ab/furumi-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX: TLS options

Browse Source
This commit is contained in:
AB-UK
2026-03-10 16:52:13 +00:00
parent 67547d677c
commit b7bbaa2d33
8 changed files with 291 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -26,11 +26,10 @@ cargo build --release --workspace
--token mysecrettoken \
--tls-cert-out /tmp/furumi-ca.pem
# Client — loads the server's certificate for encrypted connection
# Client — automatically uses TLS, trusts server certificate
./target/release/furumi-mount-linux \
--server https://server-ip:50051 \
--server server-ip:50051 \
--token mysecrettoken \
--tls-ca /tmp/furumi-ca.pem \
--mount /mnt/remote
# Use it
@@ -40,13 +39,9 @@ mpv /mnt/remote/video.mkv
## Encryption
TLS is enabled by default. The server auto-generates a self-signed certificate on each start — no manual cert management required. The certificate is used **only for encryption**, not for server identity verification.
TLS is enabled by default. The server auto-generates a self-signed certificate on each start — no manual cert management required. The client automatically trusts the server's certificate for encryption.
To pass the certificate to the client:
1. Server: `--tls-cert-out /path/to/cert.pem` saves the generated cert
2. Client: `--tls-ca /path/to/cert.pem` loads it for the TLS handshake
To disable TLS (not recommended): `--no-tls` on the server, and use `http://` on the client.
To disable TLS (not recommended): `--no-tls` on both server and client.
## Configuration
@@ -60,17 +55,16 @@ All options can be set via CLI flags or environment variables.
| `--root` | `FURUMI_ROOT` | `.` | Directory to expose |
| `--token` | `FURUMI_TOKEN` | *(empty, auth off)* | Bearer token |
| `--metrics-bind` | `FURUMI_METRICS_BIND` | `0.0.0.0:9090` | Prometheus endpoint |
| `--tls-cert-out` | `FURUMI_TLS_CERT_OUT` | — | Save auto-generated cert PEM |
| `--no-tls` | — | `false` | Disable TLS |
### Client
| Flag | Env | Default | Description |
|------|-----|---------|-------------|
| `--server` | `FURUMI_SERVER` | `https://0.0.0.0:50051` | Server address |
| `--server` | `FURUMI_SERVER` | `0.0.0.0:50051` | Server address |
| `--token` | `FURUMI_TOKEN` | *(empty)* | Bearer token |
| `--mount` | `FURUMI_MOUNT` | — | Mount point directory |
| `--tls-ca` | `FURUMI_TLS_CA` | — | Server CA cert PEM file |
| `--no-tls` | — | `false` | Disable TLS |
## Prometheus Metrics