[documentation] Update manuals with new options.

This commit is contained in:
Ciprian Dorin Craciun 2022-09-11 21:20:41 +03:00
parent eda087dc7d
commit 03279d99c4
13 changed files with 134 additions and 26 deletions

View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
.. ..
.TH "KAWIPIKO-ARCHIVER" "1" "2022-09-02" "volution.ro" "kawipiko" .TH "KAWIPIKO-ARCHIVER" "1" "2022-09-11" "volution.ro" "kawipiko"
.SH NAME .SH NAME
kawipiko -- blazingly fast static HTTP server \- kawipiko-archiver kawipiko -- blazingly fast static HTTP server \- kawipiko-archiver
.INDENT 0.0 .INDENT 0.0
@ -47,12 +47,12 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-archiver
.nf .nf
.ft C .ft C
\-\-sources <path> \-\-sources <path>
\-\-archive <path> \-\-archive <path>
\-\-compress <gzip | zopfli | brotli | identity> \-\-compress <gzip | zopfli | brotli | identity>
\-\-compress\-level <number> \-\-compress\-level <number>
\-\-compress\-cache <path> \-\-compress\-cache <path>
\-\-sources\-cache <path>
\-\-exclude\-index \-\-exclude\-index
\-\-exclude\-strip \-\-exclude\-strip
@ -124,7 +124,7 @@ The compression level can be chosen, the value depending on the algorithm:
.UNINDENT .UNINDENT
.UNINDENT .UNINDENT
.sp .sp
\fB\-\-sources\-cache <path>\fP, and \fB\-\-compress\-cache <path>\fP \fB\-\-compress\-cache <path>\fP, and \fB\-\-sources\-cache <path>\fP
.INDENT 0.0 .INDENT 0.0
.INDENT 3.5 .INDENT 3.5
At the given path a single file is created (that is an BBolt database), that will be used to cache the following information: At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:

View file

@ -370,12 +370,12 @@ ul.auto-toc {
</pre> </pre>
<pre class="literal-block"> <pre class="literal-block">
--sources &lt;path&gt; --sources &lt;path&gt;
--archive &lt;path&gt; --archive &lt;path&gt;
--compress &lt;gzip | zopfli | brotli | identity&gt; --compress &lt;gzip | zopfli | brotli | identity&gt;
--compress-level &lt;number&gt; --compress-level &lt;number&gt;
--compress-cache &lt;path&gt; --compress-cache &lt;path&gt;
--sources-cache &lt;path&gt;
--exclude-index --exclude-index
--exclude-strip --exclude-strip
@ -420,7 +420,7 @@ The path to the target CDB file that contains the archived static content.</bloc
<li><tt class="docutils literal">kawipiko</tt> by default uses the maximum compression level for each algorithm; (i.e. <tt class="docutils literal">9</tt> for <tt class="docutils literal">gzip</tt>, <tt class="docutils literal">30</tt> for <tt class="docutils literal">zopfli</tt>, and <tt class="docutils literal"><span class="pre">-2</span></tt> for <tt class="docutils literal">brotli</tt>;)</li> <li><tt class="docutils literal">kawipiko</tt> by default uses the maximum compression level for each algorithm; (i.e. <tt class="docutils literal">9</tt> for <tt class="docutils literal">gzip</tt>, <tt class="docutils literal">30</tt> for <tt class="docutils literal">zopfli</tt>, and <tt class="docutils literal"><span class="pre">-2</span></tt> for <tt class="docutils literal">brotli</tt>;)</li>
</ul> </ul>
</blockquote> </blockquote>
<p><tt class="docutils literal"><span class="pre">--sources-cache</span> &lt;path&gt;</tt>, and <tt class="docutils literal"><span class="pre">--compress-cache</span> &lt;path&gt;</tt></p> <p><tt class="docutils literal"><span class="pre">--compress-cache</span> &lt;path&gt;</tt>, and <tt class="docutils literal"><span class="pre">--sources-cache</span> &lt;path&gt;</tt></p>
<blockquote> <blockquote>
<p>At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:</p> <p>At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:</p>
<ul class="simple"> <ul class="simple">

View file

@ -19,12 +19,12 @@ kawipiko -- blazingly fast static HTTP server
:: ::
--sources <path> --sources <path>
--archive <path> --archive <path>
--compress <gzip | zopfli | brotli | identity> --compress <gzip | zopfli | brotli | identity>
--compress-level <number> --compress-level <number>
--compress-cache <path> --compress-cache <path>
--sources-cache <path>
--exclude-index --exclude-index
--exclude-strip --exclude-strip
@ -80,7 +80,7 @@ Flags
* (by "algorithm default", it is meant "what that algorithm considers the recommended default compression level";) * (by "algorithm default", it is meant "what that algorithm considers the recommended default compression level";)
* ``kawipiko`` by default uses the maximum compression level for each algorithm; (i.e. ``9`` for ``gzip``, ``30`` for ``zopfli``, and ``-2`` for ``brotli``;) * ``kawipiko`` by default uses the maximum compression level for each algorithm; (i.e. ``9`` for ``gzip``, ``30`` for ``zopfli``, and ``-2`` for ``brotli``;)
``--sources-cache <path>``, and ``--compress-cache <path>`` ``--compress-cache <path>``, and ``--sources-cache <path>``
At the given path a single file is created (that is an BBolt database), that will be used to cache the following information: At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:

View file

@ -9,12 +9,12 @@ NAME
>> kawipiko-archiver --man >> kawipiko-archiver --man
--sources <path> --sources <path>
--archive <path> --archive <path>
--compress <gzip | zopfli | brotli | identity> --compress <gzip | zopfli | brotli | identity>
--compress-level <number> --compress-level <number>
--compress-cache <path> --compress-cache <path>
--sources-cache <path>
--exclude-index --exclude-index
--exclude-strip --exclude-strip
@ -80,7 +80,7 @@ FLAGS
• kawipiko by default uses the maximum compression level for each • kawipiko by default uses the maximum compression level for each
algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;) algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;)
--sources-cache <path>, and --compress-cache <path> --compress-cache <path>, and --sources-cache <path>
At the given path a single file is created (that is an BBolt At the given path a single file is created (that is an BBolt
database), that will be used to cache the following information: database), that will be used to cache the following information:
@ -213,4 +213,4 @@ SYMLINKS, HARDLINKS, LOOPS, AND DUPLICATED FILES
volution.ro 2022-09-02 KAWIPIKO-ARCHIVER(1) volution.ro 2022-09-11 KAWIPIKO-ARCHIVER(1)

View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
.. ..
.TH "KAWIPIKO-SERVER" "1" "2022-09-02" "volution.ro" "kawipiko" .TH "KAWIPIKO-SERVER" "1" "2022-09-11" "volution.ro" "kawipiko"
.SH NAME .SH NAME
kawipiko -- blazingly fast static HTTP server \- kawipiko-server kawipiko -- blazingly fast static HTTP server \- kawipiko-server
.INDENT 0.0 .INDENT 0.0
@ -69,6 +69,7 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-server
\-\-processes <count> (of slave processes) \-\-processes <count> (of slave processes)
\-\-threads <count> (of threads per process) \-\-threads <count> (of threads per process)
\-\-index\-all \-\-index\-all
\-\-index\-paths \-\-index\-paths
\-\-index\-data\-meta \-\-index\-data\-meta
@ -80,7 +81,9 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-server
\-\-security\-headers\-disable \-\-security\-headers\-disable
\-\-security\-headers\-tls \-\-security\-headers\-tls
\-\-limit\-memory <MiB> \-\-seccomp\-enable
\-\-limit\-descriptors <count>
\-\-limit\-memory <MiB>
\-\-timeout\-disable \-\-timeout\-disable
\-\-report \-\-quiet \-\-debug \-\-report \-\-quiet \-\-debug
@ -292,6 +295,25 @@ These instruct the browser to always use HTTPS for the served domain.
.UNINDENT .UNINDENT
.UNINDENT .UNINDENT
.sp .sp
\fB\-\-seccomp\-enable\fP
.INDENT 0.0
.INDENT 3.5
On Linux, and if supported, enable a strict \fBseccomp\fP filter to reduce the potential attack surface in case of a security issue.
.sp
The current filter is the minimal set of \fBsyscall\fP\(aqs required to have the server working (thus quite safe).
At each stage (opening the archive, indexing the archive, serving the archive) the non\-required \fBsyscall\fP\(aqs are filtered.
.sp
(At the moment the filter is quite strict and determined by experimentation. If you enable \fBseccomp\fP and the server is \fBkill\fP\-ed, check \fBauditd\fP logs for the problematic \fBsyscall\fP and open an issue report.)
.UNINDENT
.UNINDENT
.sp
\fB\-\-limit\-descriptors\fP, and \fB\-\-limit\-memory\fP
.INDENT 0.0
.INDENT 3.5
Constrains resource usage by configuring via \fBsetrlimit\fP either \fBRLIMIT_NOFILE\fP (in case of descriptors) or both \fBRLIMIT_DATA\fP and \fBRLIMIT_AS\fP (in case of memory).
.UNINDENT
.UNINDENT
.sp
\fB\-\-report\fP \fB\-\-report\fP
.INDENT 0.0 .INDENT 0.0
.INDENT 3.5 .INDENT 3.5

View file

@ -392,6 +392,7 @@ ul.auto-toc {
--processes &lt;count&gt; (of slave processes) --processes &lt;count&gt; (of slave processes)
--threads &lt;count&gt; (of threads per process) --threads &lt;count&gt; (of threads per process)
--index-all --index-all
--index-paths --index-paths
--index-data-meta --index-data-meta
@ -403,7 +404,9 @@ ul.auto-toc {
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory &lt;MiB&gt; --seccomp-enable
--limit-descriptors &lt;count&gt;
--limit-memory &lt;MiB&gt;
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug
@ -524,6 +527,16 @@ Content-Security-Policy: upgrade-insecure-requests
<p>These instruct the browser to always use HTTPS for the served domain. <p>These instruct the browser to always use HTTPS for the served domain.
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p> (Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p>
</blockquote> </blockquote>
<p><tt class="docutils literal"><span class="pre">--seccomp-enable</span></tt></p>
<blockquote>
<p>On Linux, and if supported, enable a strict <tt class="docutils literal">seccomp</tt> filter to reduce the potential attack surface in case of a security issue.</p>
<p>The current filter is the minimal set of <tt class="docutils literal">syscall</tt>'s required to have the server working (thus quite safe).
At each stage (opening the archive, indexing the archive, serving the archive) the non-required <tt class="docutils literal">syscall</tt>'s are filtered.</p>
<p>(At the moment the filter is quite strict and determined by experimentation. If you enable <tt class="docutils literal">seccomp</tt> and the server is <tt class="docutils literal">kill</tt>-ed, check <tt class="docutils literal">auditd</tt> logs for the problematic <tt class="docutils literal">syscall</tt> and open an issue report.)</p>
</blockquote>
<p><tt class="docutils literal"><span class="pre">--limit-descriptors</span></tt>, and <tt class="docutils literal"><span class="pre">--limit-memory</span></tt></p>
<blockquote>
Constrains resource usage by configuring via <tt class="docutils literal">setrlimit</tt> either <tt class="docutils literal">RLIMIT_NOFILE</tt> (in case of descriptors) or both <tt class="docutils literal">RLIMIT_DATA</tt> and <tt class="docutils literal">RLIMIT_AS</tt> (in case of memory).</blockquote>
<p><tt class="docutils literal"><span class="pre">--report</span></tt></p> <p><tt class="docutils literal"><span class="pre">--report</span></tt></p>
<blockquote> <blockquote>
Enables periodic reporting of various metrics. Enables periodic reporting of various metrics.

View file

@ -40,6 +40,7 @@ kawipiko -- blazingly fast static HTTP server
--processes <count> (of slave processes) --processes <count> (of slave processes)
--threads <count> (of threads per process) --threads <count> (of threads per process)
--index-all --index-all
--index-paths --index-paths
--index-data-meta --index-data-meta
@ -51,7 +52,9 @@ kawipiko -- blazingly fast static HTTP server
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory <MiB> --seccomp-enable
--limit-descriptors <count>
--limit-memory <MiB>
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug
@ -192,6 +195,19 @@ Flags
These instruct the browser to always use HTTPS for the served domain. These instruct the browser to always use HTTPS for the served domain.
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.) (Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)
``--seccomp-enable``
On Linux, and if supported, enable a strict ``seccomp`` filter to reduce the potential attack surface in case of a security issue.
The current filter is the minimal set of ``syscall``'s required to have the server working (thus quite safe).
At each stage (opening the archive, indexing the archive, serving the archive) the non-required ``syscall``'s are filtered.
(At the moment the filter is quite strict and determined by experimentation. If you enable ``seccomp`` and the server is ``kill``-ed, check ``auditd`` logs for the problematic ``syscall`` and open an issue report.)
``--limit-descriptors``, and ``--limit-memory``
Constrains resource usage by configuring via ``setrlimit`` either ``RLIMIT_NOFILE`` (in case of descriptors) or both ``RLIMIT_DATA`` and ``RLIMIT_AS`` (in case of memory).
``--report`` ``--report``
Enables periodic reporting of various metrics. Enables periodic reporting of various metrics.

View file

@ -31,6 +31,7 @@ NAME
--processes <count> (of slave processes) --processes <count> (of slave processes)
--threads <count> (of threads per process) --threads <count> (of threads per process)
--index-all --index-all
--index-paths --index-paths
--index-data-meta --index-data-meta
@ -42,7 +43,9 @@ NAME
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory <MiB> --seccomp-enable
--limit-descriptors <count>
--limit-memory <MiB>
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug
@ -220,6 +223,25 @@ FLAGS
domain. (Useful even without HTTPS, when used behind a TLS domain. (Useful even without HTTPS, when used behind a TLS
terminator, load-balancer or proxy that do support HTTPS.) terminator, load-balancer or proxy that do support HTTPS.)
--seccomp-enable
On Linux, and if supported, enable a strict seccomp filter to reduce
the potential attack surface in case of a security issue.
The current filter is the minimal set of syscall's required to have
the server working (thus quite safe). At each stage (opening the
archive, indexing the archive, serving the archive) the non-required
syscall's are filtered.
(At the moment the filter is quite strict and determined by
experimentation. If you enable seccomp and the server is kill-ed,
check auditd logs for the problematic syscall and open an issue
report.)
--limit-descriptors, and --limit-memory
Constrains resource usage by configuring via setrlimit either
RLIMIT_NOFILE (in case of descriptors) or both RLIMIT_DATA and
RLIMIT_AS (in case of memory).
--report --report
Enables periodic reporting of various metrics. Also enables Enables periodic reporting of various metrics. Also enables
reporting a selection of metrics if certain thresholds are matched reporting a selection of metrics if certain thresholds are matched
@ -258,4 +280,4 @@ FLAGS
volution.ro 2022-09-02 KAWIPIKO-SERVER(1) volution.ro 2022-09-11 KAWIPIKO-SERVER(1)

View file

@ -9,12 +9,12 @@ NAME
>> kawipiko-archiver --man >> kawipiko-archiver --man
--sources <path> --sources <path>
--archive <path> --archive <path>
--compress <gzip | zopfli | brotli | identity> --compress <gzip | zopfli | brotli | identity>
--compress-level <number> --compress-level <number>
--compress-cache <path> --compress-cache <path>
--sources-cache <path>
--exclude-index --exclude-index
--exclude-strip --exclude-strip
@ -80,7 +80,7 @@ FLAGS
• kawipiko by default uses the maximum compression level for each • kawipiko by default uses the maximum compression level for each
algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;) algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;)
--sources-cache <path>, and --compress-cache <path> --compress-cache <path>, and --sources-cache <path>
At the given path a single file is created (that is an BBolt At the given path a single file is created (that is an BBolt
database), that will be used to cache the following information: database), that will be used to cache the following information:
@ -213,4 +213,4 @@ SYMLINKS, HARDLINKS, LOOPS, AND DUPLICATED FILES
volution.ro 2022-09-02 KAWIPIKO-ARCHIVER(1) volution.ro 2022-09-11 KAWIPIKO-ARCHIVER(1)

View file

@ -2,14 +2,12 @@
kawipiko-archiver kawipiko-archiver
--sources <path> --sources <path>
--archive <path> --archive <path>
--compress <gzip | zopfli | brotli | identity> --compress <gzip | zopfli | brotli | identity>
--compress-level <number> --compress-level <number>
--sources-cache <path>
--compress-cache <path> --compress-cache <path>
--sources-cache <path>
--exclude-index --exclude-index
--exclude-strip --exclude-strip

View file

@ -392,6 +392,7 @@ ul.auto-toc {
--processes &lt;count&gt; (of slave processes) --processes &lt;count&gt; (of slave processes)
--threads &lt;count&gt; (of threads per process) --threads &lt;count&gt; (of threads per process)
--index-all --index-all
--index-paths --index-paths
--index-data-meta --index-data-meta
@ -403,7 +404,9 @@ ul.auto-toc {
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory &lt;MiB&gt; --seccomp-enable
--limit-descriptors &lt;count&gt;
--limit-memory &lt;MiB&gt;
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug
@ -524,6 +527,16 @@ Content-Security-Policy: upgrade-insecure-requests
<p>These instruct the browser to always use HTTPS for the served domain. <p>These instruct the browser to always use HTTPS for the served domain.
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p> (Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p>
</blockquote> </blockquote>
<p><tt class="docutils literal"><span class="pre">--seccomp-enable</span></tt></p>
<blockquote>
<p>On Linux, and if supported, enable a strict <tt class="docutils literal">seccomp</tt> filter to reduce the potential attack surface in case of a security issue.</p>
<p>The current filter is the minimal set of <tt class="docutils literal">syscall</tt>'s required to have the server working (thus quite safe).
At each stage (opening the archive, indexing the archive, serving the archive) the non-required <tt class="docutils literal">syscall</tt>'s are filtered.</p>
<p>(At the moment the filter is quite strict and determined by experimentation. If you enable <tt class="docutils literal">seccomp</tt> and the server is <tt class="docutils literal">kill</tt>-ed, check <tt class="docutils literal">auditd</tt> logs for the problematic <tt class="docutils literal">syscall</tt> and open an issue report.)</p>
</blockquote>
<p><tt class="docutils literal"><span class="pre">--limit-descriptors</span></tt>, and <tt class="docutils literal"><span class="pre">--limit-memory</span></tt></p>
<blockquote>
Constrains resource usage by configuring via <tt class="docutils literal">setrlimit</tt> either <tt class="docutils literal">RLIMIT_NOFILE</tt> (in case of descriptors) or both <tt class="docutils literal">RLIMIT_DATA</tt> and <tt class="docutils literal">RLIMIT_AS</tt> (in case of memory).</blockquote>
<p><tt class="docutils literal"><span class="pre">--report</span></tt></p> <p><tt class="docutils literal"><span class="pre">--report</span></tt></p>
<blockquote> <blockquote>
Enables periodic reporting of various metrics. Enables periodic reporting of various metrics.

View file

@ -31,6 +31,7 @@ NAME
--processes <count> (of slave processes) --processes <count> (of slave processes)
--threads <count> (of threads per process) --threads <count> (of threads per process)
--index-all --index-all
--index-paths --index-paths
--index-data-meta --index-data-meta
@ -42,7 +43,9 @@ NAME
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory <MiB> --seccomp-enable
--limit-descriptors <count>
--limit-memory <MiB>
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug
@ -220,6 +223,25 @@ FLAGS
domain. (Useful even without HTTPS, when used behind a TLS domain. (Useful even without HTTPS, when used behind a TLS
terminator, load-balancer or proxy that do support HTTPS.) terminator, load-balancer or proxy that do support HTTPS.)
--seccomp-enable
On Linux, and if supported, enable a strict seccomp filter to reduce
the potential attack surface in case of a security issue.
The current filter is the minimal set of syscall's required to have
the server working (thus quite safe). At each stage (opening the
archive, indexing the archive, serving the archive) the non-required
syscall's are filtered.
(At the moment the filter is quite strict and determined by
experimentation. If you enable seccomp and the server is kill-ed,
check auditd logs for the problematic syscall and open an issue
report.)
--limit-descriptors, and --limit-memory
Constrains resource usage by configuring via setrlimit either
RLIMIT_NOFILE (in case of descriptors) or both RLIMIT_DATA and
RLIMIT_AS (in case of memory).
--report --report
Enables periodic reporting of various metrics. Also enables Enables periodic reporting of various metrics. Also enables
reporting a selection of metrics if certain thresholds are matched reporting a selection of metrics if certain thresholds are matched
@ -258,4 +280,4 @@ FLAGS
volution.ro 2022-09-02 KAWIPIKO-SERVER(1) volution.ro 2022-09-11 KAWIPIKO-SERVER(1)

View file

@ -36,7 +36,9 @@
--security-headers-disable --security-headers-disable
--security-headers-tls --security-headers-tls
--limit-memory <MiB> --secomp-enable
--limit-descriptors <count>
--limit-memory <MiB>
--timeout-disable --timeout-disable
--report --quiet --debug --report --quiet --debug