From 8b875500d68b6f718b6c8ffb3b243ccf28a8941f Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Tue, 21 Apr 2026 18:55:32 +0200 Subject: [PATCH 1/3] Update config.rs --- src/config.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/config.rs b/src/config.rs index 442bb2e..c17adec 100644 --- a/src/config.rs +++ b/src/config.rs @@ -4,6 +4,26 @@ use clap::Parser; use log::LevelFilter; use serde::Deserialize; +fn default_http_port() -> u16 { + 8080 +} + +fn default_grpc_port() -> u16 { + 50051 +} + +fn default_log_level() -> LevelFilter { + LevelFilter::Info +} + +fn default_cert_dir() -> PathBuf { + PathBuf::from("/etc/defguard/certs") +} + +fn default_https_port() -> u16 { + 443 +} + fn default_adoption_timeout() -> u64 { 10 } @@ -18,19 +38,24 @@ pub struct EnvConfig { env = "DEFGUARD_PROXY_HTTP_PORT", default_value_t = 8080 )] + #[serde(default = "default_http_port")] pub http_port: u16, // port the API server will listen on #[arg(long, env = "DEFGUARD_PROXY_GRPC_PORT", default_value_t = 50051)] + #[serde(default = "default_grpc_port")] pub grpc_port: u16, #[arg(long, env = "DEFGUARD_PROXY_LOG_LEVEL", default_value_t = LevelFilter::Info)] + #[serde(default = "default_log_level")] pub log_level: LevelFilter, #[arg(long, env = "DEFGUARD_PROXY_RATELIMIT_PERSECOND", default_value_t = 0)] + #[serde(default)] pub rate_limit_per_second: u64, #[arg(long, env = "DEFGUARD_PROXY_RATELIMIT_BURST", default_value_t = 0)] + #[serde(default)] pub rate_limit_burst: u32, /// Configuration file path @@ -39,9 +64,11 @@ pub struct EnvConfig { config_path: Option, #[arg(long, env = "DEFGUARD_HTTP_BIND_ADDRESS")] + #[serde(default)] pub http_bind_address: Option, #[arg(long, env = "DEFGUARD_GRPC_BIND_ADDRESS")] + #[serde(default)] pub grpc_bind_address: Option, // TODO: On different platforms this may be different @@ -50,15 +77,18 @@ pub struct EnvConfig { env = "DEFGUARD_PROXY_CERT_DIR", default_value = "/etc/defguard/certs" )] + #[serde(default = "default_cert_dir")] pub cert_dir: PathBuf, /// Port for the HTTPS server. When Core sends TLS certificates over gRPC, the HTTP /// server is restarted on this port using those certificates. #[arg(long, env = "DEFGUARD_PROXY_HTTPS_PORT", default_value_t = 443)] + #[serde(default = "default_https_port")] pub https_port: u16, /// Use Let's Encrypt staging environment for ACME issuance. #[arg(long, env = "DEFGUARD_PROXY_ACME_STAGING", default_value_t = false)] + #[serde(default)] pub acme_staging: bool, /// Time limit in minutes for the auto-adoption process. From d434c01cf3e39cfc85f1e441cacf88d306c0429c Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Tue, 21 Apr 2026 18:59:37 +0200 Subject: [PATCH 2/3] remove unused stuff --- example-config.toml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/example-config.toml b/example-config.toml index d3bc430..066b626 100644 --- a/example-config.toml +++ b/example-config.toml @@ -6,15 +6,7 @@ http_port = 8080 # port the gRPC server will listen on grpc_port = 50051 -# gRPC SSL configuration -# provide certificate and key to connect to gRPC server with HTTPS -# https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose#grpc-ssl-setup -# Optional: path to cert file -# grpc_cert: proxy.crt -# Optional: path to key file -# grpc_key: proxy.key log_level = "info" rate_limit_per_second = 0 rate_limit_burst = 0 -url = "http://localhost:8080" acme_staging = false From f73ee278553c595b5aa6e873541343e6feb244c1 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Wed, 22 Apr 2026 09:29:09 +0200 Subject: [PATCH 3/3] fmt --- src/lib.rs | 4 +--- src/tests/mtls.rs | 6 ++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index c8af819..0dee17b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,9 +40,7 @@ pub(crate) mod generated { } pub(crate) mod proto { - pub(crate) use crate::generated::defguard::client_types::*; - pub(crate) use crate::generated::defguard::common::v2::*; - pub(crate) use crate::generated::defguard::proxy::v2::*; + pub(crate) use crate::generated::defguard::{client_types::*, common::v2::*, proxy::v2::*}; } #[macro_use] diff --git a/src/tests/mtls.rs b/src/tests/mtls.rs index 3fcc25c..be5b6b6 100644 --- a/src/tests/mtls.rs +++ b/src/tests/mtls.rs @@ -22,8 +22,10 @@ use tonic::{ transport::{Certificate, Channel, ClientTlsConfig, Endpoint, Identity}, }; -use crate::grpc::{ProxyServer, TlsConfig}; -use crate::proto::proxy_client::ProxyClient; +use crate::{ + grpc::{ProxyServer, TlsConfig}, + proto::proxy_client::ProxyClient, +}; struct TestCerts { /// PEM-encoded CA certificate (used as the trust root for both server and client validation).