From 07772f2fed75bd4db76606143db0946a961e6191 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sat, 24 Feb 2024 16:38:00 -0500
Subject: [PATCH] document conduit direct TLS support + logging

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 conduwuit-example.toml | 13 ++++++++++++-
 src/main.rs            | 13 +++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/conduwuit-example.toml b/conduwuit-example.toml
index 6537642b..c5ec97b9 100644
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@@ -276,4 +276,15 @@ allow_check_for_updates = true
 #presence_idle_timeout_s = 300
 
 # Config option to control how many seconds before presence updates that you are offline. Defaults to 30 minutes.
-#presence_offline_timeout_s = 1800
\ No newline at end of file
+#presence_offline_timeout_s = 1800
+
+
+
+# Other options not in [global]:
+#
+#
+# Enables running conduwuit with direct TLS support
+# It is strongly recommended you use a reverse proxy instead. This is primarily relevant for test suites like complement that require a private CA setup.
+# [global.tls]
+# certs = "/path/to/my/certificate.crt"
+# key = "/path/to/my/private_key.key"
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index 2026652a..8aae7334 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -233,7 +233,7 @@ async fn main() {
 
     info!("Starting server");
     if let Err(e) = run_server().await {
-        error!("Critical error running server: {}", e);
+        error!("Critical error starting server: {}", e);
     };
 
     // if server runs into critical error and shuts down, shut down the tracer provider if jaegar is used.
@@ -359,7 +359,13 @@ async fn run_server() -> io::Result<()> {
     } else {
         match &config.tls {
             Some(tls) => {
+                debug!(
+                    "Using direct TLS. Certificate path {} and certificate private key path {}",
+                    &tls.certs, &tls.key
+                );
+                info!("Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS.");
                 let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
+                debug!("Rustlsconfig: {:?}", conf);
 
                 let mut join_set = JoinSet::new();
                 for addr in &addrs {
@@ -373,7 +379,10 @@ async fn run_server() -> io::Result<()> {
                 #[cfg(feature = "systemd")]
                 let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
 
-                info!("Listening on {:?}", addrs);
+                info!(
+                    "Listening on {:?} with TLS certificates {}",
+                    addrs, &tls.certs
+                );
                 join_set.join_next().await;
             }
             None => {