[Conf] Major stock config updates

- Workers are now specified in a new format worker "type" { ... }
- Enable fuzzy worker to simplify local fuzzy storages configuration
- Bind all workers to localhost by default to avoid security flaws

diff --git a/conf/rspamd.conf b/conf/rspamd.conf
index c8d3086581c14d8898c099393b4cf048fe57d22b..8282eefebd122f960ce7f54d8b52003d7aab371a 100644 (file)
--- a/conf/rspamd.conf
+++ b/conf/rspamd.conf
@@ -32,14 +32,14 @@ logging {
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
 }
 
-worker {
-    bind_socket = "*:11333";
+worker "normal" {
+    bind_socket = "localhost:11333";
     .include "$CONFDIR/worker-normal.inc"
     .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
 }
 
-worker {
+worker "controller" {
     bind_socket = "localhost:11334";
     .include "$CONFDIR/worker-controller.inc"
     .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
@@ -47,7 +47,7 @@ worker {
 }
 
 worker "rspamd_proxy" {
-    bind_socket = "*:11332";
+    bind_socket = "localhost:11332";
     .include "$CONFDIR/worker-proxy.inc"
     .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
     .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
@@ -55,9 +55,10 @@ worker "rspamd_proxy" {
 
 # Local fuzzy storage is disabled by default
 
-#worker {
-#    bind_socket = "*:11335";
-#    .include "$CONFDIR/worker-fuzzy.inc"
-#    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc"
-#    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc"
-#}
+worker "fuzzy" {
+    bind_socket = "localhost:11335";
+    count = -1;
+    .include "$CONFDIR/worker-fuzzy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-fuzzy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-fuzzy.inc"
+}

diff --git a/conf/worker-controller.inc b/conf/worker-controller.inc
index 7080dcc8d037e5600fa8ccd112f87634ef0dd559..ac4c1355df05f9345d10c5f738272a0d5a1ffefe 100644 (file)
--- a/conf/worker-controller.inc
+++ b/conf/worker-controller.inc
@@ -1,6 +1,5 @@
 # Included from top-level .conf file
 
-type = "controller";
 count = 1;
 password = "q1";
 secure_ip = "127.0.0.1";

diff --git a/conf/worker-fuzzy.inc b/conf/worker-fuzzy.inc
index 9c714372e44f9340ef959a2eec03c2cec2b4c879..bd4029bc3f31eee55c7ffcd843fb910aa3e3b9b7 100644 (file)
--- a/conf/worker-fuzzy.inc
+++ b/conf/worker-fuzzy.inc
@@ -1,39 +1,10 @@
 # Included from top-level .conf file
 
-type = "fuzzy";
-hash_file = "${DBDIR}/fuzzy.db";
-expire = 90d;
-allow_update = ["localhost"];
-
-# Slave example (disabled by default)
-/*
-sync_keypair {
-    pubkey = "53e6yt94fqbzccdqcsmoughxfxed7figuefkbs8f3hsybn3t9xhy";
-    privkey = "eth4rod5xigw55tagtpo4ka98mya4nx8765wh5zozgjdk5weqd5y";
-    id = "yf4mzjp5aexr39a9ijksth6cwumaxztg8iw84oee55n7hj6jkkhbtuwmph75ybsk79bm79cmmtz8ummzkeie4g4ony5x3z9i1hn5fqb";
-    encoding = "base32";
-    algorithm = "curve25519";
-    type = "kex";
-}
+backend = "redis";
 
-masters = "master.example.com";
-master_key = "tmpaorg6cdyqia79wmy99j546tdj9muc9coou8ns9au6dubhxcfy";
-*/
+# For sqlite stuff
+#backend = "sqlite";
+#hash_file = "${DBDIR}/fuzzy.db";
 
-# Master example (disabled by default)
-
-/*
-sync_keypair {
-    pubkey = "tmpaorg6cdyqia79wmy99j546tdj9muc9coou8ns9au6dubhxcfy";
-    privkey = "a9d4kuz4grfienkfhuhreeiqqscng7sxntbnemkyo1ejxestquty";
-    id = "q455stnkqf9r6f1e3bhcbdys9e179b97ymz1exb4ogwxxgerazz1nwy1sssrsri3ydjdag46ziok1ufx3xqifugdnewaqg4dsrdna8y";
-    encoding = "base32";
-    algorithm = "curve25519";
-    type = "kex";
-}
-slave {
-        name = "slave1";
-        hosts = "slave.example.com";
-        key = "53e6yt94fqbzccdqcsmoughxfxed7figuefkbs8f3hsybn3t9xhy";
-}
-*/
+expire = 90d;
+allow_update = ["localhost"];
\ No newline at end of file