|
type Config struct { |
|
// DisableHTTPS: when true, Run() does not start the HTTPS server (for embedded use inside Newt). Call ProcessConnection directly for connection events. |
|
DisableHTTPS bool |
|
Port int // Required when DisableHTTPS is false. Listen port for the HTTPS server. No default. |
|
PresharedKey string // Required when DisableHTTPS is false. HTTP auth (Authorization: Bearer <key> or X-Preshared-Key: <key>). No default. |
|
CACertPath string // Required. Where to write the CA cert (e.g. /etc/ssh/ca.pem). No default. |
|
Force bool // If true, overwrite existing CA cert (and other items) when content differs. Default false. |
|
PrincipalsFilePath string // Required. Path to the principals data file (JSON: username -> array of principals). No default. |
|
GenerateRandomPassword bool // If true, set a random password on users when they are provisioned (for SSH PermitEmptyPasswords no). |
|
} |
Currently we only expose a port option but setups where you dont want to bind to all interfaces it would be useful to allow listen or the base of the addr for a specific interface.
then
|
s.addr = fmt.Sprintf(":%d", cfg.Port) |
can be something like
s.addr = fmt.Sprintf("%s:%d", cfg.Listen, cfg.Port)if listen is empty string then we still get the bind to all interfaces :port
brain dump maybe bind is better terminology.
newt/authdaemon/server.go
Lines 24 to 33 in b6f13a1
Currently we only expose a port option but setups where you dont want to bind to all interfaces it would be useful to allow
listenor the base of theaddrfor a specific interface.then
newt/authdaemon/server.go
Line 126 in b6f13a1
can be something like
if listen is empty string then we still get the bind to all interfaces
:portbrain dump maybe
bindis better terminology.