You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16
Original file line number
Diff line number
Diff line change
@@ -101,12 +101,25 @@ Before heading to the full configuration specification, it's recommend to skim [
101
101
102
102
See [Transport](./docs/transport.md) for more details about encryption and the `transport` block.
103
103
104
+
Tokens can also be set through environment variables. The variable `RATHOLE_{service name in uppercase}_TOKEN` can be set or `RATHOLE_DEFAULT_TOKEN` for all services.
105
+
Tokens are parsed in the following order for "servicex":
106
+
1. (client/server).services.servicex.token
107
+
2. (client/server).services.servicex.token_file
108
+
3. RATHOLE_SERVICEX_TOKEN
109
+
4. (client/server).default_token
110
+
5. (client/server).default_token_file
111
+
6. RATHOLE_DEFAULT_TOKEN
112
+
113
+
Tokens should be generated by yourself (not on someone's website or on random.com) using a cryptographic pseudorandom generator. On Linux, use `openssl rand -hex 64 > /path/to/key`. Make sure to do this on a system with high entropy.
114
+
Most systems will have plenty of entropy. The random network delay between packets, using the computer and typing, access latency from your hdd all can be used to create entropy. Just use your system for anything other than extremely repetitive tasks and don't generate the key right after boot.
115
+
104
116
Here is the full configuration specification:
105
117
106
118
```toml
107
119
[client]
108
120
remote_addr = "example.com:2333"# Necessary. The address of the server
109
121
default_token = "default_token_if_not_specify"# Optional. The default token of services, if they don't define their own ones
122
+
default_token_file = "/path/to/token"# Optional. This will pull the default token from the path specified
110
123
heartbeat_timeout = 40# Optional. Set to 0 to disable the application-layer heartbeat test. The value must be greater than `server.heartbeat_interval`. Default: 40 seconds
111
124
retry_interval = 1# Optional. The interval between retry to connect to the server. Default: 1 second
112
125
@@ -134,6 +147,7 @@ tls = true # If `true` then it will use settings in `client.transport.tls`
134
147
[client.services.service1] # A service that needs forwarding. The name `service1` can change arbitrarily, as long as identical to the name in the server's configuration
135
148
type = "tcp"# Optional. The protocol that needs forwarding. Possible values: ["tcp", "udp"]. Default: "tcp"
136
149
token = "whatever"# Necessary if `client.default_token` not set
150
+
token_file = "/path/to/token"# Necessary if token, default_token, the env var, and default_token_file are unset.
137
151
local_addr = "127.0.0.1:1081"# Necessary. The address of the service that needs to be forwarded
138
152
nodelay = true# Optional. Override the `client.transport.nodelay` per service
139
153
retry_interval = 1# Optional. The interval between retry to connect to the server. Default: inherits the global config
@@ -144,6 +158,7 @@ local_addr = "127.0.0.1:1082"
144
158
[server]
145
159
bind_addr = "0.0.0.0:2333"# Necessary. The address that the server listens for clients. Generally only the port needs to be change.
0 commit comments