Merge in ADGUARD-CORE-LIBS/vpn-libs-endpoint from fix/license to master
Squashed commit of the following:
commit 4add6c95c67ca53009d8a878a7b55dc3da9c279e
Author: Sergei Gunchenko <s.gunchenko@adguard.com>
Date: Fri Jul 14 17:08:34 2023 +0300
Rename license file
|
||
|---|---|---|
| bamboo-specs | ||
| bench | ||
| endpoint | ||
| lib | ||
| macros | ||
| scripts | ||
| tools | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| CHANGELOG.md | ||
| LICENSE | ||
| README.md | ||
AdGuard VPN endpoint
Building
Execute the following commands in the Terminal:
cargo build
to build the debug version, or
cargo build --release
to build the release version.
Endpoint configuration
Library configuration
An endpoint can be configured using a couple of TOML files:
- The main library settings reflect (
struct Settingsin settings.rs). - The TLS hosts library settings reflect (
struct TlsHostsSettingsin settings.rs). These settings may be reloaded dynamically (see here for details).
All of them may be generated using the setup wizard tool. To configure the most basic options, execute the following command in the Terminal:
cargo run --bin setup_wizard
To see the full set of available options, execute the following command in the Terminal:
cargo run --bin setup_wizard -- -h
Endpoint executable features
Configuration
Some options reside on the application level. Such options can be configured via command line arguments. For example:
- Sentry DSN is configured
by specifying
--sentry_dsn <url> - Logging level is configured by
[--log_level|-l] [info|debug|trace](info- default) - Logging file is configured by
--log_file <path>. If not specified, the instance logs tostdout.
To see the full set of available options, execute the following command in the Terminal:
cargo run --bin vpn_endpoint -- -h
Dynamic reloading of TLS hosts settings
The executable is able to reload TLS hosts settings dynamically. To trigger this, send the SIGHUP signal to the process. After receiving, it reparses the TLS hosts settings file that was passed in arguments and applies the new settings.
IMPORTANT: the file paths passed through the settings must remain valid until the process exit or until the next reloading.
Running
To run the binary through cargo, execute the following commands in the Terminal:
cargo run --bin vpn_endpoint -- <path/to/vpn.config> <path/to/tls_hosts.config>
To run the binary directly, execute the following commands in the Terminal:
<path/to/target>/vpn_endpoint <path/to/vpn.config> <path/to/tls_hosts.config>
where <path/to/target> is determined by the build command (by default it is ./target/debug or
./target/release depending on the build type).
Testing with Google Chrome
- 2 options:
- Add the generated certificate to the trusted store and run the Google Chrome
- Run the Google Chrome from Terminal like this:
IMPORTANT: the second option should be used just for testing, it removes the first line of defence against malicious resourcesgoogle-chrome --ignore-certificate-errors - Set up the endpoint as an HTTPS proxy server in the browser (either via browser settings or
using an extension like
Proxy SwitchyOmega)
Collecting metrics
Common ways:
- As plain text: send a GET request to
<ip>:<port>/metrics, for example, using CURL or a web browser - Set up Prometheus:
- Configure the instance to monitor the endpoint metrics (see here)
- Use the graph interface
License
Apache 2.0