Spaces:
Running
Running
Evan Yang
neon_arch
mergify[bot]
commited on
✨ feat(config): config option to use operating system certificates alongside `rustls` certificates (#620)
Browse files* TLS certificates
* 🚨 fix: make cargo checks happy (#523)
* 🚨 fix: make cargo format checks happy (#557)
---------
Co-authored-by: neon_arch <[email protected]>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
- src/config/parser.rs +4 -0
- src/results/aggregator.rs +2 -0
- websurfx/config.lua +2 -0
src/config/parser.rs
CHANGED
|
@@ -53,6 +53,8 @@ pub struct Config {
|
|
| 53 |
pub proxy: Option<Proxy>,
|
| 54 |
/// It stores the number of https connections to keep in the pool.
|
| 55 |
pub number_of_https_connections: u8,
|
|
|
|
|
|
|
| 56 |
}
|
| 57 |
|
| 58 |
impl Config {
|
|
@@ -132,6 +134,8 @@ impl Config {
|
|
| 132 |
});
|
| 133 |
|
| 134 |
Ok(Config {
|
|
|
|
|
|
|
| 135 |
port: globals.get::<_, u16>("port")?,
|
| 136 |
binding_ip: globals.get::<_, String>("binding_ip")?,
|
| 137 |
style: Style::new(
|
|
|
|
| 53 |
pub proxy: Option<Proxy>,
|
| 54 |
/// It stores the number of https connections to keep in the pool.
|
| 55 |
pub number_of_https_connections: u8,
|
| 56 |
+
/// It stores the operating system's TLS certificates for https requests.
|
| 57 |
+
pub operating_system_tls_certificates: bool,
|
| 58 |
}
|
| 59 |
|
| 60 |
impl Config {
|
|
|
|
| 134 |
});
|
| 135 |
|
| 136 |
Ok(Config {
|
| 137 |
+
operating_system_tls_certificates: globals
|
| 138 |
+
.get::<_, bool>("operating_system_tls_certificates")?,
|
| 139 |
port: globals.get::<_, u16>("port")?,
|
| 140 |
binding_ip: globals.get::<_, String>("binding_ip")?,
|
| 141 |
style: Style::new(
|
src/results/aggregator.rs
CHANGED
|
@@ -83,6 +83,8 @@ pub async fn aggregate(
|
|
| 83 |
.tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64))
|
| 84 |
.pool_max_idle_per_host(config.number_of_https_connections as usize)
|
| 85 |
.connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server
|
|
|
|
|
|
|
| 86 |
.https_only(true)
|
| 87 |
.gzip(true)
|
| 88 |
.brotli(true)
|
|
|
|
| 83 |
.tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64))
|
| 84 |
.pool_max_idle_per_host(config.number_of_https_connections as usize)
|
| 85 |
.connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server
|
| 86 |
+
.use_rustls_tls()
|
| 87 |
+
.tls_built_in_root_certs(config.operating_system_tls_certificates)
|
| 88 |
.https_only(true)
|
| 89 |
.gzip(true)
|
| 90 |
.brotli(true)
|
websurfx/config.lua
CHANGED
|
@@ -19,6 +19,8 @@ rate_limiter = {
|
|
| 19 |
-- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles
|
| 20 |
https_adaptive_window_size = false
|
| 21 |
|
|
|
|
|
|
|
| 22 |
number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool.
|
| 23 |
-- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines
|
| 24 |
client_connection_keep_alive = 120
|
|
|
|
| 19 |
-- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles
|
| 20 |
https_adaptive_window_size = false
|
| 21 |
|
| 22 |
+
operating_system_tls_certificates = true -- Set whether the server will use operating system's tls certificates alongside rustls certificates while fetching search results from the upstream engines.
|
| 23 |
+
|
| 24 |
number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool.
|
| 25 |
-- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines
|
| 26 |
client_connection_keep_alive = 120
|