diff --git a/README.md b/README.md index 43cc663..6c6ce68 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ The relays register themselves via the [moq-api](moq-api) endpoints, which is us Notable arguments: - `--listen ` Listen on this address, default: `[::]:4443` -- `--cert ` Use the certificate file at this path -- `--key ` Use the private key at this path +- `--tls-cert ` Use the certificate file at this path +- `--tls-key ` Use the private key at this path - `--dev` Listen via HTTPS as well, serving the `/fingerprint` of the self-signed certificate. (dev only) This listens for WebTransport connections on `UDP https://localhost:4443` by default. diff --git a/dev/relay b/dev/relay index e8f707f..29ebad4 100755 --- a/dev/relay +++ b/dev/relay @@ -28,10 +28,10 @@ fi # Provide our node URL when registering origins. if [ -n "${NODE-}" ]; then - ARGS="$ARGS --node $NODE" + ARGS="$ARGS --api-node $NODE" fi echo "Publish URL: https://quic.video/publish/?server=localhost:${PORT}" # Run the relay and forward any arguments -cargo run --bin moq-relay -- --listen "$LISTEN" --cert "$CERT" --key "$KEY" --dev $ARGS -- "$@" +cargo run --bin moq-relay -- --listen "$LISTEN" --tls-cert "$CERT" --tls-key "$KEY" --dev $ARGS -- "$@" diff --git a/fly-relay.sh b/fly-relay.sh index 26de9b1..12613f9 100755 --- a/fly-relay.sh +++ b/fly-relay.sh @@ -5,4 +5,4 @@ mkdir cert echo "$MOQ_CRT" | base64 -d > dev/moq-demo.crt echo "$MOQ_KEY" | base64 -d > dev/moq-demo.key -RUST_LOG=info /usr/local/cargo/bin/moq-relay --cert dev/moq-demo.crt --key dev/moq-demo.key +RUST_LOG=info /usr/local/cargo/bin/moq-relay --tls-cert dev/moq-demo.crt --tls-key dev/moq-demo.key diff --git a/moq-relay/src/config.rs b/moq-relay/src/config.rs index e8accf8..71ed02f 100644 --- a/moq-relay/src/config.rs +++ b/moq-relay/src/config.rs @@ -16,17 +16,13 @@ pub struct Config { /// The first match for the provided SNI will be used, otherwise the last cert will be used. /// You also need to provide the private key multiple times via `key``. #[arg(long)] - pub cert: Vec, + pub tls_cert: Vec, /// Use the private key at this path, encoded as PEM. /// /// There must be a key for every certificate provided via `cert`. #[arg(long)] - pub key: Vec, - - /// Listen on HTTPS and serve /fingerprint, for self-signed certificates - #[arg(long, action)] - pub dev: bool, + pub tls_key: Vec, /// Optional: Use the moq-api via HTTP to store origin information. #[arg(long)] @@ -34,8 +30,13 @@ pub struct Config { /// Our internal address which we advertise to other origins. /// We use QUIC, so the certificate must be valid for this address. - /// This needs to be prefixed with https:// to use WebTransport - /// This is only used when --api is set. + /// This needs to be prefixed with https:// to use WebTransport. + /// This is only used when --api is set and only for publishing broadcasts. #[arg(long)] - pub node: Option, + pub api_node: Option, + + /// Enable development mode. + /// Currently, this only listens on HTTPS and serves /fingerprint, for self-signed certificates + #[arg(long, action)] + pub dev: bool, } diff --git a/moq-relay/src/quic.rs b/moq-relay/src/quic.rs index 1cee51e..2fae446 100644 --- a/moq-relay/src/quic.rs +++ b/moq-relay/src/quic.rs @@ -52,11 +52,11 @@ impl Quic { moq_api::Client::new(url) }); - if let Some(ref node) = config.node { + if let Some(ref node) = config.api_node { log::info!("advertising origin: url={}", node); } - let origin = Origin::new(api, config.node, quic.clone()); + let origin = Origin::new(api, config.api_node, quic.clone()); let conns = JoinSet::new(); Ok(Self { quic, origin, conns }) diff --git a/moq-relay/src/tls.rs b/moq-relay/src/tls.rs index a39d7b6..aa85aac 100644 --- a/moq-relay/src/tls.rs +++ b/moq-relay/src/tls.rs @@ -27,8 +27,11 @@ impl Tls { let mut serve = ServeCerts::default(); // Load the certificate and key files based on their index. - anyhow::ensure!(config.cert.len() == config.key.len(), "--cert and --key mismatch"); - for (chain, key) in config.cert.iter().zip(config.key.iter()) { + anyhow::ensure!( + config.tls_cert.len() == config.tls_key.len(), + "--tls-cert and --tls-key counts differ" + ); + for (chain, key) in config.tls_cert.iter().zip(config.tls_key.iter()) { serve.load(chain, key)?; }