Refine repository structure
- Update .gitignore for dev/ and tmp/ directories - Move certificate setup to dev/ directory with README - Remove production references from AGENTS.md - Clean up directory structure and documentation - Repository now ready for development workflow
This commit is contained in:
parent
1ed443ff2a
commit
e00195c5be
3 changed files with 24 additions and 41 deletions
20
.gitignore
vendored
20
.gitignore
vendored
|
|
@ -1,22 +1,24 @@
|
|||
# Rust build artifacts
|
||||
/target/
|
||||
Cargo.lock
|
||||
# Development directories
|
||||
dev/
|
||||
tmp/
|
||||
test_files/
|
||||
sample_data/
|
||||
|
||||
# Development files
|
||||
# Temporary files
|
||||
*.log
|
||||
*.md.tmp
|
||||
|
||||
# OS files
|
||||
*.tmp
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
|
||||
# TLS certificates - NEVER commit to repository
|
||||
*.pem
|
||||
*.key
|
||||
*.crt
|
||||
certs/
|
||||
certbot/
|
||||
|
||||
# Rust build artifacts
|
||||
/target/
|
||||
Cargo.lock
|
||||
|
||||
# IDE files
|
||||
.vscode/
|
||||
.idea/
|
||||
17
AGENTS.md
17
AGENTS.md
|
|
@ -23,22 +23,9 @@ We have UnitTests which should be kept up to date before committing any new code
|
|||
|
||||
Fix every compiler warning before committing.
|
||||
|
||||
### Certificate Management
|
||||
### Development Notes
|
||||
|
||||
Development
|
||||
- Generate self-signed certificates for local testing
|
||||
- Store in `certs/` directory (gitignored)
|
||||
- Generate self-signed certificates for local testing in `dev/` directory
|
||||
- Use CN=localhost for development
|
||||
|
||||
Production
|
||||
- Use Let's Encrypt or CA-signed certificates
|
||||
- Store certificates outside repository
|
||||
- Set appropriate file permissions (600 for keys, 644 for certs)
|
||||
- Implement certificate renewal monitoring
|
||||
- Never include private keys in documentation or commits
|
||||
|
||||
Deployment Security
|
||||
- Certificate files should be owned by service user
|
||||
- Use systemd service file with proper User/Group directives
|
||||
- Consider using systemd's `LoadCredential` for certificate paths
|
||||
|
||||
|
|
|
|||
28
README.md
28
README.md
|
|
@ -29,31 +29,25 @@ port = 1965
|
|||
log_level = "info"
|
||||
```
|
||||
|
||||
## Certificate Setup
|
||||
|
||||
### Development
|
||||
Generate self-signed certificates for local testing:
|
||||
## Development Setup
|
||||
|
||||
### Quick Start with Self-Signed Certs
|
||||
```bash
|
||||
mkdir -p certs
|
||||
openssl req -x509 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -days 365 -nodes -subj "/CN=localhost"
|
||||
mkdir -p dev
|
||||
openssl req -x509 -newkey rsa:2048 \
|
||||
-keyout dev/key.pem \
|
||||
-out dev/cert.pem \
|
||||
-days 365 \
|
||||
-nodes \
|
||||
-subj "/CN=localhost"
|
||||
```
|
||||
|
||||
Update `config.toml`:
|
||||
```toml
|
||||
cert = "certs/cert.pem"
|
||||
key = "certs/key.pem"
|
||||
cert = "dev/cert.pem"
|
||||
key = "dev/key.pem"
|
||||
```
|
||||
|
||||
### Production
|
||||
Use Let's Encrypt for production:
|
||||
|
||||
```bash
|
||||
sudo certbot certonly --standalone -d yourdomain.com
|
||||
```
|
||||
|
||||
Then update config.toml paths to your certificate locations.
|
||||
|
||||
Run the server:
|
||||
|
||||
```bash
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue