Rename some TLS flags (#97)

README.md

@@ -29,8 +29,8 @@ The relays register themselves via the [moq-api](moq-api) endpoints, which is us
 Notable arguments:
 
 -   `--listen <ADDR>` Listen on this address, default: `[::]:4443`
--   `--cert <CERT>` Use the certificate file at this path
--   `--key <KEY>` Use the private key at this path
+-   `--tls-cert <CERT>` Use the certificate file at this path
+-   `--tls-key <KEY>` Use the private key at this path
 -   `--dev` Listen via HTTPS as well, serving the `/fingerprint` of the self-signed certificate. (dev only)
 
 This listens for WebTransport connections on `UDP https://localhost:4443` by default.

dev/relay

@@ -28,10 +28,10 @@ fi
 
 # Provide our node URL when registering origins.
 if [ -n "${NODE-}" ]; then
-	ARGS="$ARGS --node $NODE"
+	ARGS="$ARGS --api-node $NODE"
 fi
 
 echo "Publish URL: https://quic.video/publish/?server=localhost:${PORT}"
 
 # Run the relay and forward any arguments
-cargo run --bin moq-relay -- --listen "$LISTEN" --cert "$CERT" --key "$KEY" --dev $ARGS -- "$@"
+cargo run --bin moq-relay -- --listen "$LISTEN" --tls-cert "$CERT" --tls-key "$KEY" --dev $ARGS -- "$@"

fly-relay.sh

@@ -5,4 +5,4 @@ mkdir cert
 echo "$MOQ_CRT" | base64 -d > dev/moq-demo.crt
 echo "$MOQ_KEY" | base64 -d > dev/moq-demo.key
 
-RUST_LOG=info /usr/local/cargo/bin/moq-relay --cert dev/moq-demo.crt --key dev/moq-demo.key
+RUST_LOG=info /usr/local/cargo/bin/moq-relay --tls-cert dev/moq-demo.crt --tls-key dev/moq-demo.key

moq-relay/src/config.rs

@@ -16,17 +16,13 @@ pub struct Config {
 	/// The first match for the provided SNI will be used, otherwise the last cert will be used.
 	/// You also need to provide the private key multiple times via `key``.
 	#[arg(long)]
-	pub cert: Vec<path::PathBuf>,
+	pub tls_cert: Vec<path::PathBuf>,
 
 	/// Use the private key at this path, encoded as PEM.
 	///
 	/// There must be a key for every certificate provided via `cert`.
 	#[arg(long)]
-	pub key: Vec<path::PathBuf>,
-
-	/// Listen on HTTPS and serve /fingerprint, for self-signed certificates
-	#[arg(long, action)]
-	pub dev: bool,
+	pub tls_key: Vec<path::PathBuf>,
 
 	/// Optional: Use the moq-api via HTTP to store origin information.
 	#[arg(long)]
@@ -34,8 +30,13 @@ pub struct Config {
 
 	/// Our internal address which we advertise to other origins.
 	/// We use QUIC, so the certificate must be valid for this address.
-	/// This needs to be prefixed with https:// to use WebTransport
-	/// This is only used when --api is set.
+	/// This needs to be prefixed with https:// to use WebTransport.
+	/// This is only used when --api is set and only for publishing broadcasts.
 	#[arg(long)]
-	pub node: Option<Url>,
+	pub api_node: Option<Url>,
+
+	/// Enable development mode.
+	/// Currently, this only listens on HTTPS and serves /fingerprint, for self-signed certificates
+	#[arg(long, action)]
+	pub dev: bool,
 }

moq-relay/src/quic.rs

@@ -52,11 +52,11 @@ impl Quic {
 			moq_api::Client::new(url)
 		});
 
-		if let Some(ref node) = config.node {
+		if let Some(ref node) = config.api_node {
 			log::info!("advertising origin: url={}", node);
 		}
 
-		let origin = Origin::new(api, config.node, quic.clone());
+		let origin = Origin::new(api, config.api_node, quic.clone());
 		let conns = JoinSet::new();
 
 		Ok(Self { quic, origin, conns })

moq-relay/src/tls.rs

@@ -27,8 +27,11 @@ impl Tls {
 		let mut serve = ServeCerts::default();
 
 		// Load the certificate and key files based on their index.
-		anyhow::ensure!(config.cert.len() == config.key.len(), "--cert and --key mismatch");
-		for (chain, key) in config.cert.iter().zip(config.key.iter()) {
+		anyhow::ensure!(
+			config.tls_cert.len() == config.tls_key.len(),
+			"--tls-cert and --tls-key counts differ"
+		);
+		for (chain, key) in config.tls_cert.iter().zip(config.tls_key.iter()) {
 			serve.load(chain, key)?;
 		}