3pp-mirror/snapcast
1
0
Fork 0
mirror of https://github.com/badaix/snapcast.git synced 2025-07-27 21:38:48 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update documentation

Browse source
This commit is contained in:
badaix 2025-01-28 21:09:56 +01:00
parent 5a535fade8
commit 0beaa09e4f
2 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
client/snapclient.cpp
View file

@ -153,12 +153,12 @@ int main(int argc, char** argv)
auto port_opt = op.add<Value<size_t>>("p", "port", "(deprecated, use [url]) Server port", 1704, &settings.server.port); auto port_opt = op.add<Value<size_t>>("p", "port", "(deprecated, use [url]) Server port", 1704, &settings.server.port);
op.add<Value<size_t>>("i", "instance", "Instance id when running multiple instances on the same host", 1, &settings.instance); op.add<Value<size_t>>("i", "instance", "Instance id when running multiple instances on the same host", 1, &settings.instance);
op.add<Value<string>>("", "hostID", "Unique host id, default is MAC address", "", &settings.host_id); op.add<Value<string>>("", "hostID", "Unique host id, default is MAC address", "", &settings.host_id);
auto server_cert_opt =
op.add<Implicit<std::filesystem::path>>("", "server-cert", "Verify server with certificate (PEM format)", "default certificates");
op.add<Value<std::filesystem::path>>("", "cert", "Client certificate file (PEM format)", settings.server.certificate, &settings.server.certificate); op.add<Value<std::filesystem::path>>("", "cert", "Client certificate file (PEM format)", settings.server.certificate, &settings.server.certificate);
op.add<Value<std::filesystem::path>>("", "cert-key", "Client private key file (PEM format)", settings.server.certificate_key, op.add<Value<std::filesystem::path>>("", "cert-key", "Client private key file (PEM format)", settings.server.certificate_key,
&settings.server.certificate_key); &settings.server.certificate_key);
op.add<Value<string>>("", "key-password", "Key password (for encrypted private key)", settings.server.key_password, &settings.server.key_password); op.add<Value<string>>("", "key-password", "Key password (for encrypted private key)", settings.server.key_password, &settings.server.key_password);
auto server_cert_opt =
op.add<Implicit<std::filesystem::path>>("", "server-cert", "Verify server with CA certificate (PEM format)", "default certificates");
// PCM device specific // PCM device specific
#if defined(HAS_ALSA) || defined(HAS_PULSE) || defined(HAS_WASAPI) #if defined(HAS_ALSA) || defined(HAS_PULSE) || defined(HAS_WASAPI)

12
doc/configuration.md
View file

@ -329,8 +329,12 @@ Snapserver supports RPC via HTTP(S) and WS(S) as well as audio streaming over WS
### HTTPS ### HTTPS
#### Server
For HTTPS/WSS, the paramter `ssl_enabled` must be set to `true` (default: `false`) and the `certificate` and `certificate_key` paramters in the `[ssl]` section must point to a certificate file and key file in PEM format. For HTTPS/WSS, the paramter `ssl_enabled` must be set to `true` (default: `false`) and the `certificate` and `certificate_key` paramters in the `[ssl]` section must point to a certificate file and key file in PEM format.
If you want only trusted clients being able to connect, the parameter `verify_clients` must be set to `true` and the client CA certificates must be configures as list of `client_cert =` entries.
Some hints on how to create a certificate and a private key are given for instance here: Some hints on how to create a certificate and a private key are given for instance here:
- [Create Root CA (Done once)](https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309) - [Create Root CA (Done once)](https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309)
@ -382,3 +386,11 @@ certificate_key = snapserver.key
``` ```
Install the CA certificate `snapcastCA.crt` on you client's OS or browser. Install the CA certificate `snapcastCA.crt` on you client's OS or browser.
#### Client
To use an SSL connection to the server, the client must use the secure websockets URI: `snapclient [options...] wss://<server host or IP>[:port]`.
To enable server authentication, the server CA certificate can be configured with `--server-cert=<filename>`.
If the server is confgured to authenticate the clients (`verify_clients = true` in `snapserver.conf`), you must configure the client certificate and private key with `--cert=<filename>` and `--cert-key=<filename>`.