mirror of
https://github.com/neon-mmd/websurfx.git
synced 2024-12-22 04:18:21 -05:00
✨ feat(config): config option to use operating system certificates alongside rustls
certificates (#620)
* TLS certificates * 🚨 fix: make cargo checks happy (#523) * 🚨 fix: make cargo format checks happy (#557) --------- Co-authored-by: neon_arch <mustafadhuleb53@gmail.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
parent
ce5c794ce2
commit
2e64fd5cbc
@ -53,6 +53,8 @@ pub struct Config {
|
|||||||
pub proxy: Option<Proxy>,
|
pub proxy: Option<Proxy>,
|
||||||
/// It stores the number of https connections to keep in the pool.
|
/// It stores the number of https connections to keep in the pool.
|
||||||
pub number_of_https_connections: u8,
|
pub number_of_https_connections: u8,
|
||||||
|
/// It stores the operating system's TLS certificates for https requests.
|
||||||
|
pub operating_system_tls_certificates: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Config {
|
impl Config {
|
||||||
@ -132,6 +134,8 @@ impl Config {
|
|||||||
});
|
});
|
||||||
|
|
||||||
Ok(Config {
|
Ok(Config {
|
||||||
|
operating_system_tls_certificates: globals
|
||||||
|
.get::<_, bool>("operating_system_tls_certificates")?,
|
||||||
port: globals.get::<_, u16>("port")?,
|
port: globals.get::<_, u16>("port")?,
|
||||||
binding_ip: globals.get::<_, String>("binding_ip")?,
|
binding_ip: globals.get::<_, String>("binding_ip")?,
|
||||||
style: Style::new(
|
style: Style::new(
|
||||||
|
@ -83,6 +83,8 @@ pub async fn aggregate(
|
|||||||
.tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64))
|
.tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64))
|
||||||
.pool_max_idle_per_host(config.number_of_https_connections as usize)
|
.pool_max_idle_per_host(config.number_of_https_connections as usize)
|
||||||
.connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server
|
.connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server
|
||||||
|
.use_rustls_tls()
|
||||||
|
.tls_built_in_root_certs(config.operating_system_tls_certificates)
|
||||||
.https_only(true)
|
.https_only(true)
|
||||||
.gzip(true)
|
.gzip(true)
|
||||||
.brotli(true)
|
.brotli(true)
|
||||||
|
@ -19,6 +19,8 @@ rate_limiter = {
|
|||||||
-- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles
|
-- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles
|
||||||
https_adaptive_window_size = false
|
https_adaptive_window_size = false
|
||||||
|
|
||||||
|
operating_system_tls_certificates = true -- Set whether the server will use operating system's tls certificates alongside rustls certificates while fetching search results from the upstream engines.
|
||||||
|
|
||||||
number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool.
|
number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool.
|
||||||
-- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines
|
-- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines
|
||||||
client_connection_keep_alive = 120
|
client_connection_keep_alive = 120
|
||||||
|
Loading…
Reference in New Issue
Block a user