diff --git a/config.py b/config.py index b477e7d..7096aff 100644 --- a/config.py +++ b/config.py @@ -12,6 +12,6 @@ SSL_CERT_FILE = config("SSL_CERT_FILE", default="/var/lib/marzban-node/ssl_cert.pem") SSL_KEY_FILE = config("SSL_KEY_FILE", default="/var/lib/marzban-node/ssl_key.pem") -SSL_CLIENT_CERT_FILE = config("SSL_CLIENT_CERT_FILE", default="/var/lib/marzban-node/ssl_client_cert.pem") +SSL_CLIENT_CERT_FILE = config("SSL_CLIENT_CERT_FILE", default="") DEBUG = config("DEBUG", cast=bool, default=False) diff --git a/docker-compose.yml b/docker-compose.yml index d88c62b..3cf1df0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,5 +5,10 @@ services: restart: always network_mode: host + environment: + SSL_CERT_FILE: "/var/lib/marzban-node/ssl_cert.pem" + SSL_KEY_FILE: "/var/lib/marzban-node/ssl_key.pem" + # SSL_CLIENT_CERT_FILE: "/var/lib/marzban-node/ssl_client_cert.pem" + volumes: - /var/lib/marzban-node:/var/lib/marzban-node diff --git a/main.py b/main.py index bd5ada2..682c389 100644 --- a/main.py +++ b/main.py @@ -24,13 +24,17 @@ def generate_ssl_files(): os.path.isfile(SSL_KEY_FILE))): generate_ssl_files() - if not os.path.isfile(SSL_CLIENT_CERT_FILE): + if not SSL_CLIENT_CERT_FILE: + logger.warning( + "You are running node without SSL_CLIENT_CERT_FILE, be aware that everyone can connect to this node and this isn't secure!") + + if SSL_CLIENT_CERT_FILE and not os.path.isfile(SSL_CLIENT_CERT_FILE): logger.error("Client's certificate file specified on SSL_CLIENT_CERT_FILE is missing") exit(0) authenticator = SSLAuthenticator(keyfile=SSL_KEY_FILE, certfile=SSL_CERT_FILE, - ca_certs=SSL_CLIENT_CERT_FILE) + ca_certs=SSL_CLIENT_CERT_FILE or None) thread = ThreadedServer(XrayService(), port=SERVICE_PORT, authenticator=authenticator)