This is the HLHV queen cell. It's job is to route incoming HTTPS requests to other cells.
Running the program will automatically load with the default options, unless specified.
Run hlhv --help
for detailed usage information.
HLHV is HTTPS only, so a tls key and certificate are required. Their paths can
be specified in the configuration file, and are by default looked for at
/var/hlhv/cert/key.pem
and /var/hlhv/cert/cert.pem
respectively.
HLHV uses this cert for both incoming HTTPS connections, and for communication with cells. Cells rely on public key authentication in order to confirm the queen cell they are connecting to is legitimate. Therefore, if you are using a self-signed certificate, you should create your own certificate authority and give the root certificate to connecting cells. Instructions on how to do this can be found here:
https://jamielinux.com/docs/openssl-certificate-authority/
The HLHV configuration tool will eventually be able to perform this task automatically.
By default, the configuration file for the queen cell is located at
/etc/hlhv/hlhv.conf
. A custom file can be specified by running the program
with the arguments hlhv --conf-path /path/to/conf/file
.
The configuration file has a simple syntax:
# comment
<key> <value>
<key> <value>
# ...etc
Each line of the file is either a comment, or a whitespace-separated key/value pair. If multiple lines exist that all set the same key, the last one will be used. Some keys, however, behave as commands, and do not exhibit this behavior.
Automatically replace domain names in the incoming request that match
the pattern with the specified value. This is mostly useful for aliasing
multiple domains to @
, which is what cells should normally mount
under. By default, localhost
, 127.0.0.1
, ::ffff:127.0.0.1
, and
::1
are all aliased to @
. By specifying (fallback)
as the pattern,
it is possible to alias all requests which did not match a preexisting
alias to the specified value. However, use of this should be avoided.
Remove an alias. This works on the default aliases as well.
Specify the TLS key path. Default: /var/hlhv/cert/key.pem
Specify the TLS certificate path. Default: /var/hlhv/cert/cert.pem
A bcrypt hash string specifying the passkey that cells will need to send to the server in order to connect. This has a default value of empty and not setting it will cause the server to tell you on startup why exactly doing so is a bad idea.
You can generate a hash to use here with .
An integer specifying the port that the server will listen for new
connections on. Default: 2001
An integer specifying the port that the server will listen for new
HTTPS requests on. Default: 443
The interval, in seconds, at which excess bands will be closed, freeing
up resources. Default: 120
The maximum time, in seconds, an band can be inactive before it is
closed. Default: 60
The amount of time, in seconds, a cell has to respond to the server.
This is currently only used during the login process. Default: 1
The amount of time, in seconds, an HTTPS client has to send request
headers. Default: 5
The amount of time, in seconds, an HTTPS client has to send the entire
request. Default: 10
The amount of time, in seconds, the server has to send a response back
to the client. Default: 15
The amount of time, in seconds, to wait for the next request when
keep-alives are enabled. Default: 120