MirrorSave
/
rathole
mirror of https://github.com/rapiz1/rathole.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: add about TLS

This commit is contained in:
Yujia Qiao 2022-01-02 15:48:28 +08:00 committed by Yujia Qiao
parent 55404285a1
commit d772215dc8
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -66,7 +66,7 @@ But the `[client]` and `[server]` block can also be put in one file. Then on the
Some configuration examples are provided under [examples](./examples).
The Noise Protocol can be easily used to secure the traffic, see [Security](./docs/security.md).
The Noise Protocol can be easily used to secure the traffic. TLS can also be used. See [Security](./docs/security.md).
Here is the full configuration specification:
```toml

21
docs/security.md
View File

@ -1,5 +1,26 @@
# Security
By default, `rathole` forwards traffic as it is. Different options can be enabled to secure the traffic.
## TLS
Checkout the [example](../examples/tls)
### Client
Normally, a self-signed certificate is used. In this case, the client needs to trust the CA. `trusted_root` is the path to the root CA's certificate PEM file.
`hostname` is the hostname that the client used to validate aginst the certificate that the server presents.
```
[client.transport.tls]
trusted_root = "example/tls/ca-cert.pem"
hostname = "0.0.0.0"
```
### Server
PKCS#12 archives are needed to run the server.
It can be created using openssl like:
```
openssl pkcs12 -export -out identity.pfx -inkey server-key.pem -in server-cert.pem -certfile ca_chain_certs.pem
```
## Noise Protocol
### Quickstart for the Noise Protocl
In one word, the [Noise Protocol](http://noiseprotocol.org/noise.html) is a lightweigt, easy to configure and drop-in replacement of TLS. No need to create a self-sign certificate to secure the connection.