3 files changed, 101 insertions, 0 deletions

diff --git a/doc/markdown/workers/controller.md b/doc/markdown/workers/controller.md
index e69de29bb..94c12310a 100644
--- a/doc/markdown/workers/controller.md
+++ b/doc/markdown/workers/controller.md
@@ -0,0 +1,69 @@
+# Controller worker
+
+Controller worker is used to manage rspamd stats, to learn rspamd and to serve WebUI.
+
+Internally, the controller worker is just a web server that accepts requests and sends replies using JSON serialization.
+Each command is defined by URL. Some commands are read only and are considered as `unprivileged` whilst other commands, such as
+maps modification, config modifications and learning requires higher level of privileges: `enable` level. The differece between levels is specified
+by password. If only one password is specified in the configuration, it is used for both type of commands.
+
+## Controller configuration
+
+Rspamd controller worker supports the following options:
+
+* `password`: password for read-only commands
+* `enable_password`: password for write commands
+* `secure_ip`: list or map with IP addresses that are treated as `secure` so **all** commands are allowed from these IPs **without** passwords
+* `static_dir`: directory where interface static files are placed (usually `${WWWDIR}`)
+* `stats_path`: path where controller save persistent stats about rspamd (such as scanned messages count)
+
+## Encryption support
+
+To generate a keypair for the scanner you could use:
+
+    rspamadm keypair -u
+
+After that keypair should appear as following:
+
+~~~nginx
+keypair {
+    pubkey = "tm8zjw3ougwj1qjpyweugqhuyg4576ctg6p7mbrhma6ytjewp4ry";
+    privkey = "ykkrfqbyk34i1ewdmn81ttcco1eaxoqgih38duib1e7b89h9xn3y";
+}
+~~~
+
+You can use its **public** part thereafter when scanning messages as following:
+
+    rspamc --key tm8zjw3ougwj1qjpyweugqhuyg4576ctg6p7mbrhma6ytjewp4ry <file>
+
+## Passwords encryption
+
+Rspamd now suggests to encrypt passwords when storing them in a configuration. Currently, it uses `PBKDF2-Blake2` function to derive key from a password. To encrypt key, you can use `rspamadm pw` command as following:
+
+    rspamadm pw
+    Enter passphrase: <hidden input>
+    $1$cybjp37q4w63iogc4erncz1tgm1ce9i5$kxfx9xc1wk9uuakw7nittbt6dgf3qyqa394cnradg191iqgxr8kb
+
+You can use that line as `password` and `enable_password` values.
+
+## Supported commands
+
+* `/auth`
+* `/symbols`
+* `/actions`
+* `/maps`
+* `/getmap`
+* `/graph`
+* `/pie`
+* `/history`
+* `/historyreset` (priv)
+* `/learnspam` (priv)
+* `/learnham` (priv)
+* `/saveactions` (priv)
+* `/savesymbols` (priv)
+* `/savemap` (priv)
+* `/scan`
+* `/check`
+* `/stat`
+* `/statreset` (priv)
+* `/counters`
diff --git a/doc/markdown/workers/lua_worker.md b/doc/markdown/workers/lua_worker.md
index e69de29bb..cad1ad998 100644
--- a/doc/markdown/workers/lua_worker.md
+++ b/doc/markdown/workers/lua_worker.md
@@ -0,0 +1,3 @@
+# Lua worker
+
+TODO
diff --git a/doc/markdown/workers/normal.md b/doc/markdown/workers/normal.md
index e69de29bb..64cf4c479 100644
--- a/doc/markdown/workers/normal.md
+++ b/doc/markdown/workers/normal.md
@@ -0,0 +1,29 @@
+# Rspamd normal worker
+
+Rspamd normal worker is intended to scan messages for spam. It has the following configuration options available:
+
+* `mime`: turn to `off` if you want to scan non-mime messages (e.g. forum comments or SMS), default: `on`
+* `allow_learn`: turn to `on` if you want to learn messages using this worker (usually you should use [controller](controller.md) worker), default: `off`
+* `timeout`: input/output timeout, default: `1min`
+* `task_timeout`: maximum time to process a single task, default: `8s`
+* `max_tasks`: maximum count of tasks processes simultaneously, default: `0` - no limit
+* `keypair`: encryption keypair
+
+## Encryption support
+
+To generate a keypair for the scanner you could use:
+
+    rspamadm keypair -u
+
+After that keypair should appear as following:
+
+~~~nginx
+keypair {
+    pubkey = "tm8zjw3ougwj1qjpyweugqhuyg4576ctg6p7mbrhma6ytjewp4ry";
+    privkey = "ykkrfqbyk34i1ewdmn81ttcco1eaxoqgih38duib1e7b89h9xn3y";
+}
+~~~
+
+You can use its **public** part thereafter when scanning messages as following:
+
+    rspamc --key tm8zjw3ougwj1qjpyweugqhuyg4576ctg6p7mbrhma6ytjewp4ry <file>