+"client-ca", "", cfg.ClientCA, "Path to TLS PEM CA file with certificate authorities to verify clients with", prefix)
flags.StringVarP(flagSet, &cfg.BaseURL, prefix+"baseurl", "", cfg.BaseURL, "Prefix for URLs - leave blank for root", prefix)
flags.StringVarP(flagSet, &cfg.MinTLSVersion, prefix+"min-tls-version", "", cfg.MinTLSVersion, "Minimum TLS version that is acceptable", prefix)
flags.StringVarP(flagSet, &cfg.AllowOrigin, prefix+"allow-origin", "", cfg.AllowOrigin, "Origin which cross-domain request (CORS) can be executed from", prefix)