ServerSettings

manta_server::config

Struct ServerSettings 

Source 
pub struct ServerSettings {
    pub listen_address: Option<String>,
    pub port: Option<u16>,
    pub cert: Option<String>,
    pub key: Option<String>,
    pub console_inactivity_timeout_secs: u64,
    pub auth_rate_limit_per_minute: Option<u32>,
    pub request_timeout_secs: u64,
    pub shutdown_grace_period_secs: u64,
    pub migrate_backup_root: Option<String>,
    pub allow_http: bool,
}
Expand description

Server-only settings — TLS, listen address, console behaviour. Lives under [server] in server.toml.

Fields§

§listen_address: Option<String>

TCP listen address (e.g. “0.0.0.0”). When omitted from config and no --listen-address flag is supplied, the server falls back to "0.0.0.0".

§port: Option<u16>

TCP port. When omitted from config and no --port flag is supplied, the effective default depends on whether TLS is configured: 8443 if both cert and key are present (HTTPS), otherwise 8080 (plain HTTP). See ServerSettings::default_port.

§cert: Option<String>

Path to the TLS certificate (PEM).

§key: Option<String>

Path to the TLS private key (PEM).

§console_inactivity_timeout_secs: u64

How long a node-console WebSocket stays open without activity before the server tears it down.

§auth_rate_limit_per_minute: Option<u32>

Per-source-IP rate limit for the /api/v1/auth/* endpoints, in requests per minute. None disables in-process rate limiting (operators are then expected to enforce it at the reverse proxy).

§request_timeout_secs: u64

Global request timeout applied to every HTTP route, in seconds. When this elapses the server returns 408 REQUEST_TIMEOUT. All long-running work (e.g. power transitions) now runs CLI-side, so no endpoint needs more than the default.

§shutdown_grace_period_secs: u64

Grace period (seconds) axum_server waits for in-flight requests to finish after SIGTERM / Ctrl+C before force-aborting. Matches the standard k8s terminationGracePeriodSeconds default (30 s); pods that hit this without finishing get SIGKILL’d by the kubelet.

§migrate_backup_root: Option<String>

Filesystem root that confines POST /migrate/{backup,restore} file access. When set, every destination / bos_file / cfs_file / hsm_file / ims_file / image_dir path in the request is canonicalised and rejected unless it resolves under this directory. When unset (default), the migrate endpoints return BadRequest even for admin callers — the operator must explicitly opt in to server-side filesystem writes.

§allow_http: bool

Opt in to plain-HTTP listen mode. Default false: when neither cert nor key is configured the server refuses to start, so bearer tokens can’t accidentally land on the wire in cleartext. Set to true only when TLS terminates upstream (reverse proxy or sidecar); otherwise leave it off and configure both cert and key.

Implementations§

Source§

impl ServerSettings

Source

pub const DEFAULT_LISTEN_ADDRESS: &'static str = "0.0.0.0"

Effective default listen address when neither config nor CLI flag supplies one: bind on all interfaces.

Source

pub fn default_port(has_tls: bool) -> u16

Effective default port when neither config nor CLI flag supplies one. 8443 for the HTTPS path (cert + key both present), 8080 for plain HTTP — the latter is the typical dev / sidecar setup where TLS is terminated upstream.

Trait Implementations§

Source§

impl Debug for ServerSettings

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ServerSettings

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ServerSettings

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,