* handlers.go: Added parameter for TLS min version
rest-server/main.go: Added parameter handling for TLS min version
rest-server/main.go: Added crypto.tls, implemented and configured tlsConfig object
* tls min version parameter documentation
* Added changelog documentation
* README.md: Fixed typo
main.go: Added error for unknown TLS min versions
main.go: Changed CurvePreferences in TLS config to Go default
main.go: Removed handling for TLS min versions 1.0 and 1.1
Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch>
* main.go: Improved TLSMinVer parameter documentation
* README.md: Improved --tls-min-ver parameter documentation
* main.go: Changed --tls-min-ver parameter documentation again
* main.go: Added allowed versions in Error Unsupported TLS min version
* update rest-server help output in readme
---------
Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch>
Co-authored-by: Michael Eischer <michael.eischer@fau.de>
* Add group-accessible-repos option
The group-accessible-repos option will let filesystem group id
be able to access files and dir within the restic repo
Default stick with old behaviour to be owner restricted
While here make dirMode and fileMode within Options struct
private
---------
Co-authored-by: Michael Eischer <michael.eischer@fau.de>
This is useful when the server is started with an ephemeral port, e.g.:
./rest-server --no-auth --listen "127.0.0.1:0"
...
start server on 127.0.0.1:46015
The --log option accepts "-" as filename. This prevents rest-server from
opening the log file, it simply writes to the STDOUT stream provided by
the caller.
**BREAKING** in case use really used "-" to specify a file named "-"
you'll need to update your rest-server invocation to use "./-".
Restore the previous behaviour where the Prometheus /metrics endpoint
required auth if auth was enabled.
A new -prometheus-no-auth flag allows you to override this and disable
auth for that specific endpoint.
This contains all the glue to make Server use the new repo.Handler:
- Remove all old handlers
- Add ServeHTTP to make Server a single http.Handler
- Remove Goji routing and replace by net/http and custom routing logic
Additionally, this implements two-level backup repositories.
The rest server is normally shutdown via a SIGINT signal. The http
handle calls are endless loops and don't return in the normal case. Thus
add a signal handler to shutdown the profiler.
* Add --max-size flag to limit repository size
* Only update repo size on successful write
* Use initial size as current size for first SaveBlob
* Apply LimitReader to request body
* Use HTTP 413 for size overage responses
* Refactor size limiting; do checks after every write
* Remove extra commented lines, d'oh
* Account for deleting blobs when counting space usage
* Remove extra commented line
* Fix unrelated bug (inverted err check)
* Update comment to trigger new CI build
In order to prevent users from accidentally exposing rest-server without
authentication, rest-server now defaults to requiring a .htpasswd. If
you want to disable authentication, you need to explicitly pass the new
--no-auth flag.
