Skip to content

Commit b3ebc9c

Browse files
ameba23ameba23
committed
Update CLI documentation
1 parent cfcb77f commit b3ebc9c

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

src/main.rs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ enum CliCommand {
7777
},
7878
/// Run a proxy server
7979
Server {
80-
/// Socket address to listen on for the outer nested-TLS listener
80+
/// Socket address to listen on for the outer nested-TLS listener, if enabled
8181
#[arg(long, default_value = "0.0.0.0:443")]
8282
outer_listen_addr: SocketAddr,
8383
/// Socket address to listen on for the inner-only attested TLS listener
@@ -86,13 +86,13 @@ enum CliCommand {
8686
/// The hostname:port or ip:port of the target service to forward traffic to
8787
target_addr: String,
8888
/// Type of attestation to present (dafaults to 'auto' for automatic detection)
89-
/// If other than None, a TLS key and certicate must also be given
89+
/// This configures the inner attested TLS listener and does not require outer TLS certs.
9090
#[arg(long, env = "SERVER_ATTESTATION_TYPE")]
9191
server_attestation_type: Option<String>,
92-
/// The path to a PEM encoded private key
92+
/// The path to a PEM encoded private key for the optional outer nested-TLS listener
9393
#[arg(long, env = "TLS_PRIVATE_KEY_PATH")]
9494
tls_private_key_path: Option<PathBuf>,
95-
/// Additional CA certificate to verify against (PEM) Defaults to no additional TLS certs.
95+
/// PEM certificate chain for the optional outer nested-TLS listener
9696
#[arg(long, env = "TLS_CERTIFICATE_PATH")]
9797
tls_certificate_path: Option<PathBuf>,
9898
/// Whether to use client authentication. If the client is running in a CVM this must be
@@ -122,20 +122,20 @@ enum CliCommand {
122122
AttestedFileServer {
123123
/// Filesystem path to statically serve
124124
path_to_serve: PathBuf,
125-
/// Socket address to listen on for the outer nested-TLS listener
125+
/// Socket address to listen on for the outer nested-TLS listener, if enabled
126126
#[arg(long, default_value = "0.0.0.0:443")]
127127
outer_listen_addr: SocketAddr,
128128
/// Socket address to listen on for the inner-only attested TLS listener
129129
#[arg(long, default_value = "0.0.0.0:4433")]
130130
inner_listen_addr: SocketAddr,
131131
/// Type of attestation to present (dafaults to none)
132-
/// If other than None, a TLS key and certicate must also be given
132+
/// This configures the inner attested TLS listener and does not require outer TLS certs.
133133
#[arg(long, env = "SERVER_ATTESTATION_TYPE")]
134134
server_attestation_type: Option<String>,
135-
/// The path to a PEM encoded private key
135+
/// The path to a PEM encoded private key for the optional outer nested-TLS listener
136136
#[arg(long, env = "TLS_PRIVATE_KEY_PATH")]
137137
tls_private_key_path: Option<PathBuf>,
138-
/// Additional CA certificate to verify against (PEM) Defaults to no additional TLS certs.
138+
/// PEM certificate chain for the optional outer nested-TLS listener
139139
#[arg(long, env = "TLS_CERTIFICATE_PATH")]
140140
tls_certificate_path: Option<PathBuf>,
141141
/// URL of the remote dummy attestation service. Only use with --server-attestation-type

0 commit comments

Comments
 (0)