document conduit direct TLS support + logging

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-24 16:38:00 -05:00 · 2024-02-24 16:38:00 -05:00 · 07772f2fed
commit 07772f2fed
parent 67b307c75b
2 changed files with 23 additions and 3 deletions
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -276,4 +276,15 @@ allow_check_for_updates = true
 #presence_idle_timeout_s = 300

 # Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes.
-#presence_offline_timeout_s = 1800
+#presence_offline_timeout_s = 1800
+
+
+
+# Other options not in [global]:
+#
+#
+# Enables running conduwuit with direct TLS support
+# It is strongly recommended you use a reverse proxy instead. This is primarily relevant for test suites like complement that require a private CA setup.
+# [global.tls]
+# certs = "/path/to/my/certificate.crt"
+# key = "/path/to/my/private_key.key"
--- a/src/main.rs
+++ b/src/main.rs
@ -233,7 +233,7 @@ async fn main() {

    info!("Starting server");
    if let Err(e) = run_server().await {
-        error!("Critical error running server: {}", e);
+        error!("Critical error starting server: {}", e);
    };

    // if server runs into critical error and shuts down, shut down the tracer provider if jaegar is used.
@ -359,7 +359,13 @@ async fn run_server() -> io::Result<()> {
    } else {
        match &config.tls {
            Some(tls) => {
+                debug!(
+                    "Using direct TLS. Certificate path {} and certificate private key path {}",
+                    &tls.certs, &tls.key
+                );
+                info!("Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS.");
                let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
+                debug!("Rustlsconfig: {:?}", conf);

                let mut join_set = JoinSet::new();
                for addr in &addrs {
@ -373,7 +379,10 @@ async fn run_server() -> io::Result<()> {
                #[cfg(feature = "systemd")]
                let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);

-                info!("Listening on {:?}", addrs);
+                info!(
+                    "Listening on {:?} with TLS certificates {}",
+                    addrs, &tls.certs
+                );
                join_set.join_next().await;
            }
            None => {