[documentation] Update manuals with new options.
This commit is contained in:
parent
eda087dc7d
commit
03279d99c4
13 changed files with 134 additions and 26 deletions
|
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|||
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||||
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
||||
..
|
||||
.TH "KAWIPIKO-ARCHIVER" "1" "2022-09-02" "volution.ro" "kawipiko"
|
||||
.TH "KAWIPIKO-ARCHIVER" "1" "2022-09-11" "volution.ro" "kawipiko"
|
||||
.SH NAME
|
||||
kawipiko -- blazingly fast static HTTP server \- kawipiko-archiver
|
||||
.INDENT 0.0
|
||||
|
@ -47,12 +47,12 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-archiver
|
|||
.nf
|
||||
.ft C
|
||||
\-\-sources <path>
|
||||
|
||||
\-\-archive <path>
|
||||
|
||||
\-\-compress <gzip | zopfli | brotli | identity>
|
||||
\-\-compress\-level <number>
|
||||
\-\-compress\-cache <path>
|
||||
\-\-sources\-cache <path>
|
||||
|
||||
\-\-exclude\-index
|
||||
\-\-exclude\-strip
|
||||
|
@ -124,7 +124,7 @@ The compression level can be chosen, the value depending on the algorithm:
|
|||
.UNINDENT
|
||||
.UNINDENT
|
||||
.sp
|
||||
\fB\-\-sources\-cache <path>\fP, and \fB\-\-compress\-cache <path>\fP
|
||||
\fB\-\-compress\-cache <path>\fP, and \fB\-\-sources\-cache <path>\fP
|
||||
.INDENT 0.0
|
||||
.INDENT 3.5
|
||||
At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:
|
||||
|
|
|
@ -370,12 +370,12 @@ ul.auto-toc {
|
|||
</pre>
|
||||
<pre class="literal-block">
|
||||
--sources <path>
|
||||
|
||||
--archive <path>
|
||||
|
||||
--compress <gzip | zopfli | brotli | identity>
|
||||
--compress-level <number>
|
||||
--compress-cache <path>
|
||||
--sources-cache <path>
|
||||
|
||||
--exclude-index
|
||||
--exclude-strip
|
||||
|
@ -420,7 +420,7 @@ The path to the target CDB file that contains the archived static content.</bloc
|
|||
<li><tt class="docutils literal">kawipiko</tt> by default uses the maximum compression level for each algorithm; (i.e. <tt class="docutils literal">9</tt> for <tt class="docutils literal">gzip</tt>, <tt class="docutils literal">30</tt> for <tt class="docutils literal">zopfli</tt>, and <tt class="docutils literal"><span class="pre">-2</span></tt> for <tt class="docutils literal">brotli</tt>;)</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--sources-cache</span> <path></tt>, and <tt class="docutils literal"><span class="pre">--compress-cache</span> <path></tt></p>
|
||||
<p><tt class="docutils literal"><span class="pre">--compress-cache</span> <path></tt>, and <tt class="docutils literal"><span class="pre">--sources-cache</span> <path></tt></p>
|
||||
<blockquote>
|
||||
<p>At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:</p>
|
||||
<ul class="simple">
|
||||
|
|
|
@ -19,12 +19,12 @@ kawipiko -- blazingly fast static HTTP server
|
|||
::
|
||||
|
||||
--sources <path>
|
||||
|
||||
--archive <path>
|
||||
|
||||
--compress <gzip | zopfli | brotli | identity>
|
||||
--compress-level <number>
|
||||
--compress-cache <path>
|
||||
--sources-cache <path>
|
||||
|
||||
--exclude-index
|
||||
--exclude-strip
|
||||
|
@ -80,7 +80,7 @@ Flags
|
|||
* (by "algorithm default", it is meant "what that algorithm considers the recommended default compression level";)
|
||||
* ``kawipiko`` by default uses the maximum compression level for each algorithm; (i.e. ``9`` for ``gzip``, ``30`` for ``zopfli``, and ``-2`` for ``brotli``;)
|
||||
|
||||
``--sources-cache <path>``, and ``--compress-cache <path>``
|
||||
``--compress-cache <path>``, and ``--sources-cache <path>``
|
||||
|
||||
At the given path a single file is created (that is an BBolt database), that will be used to cache the following information:
|
||||
|
||||
|
|
|
@ -9,12 +9,12 @@ NAME
|
|||
>> kawipiko-archiver --man
|
||||
|
||||
--sources <path>
|
||||
|
||||
--archive <path>
|
||||
|
||||
--compress <gzip | zopfli | brotli | identity>
|
||||
--compress-level <number>
|
||||
--compress-cache <path>
|
||||
--sources-cache <path>
|
||||
|
||||
--exclude-index
|
||||
--exclude-strip
|
||||
|
@ -80,7 +80,7 @@ FLAGS
|
|||
• kawipiko by default uses the maximum compression level for each
|
||||
algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;)
|
||||
|
||||
--sources-cache <path>, and --compress-cache <path>
|
||||
--compress-cache <path>, and --sources-cache <path>
|
||||
At the given path a single file is created (that is an BBolt
|
||||
database), that will be used to cache the following information:
|
||||
|
||||
|
@ -213,4 +213,4 @@ SYMLINKS, HARDLINKS, LOOPS, AND DUPLICATED FILES
|
|||
|
||||
|
||||
|
||||
volution.ro 2022-09-02 KAWIPIKO-ARCHIVER(1)
|
||||
volution.ro 2022-09-11 KAWIPIKO-ARCHIVER(1)
|
||||
|
|
|
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|||
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
||||
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
||||
..
|
||||
.TH "KAWIPIKO-SERVER" "1" "2022-09-02" "volution.ro" "kawipiko"
|
||||
.TH "KAWIPIKO-SERVER" "1" "2022-09-11" "volution.ro" "kawipiko"
|
||||
.SH NAME
|
||||
kawipiko -- blazingly fast static HTTP server \- kawipiko-server
|
||||
.INDENT 0.0
|
||||
|
@ -69,6 +69,7 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-server
|
|||
|
||||
\-\-processes <count> (of slave processes)
|
||||
\-\-threads <count> (of threads per process)
|
||||
|
||||
\-\-index\-all
|
||||
\-\-index\-paths
|
||||
\-\-index\-data\-meta
|
||||
|
@ -80,7 +81,9 @@ kawipiko -- blazingly fast static HTTP server \- kawipiko-server
|
|||
\-\-security\-headers\-disable
|
||||
\-\-security\-headers\-tls
|
||||
|
||||
\-\-limit\-memory <MiB>
|
||||
\-\-seccomp\-enable
|
||||
\-\-limit\-descriptors <count>
|
||||
\-\-limit\-memory <MiB>
|
||||
\-\-timeout\-disable
|
||||
|
||||
\-\-report \-\-quiet \-\-debug
|
||||
|
@ -292,6 +295,25 @@ These instruct the browser to always use HTTPS for the served domain.
|
|||
.UNINDENT
|
||||
.UNINDENT
|
||||
.sp
|
||||
\fB\-\-seccomp\-enable\fP
|
||||
.INDENT 0.0
|
||||
.INDENT 3.5
|
||||
On Linux, and if supported, enable a strict \fBseccomp\fP filter to reduce the potential attack surface in case of a security issue.
|
||||
.sp
|
||||
The current filter is the minimal set of \fBsyscall\fP\(aqs required to have the server working (thus quite safe).
|
||||
At each stage (opening the archive, indexing the archive, serving the archive) the non\-required \fBsyscall\fP\(aqs are filtered.
|
||||
.sp
|
||||
(At the moment the filter is quite strict and determined by experimentation. If you enable \fBseccomp\fP and the server is \fBkill\fP\-ed, check \fBauditd\fP logs for the problematic \fBsyscall\fP and open an issue report.)
|
||||
.UNINDENT
|
||||
.UNINDENT
|
||||
.sp
|
||||
\fB\-\-limit\-descriptors\fP, and \fB\-\-limit\-memory\fP
|
||||
.INDENT 0.0
|
||||
.INDENT 3.5
|
||||
Constrains resource usage by configuring via \fBsetrlimit\fP either \fBRLIMIT_NOFILE\fP (in case of descriptors) or both \fBRLIMIT_DATA\fP and \fBRLIMIT_AS\fP (in case of memory).
|
||||
.UNINDENT
|
||||
.UNINDENT
|
||||
.sp
|
||||
\fB\-\-report\fP
|
||||
.INDENT 0.0
|
||||
.INDENT 3.5
|
||||
|
|
|
@ -392,6 +392,7 @@ ul.auto-toc {
|
|||
|
||||
--processes <count> (of slave processes)
|
||||
--threads <count> (of threads per process)
|
||||
|
||||
--index-all
|
||||
--index-paths
|
||||
--index-data-meta
|
||||
|
@ -403,7 +404,9 @@ ul.auto-toc {
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--seccomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
@ -524,6 +527,16 @@ Content-Security-Policy: upgrade-insecure-requests
|
|||
<p>These instruct the browser to always use HTTPS for the served domain.
|
||||
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p>
|
||||
</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--seccomp-enable</span></tt></p>
|
||||
<blockquote>
|
||||
<p>On Linux, and if supported, enable a strict <tt class="docutils literal">seccomp</tt> filter to reduce the potential attack surface in case of a security issue.</p>
|
||||
<p>The current filter is the minimal set of <tt class="docutils literal">syscall</tt>'s required to have the server working (thus quite safe).
|
||||
At each stage (opening the archive, indexing the archive, serving the archive) the non-required <tt class="docutils literal">syscall</tt>'s are filtered.</p>
|
||||
<p>(At the moment the filter is quite strict and determined by experimentation. If you enable <tt class="docutils literal">seccomp</tt> and the server is <tt class="docutils literal">kill</tt>-ed, check <tt class="docutils literal">auditd</tt> logs for the problematic <tt class="docutils literal">syscall</tt> and open an issue report.)</p>
|
||||
</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--limit-descriptors</span></tt>, and <tt class="docutils literal"><span class="pre">--limit-memory</span></tt></p>
|
||||
<blockquote>
|
||||
Constrains resource usage by configuring via <tt class="docutils literal">setrlimit</tt> either <tt class="docutils literal">RLIMIT_NOFILE</tt> (in case of descriptors) or both <tt class="docutils literal">RLIMIT_DATA</tt> and <tt class="docutils literal">RLIMIT_AS</tt> (in case of memory).</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--report</span></tt></p>
|
||||
<blockquote>
|
||||
Enables periodic reporting of various metrics.
|
||||
|
|
|
@ -40,6 +40,7 @@ kawipiko -- blazingly fast static HTTP server
|
|||
|
||||
--processes <count> (of slave processes)
|
||||
--threads <count> (of threads per process)
|
||||
|
||||
--index-all
|
||||
--index-paths
|
||||
--index-data-meta
|
||||
|
@ -51,7 +52,9 @@ kawipiko -- blazingly fast static HTTP server
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--seccomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
@ -192,6 +195,19 @@ Flags
|
|||
These instruct the browser to always use HTTPS for the served domain.
|
||||
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)
|
||||
|
||||
``--seccomp-enable``
|
||||
|
||||
On Linux, and if supported, enable a strict ``seccomp`` filter to reduce the potential attack surface in case of a security issue.
|
||||
|
||||
The current filter is the minimal set of ``syscall``'s required to have the server working (thus quite safe).
|
||||
At each stage (opening the archive, indexing the archive, serving the archive) the non-required ``syscall``'s are filtered.
|
||||
|
||||
(At the moment the filter is quite strict and determined by experimentation. If you enable ``seccomp`` and the server is ``kill``-ed, check ``auditd`` logs for the problematic ``syscall`` and open an issue report.)
|
||||
|
||||
``--limit-descriptors``, and ``--limit-memory``
|
||||
|
||||
Constrains resource usage by configuring via ``setrlimit`` either ``RLIMIT_NOFILE`` (in case of descriptors) or both ``RLIMIT_DATA`` and ``RLIMIT_AS`` (in case of memory).
|
||||
|
||||
``--report``
|
||||
|
||||
Enables periodic reporting of various metrics.
|
||||
|
|
|
@ -31,6 +31,7 @@ NAME
|
|||
|
||||
--processes <count> (of slave processes)
|
||||
--threads <count> (of threads per process)
|
||||
|
||||
--index-all
|
||||
--index-paths
|
||||
--index-data-meta
|
||||
|
@ -42,7 +43,9 @@ NAME
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--seccomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
@ -220,6 +223,25 @@ FLAGS
|
|||
domain. (Useful even without HTTPS, when used behind a TLS
|
||||
terminator, load-balancer or proxy that do support HTTPS.)
|
||||
|
||||
--seccomp-enable
|
||||
On Linux, and if supported, enable a strict seccomp filter to reduce
|
||||
the potential attack surface in case of a security issue.
|
||||
|
||||
The current filter is the minimal set of syscall's required to have
|
||||
the server working (thus quite safe). At each stage (opening the
|
||||
archive, indexing the archive, serving the archive) the non-required
|
||||
syscall's are filtered.
|
||||
|
||||
(At the moment the filter is quite strict and determined by
|
||||
experimentation. If you enable seccomp and the server is kill-ed,
|
||||
check auditd logs for the problematic syscall and open an issue
|
||||
report.)
|
||||
|
||||
--limit-descriptors, and --limit-memory
|
||||
Constrains resource usage by configuring via setrlimit either
|
||||
RLIMIT_NOFILE (in case of descriptors) or both RLIMIT_DATA and
|
||||
RLIMIT_AS (in case of memory).
|
||||
|
||||
--report
|
||||
Enables periodic reporting of various metrics. Also enables
|
||||
reporting a selection of metrics if certain thresholds are matched
|
||||
|
@ -258,4 +280,4 @@ FLAGS
|
|||
|
||||
|
||||
|
||||
volution.ro 2022-09-02 KAWIPIKO-SERVER(1)
|
||||
volution.ro 2022-09-11 KAWIPIKO-SERVER(1)
|
||||
|
|
|
@ -9,12 +9,12 @@ NAME
|
|||
>> kawipiko-archiver --man
|
||||
|
||||
--sources <path>
|
||||
|
||||
--archive <path>
|
||||
|
||||
--compress <gzip | zopfli | brotli | identity>
|
||||
--compress-level <number>
|
||||
--compress-cache <path>
|
||||
--sources-cache <path>
|
||||
|
||||
--exclude-index
|
||||
--exclude-strip
|
||||
|
@ -80,7 +80,7 @@ FLAGS
|
|||
• kawipiko by default uses the maximum compression level for each
|
||||
algorithm; (i.e. 9 for gzip, 30 for zopfli, and -2 for brotli;)
|
||||
|
||||
--sources-cache <path>, and --compress-cache <path>
|
||||
--compress-cache <path>, and --sources-cache <path>
|
||||
At the given path a single file is created (that is an BBolt
|
||||
database), that will be used to cache the following information:
|
||||
|
||||
|
@ -213,4 +213,4 @@ SYMLINKS, HARDLINKS, LOOPS, AND DUPLICATED FILES
|
|||
|
||||
|
||||
|
||||
volution.ro 2022-09-02 KAWIPIKO-ARCHIVER(1)
|
||||
volution.ro 2022-09-11 KAWIPIKO-ARCHIVER(1)
|
||||
|
|
|
@ -2,14 +2,12 @@
|
|||
kawipiko-archiver
|
||||
|
||||
--sources <path>
|
||||
|
||||
--archive <path>
|
||||
|
||||
--compress <gzip | zopfli | brotli | identity>
|
||||
--compress-level <number>
|
||||
|
||||
--sources-cache <path>
|
||||
--compress-cache <path>
|
||||
--sources-cache <path>
|
||||
|
||||
--exclude-index
|
||||
--exclude-strip
|
||||
|
|
|
@ -392,6 +392,7 @@ ul.auto-toc {
|
|||
|
||||
--processes <count> (of slave processes)
|
||||
--threads <count> (of threads per process)
|
||||
|
||||
--index-all
|
||||
--index-paths
|
||||
--index-data-meta
|
||||
|
@ -403,7 +404,9 @@ ul.auto-toc {
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--seccomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
@ -524,6 +527,16 @@ Content-Security-Policy: upgrade-insecure-requests
|
|||
<p>These instruct the browser to always use HTTPS for the served domain.
|
||||
(Useful even without HTTPS, when used behind a TLS terminator, load-balancer or proxy that do support HTTPS.)</p>
|
||||
</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--seccomp-enable</span></tt></p>
|
||||
<blockquote>
|
||||
<p>On Linux, and if supported, enable a strict <tt class="docutils literal">seccomp</tt> filter to reduce the potential attack surface in case of a security issue.</p>
|
||||
<p>The current filter is the minimal set of <tt class="docutils literal">syscall</tt>'s required to have the server working (thus quite safe).
|
||||
At each stage (opening the archive, indexing the archive, serving the archive) the non-required <tt class="docutils literal">syscall</tt>'s are filtered.</p>
|
||||
<p>(At the moment the filter is quite strict and determined by experimentation. If you enable <tt class="docutils literal">seccomp</tt> and the server is <tt class="docutils literal">kill</tt>-ed, check <tt class="docutils literal">auditd</tt> logs for the problematic <tt class="docutils literal">syscall</tt> and open an issue report.)</p>
|
||||
</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--limit-descriptors</span></tt>, and <tt class="docutils literal"><span class="pre">--limit-memory</span></tt></p>
|
||||
<blockquote>
|
||||
Constrains resource usage by configuring via <tt class="docutils literal">setrlimit</tt> either <tt class="docutils literal">RLIMIT_NOFILE</tt> (in case of descriptors) or both <tt class="docutils literal">RLIMIT_DATA</tt> and <tt class="docutils literal">RLIMIT_AS</tt> (in case of memory).</blockquote>
|
||||
<p><tt class="docutils literal"><span class="pre">--report</span></tt></p>
|
||||
<blockquote>
|
||||
Enables periodic reporting of various metrics.
|
||||
|
|
|
@ -31,6 +31,7 @@ NAME
|
|||
|
||||
--processes <count> (of slave processes)
|
||||
--threads <count> (of threads per process)
|
||||
|
||||
--index-all
|
||||
--index-paths
|
||||
--index-data-meta
|
||||
|
@ -42,7 +43,9 @@ NAME
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--seccomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
@ -220,6 +223,25 @@ FLAGS
|
|||
domain. (Useful even without HTTPS, when used behind a TLS
|
||||
terminator, load-balancer or proxy that do support HTTPS.)
|
||||
|
||||
--seccomp-enable
|
||||
On Linux, and if supported, enable a strict seccomp filter to reduce
|
||||
the potential attack surface in case of a security issue.
|
||||
|
||||
The current filter is the minimal set of syscall's required to have
|
||||
the server working (thus quite safe). At each stage (opening the
|
||||
archive, indexing the archive, serving the archive) the non-required
|
||||
syscall's are filtered.
|
||||
|
||||
(At the moment the filter is quite strict and determined by
|
||||
experimentation. If you enable seccomp and the server is kill-ed,
|
||||
check auditd logs for the problematic syscall and open an issue
|
||||
report.)
|
||||
|
||||
--limit-descriptors, and --limit-memory
|
||||
Constrains resource usage by configuring via setrlimit either
|
||||
RLIMIT_NOFILE (in case of descriptors) or both RLIMIT_DATA and
|
||||
RLIMIT_AS (in case of memory).
|
||||
|
||||
--report
|
||||
Enables periodic reporting of various metrics. Also enables
|
||||
reporting a selection of metrics if certain thresholds are matched
|
||||
|
@ -258,4 +280,4 @@ FLAGS
|
|||
|
||||
|
||||
|
||||
volution.ro 2022-09-02 KAWIPIKO-SERVER(1)
|
||||
volution.ro 2022-09-11 KAWIPIKO-SERVER(1)
|
||||
|
|
|
@ -36,7 +36,9 @@
|
|||
--security-headers-disable
|
||||
--security-headers-tls
|
||||
|
||||
--limit-memory <MiB>
|
||||
--secomp-enable
|
||||
--limit-descriptors <count>
|
||||
--limit-memory <MiB>
|
||||
--timeout-disable
|
||||
|
||||
--report --quiet --debug
|
||||
|
|
Loading…
Reference in a new issue