nikkuss/bore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cert stuff

Browse Source
This commit is contained in:
Nikkuss
2026-04-25 19:08:05 +04:00
parent 2dbf0553a1
commit afc07da7a7
3 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/quic.rs
+8 -3
View File
@@ -9,11 +9,16 @@ use rcgen::{CertifiedKey, generate_simple_self_signed};
use ring::digest; use ring::digest;
use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
/// Shared transport config: long idle timeout + keep-alive. /// Shared transport config: very long idle timeout + frequent keep-alive.
///
/// Keep-alive is set well under the idle timeout so QUIC sends PING frames
/// before any NAT/firewall along the path prunes the UDP mapping. The idle
/// timeout itself is set to ~1h so even in the unlikely event a keep-alive
/// gets dropped, a single retry still recovers.
fn transport_config() -> TransportConfig { fn transport_config() -> TransportConfig {
let mut transport = TransportConfig::default(); let mut transport = TransportConfig::default();
transport.max_idle_timeout(Some(Duration::from_secs(300).try_into().unwrap())); transport.max_idle_timeout(Some(Duration::from_secs(3600).try_into().unwrap()));
transport.keep_alive_interval(Some(Duration::from_secs(5))); transport.keep_alive_interval(Some(Duration::from_secs(10)));
transport.max_concurrent_bidi_streams(VarInt::from_u32(4096)); transport.max_concurrent_bidi_streams(VarInt::from_u32(4096));
transport transport
} }
src/server/quic_listener.rs
+2 -2
View File
@@ -52,8 +52,8 @@ async fn handle_connection(
let state = state.clone(); let state = state.clone();
let conn = connection.clone(); let conn = connection.clone();
tokio::spawn(async move { tokio::spawn(async move {
conn.closed().await; let reason = conn.closed().await;
info!(%remote, "connection closed, cleaning up"); info!(%remote, "QUIC connection closed: {reason}");
state.remove_connection(connection_id); state.remove_connection(connection_id);
}); });
} }
src/server/traefik.rs
+11
View File
@@ -36,6 +36,13 @@ pub struct TraefikRouter {
#[serde(rename_all = "camelCase")] #[serde(rename_all = "camelCase")]
pub struct TraefikTls { pub struct TraefikTls {
cert_resolver: String, cert_resolver: String,
domains: Vec<TraefikTlsDomain>,
}
#[derive(Serialize)]
pub struct TraefikTlsDomain {
main: String,
sans: Vec<String>,
} }
#[derive(Serialize)] #[derive(Serialize)]
@@ -91,6 +98,10 @@ async fn handler(State(state): State<Arc<ServerState>>) -> Json<TraefikConfig> {
entry_points: vec![state.traefik_entrypoint.clone()], entry_points: vec![state.traefik_entrypoint.clone()],
tls: state.traefik_cert_resolver.as_ref().map(|r| TraefikTls { tls: state.traefik_cert_resolver.as_ref().map(|r| TraefikTls {
cert_resolver: r.clone(), cert_resolver: r.clone(),
domains: vec![TraefikTlsDomain {
main: state.base_domain.clone(),
sans: vec![format!("*.{}", state.base_domain)],
}],
}), }),
}, },
); );