RECEPTOR(1) User Commands RECEPTOR(1)

receptor - Main controller daemon

receptor [--<action> [<param>=<value> ...] ...]

--help: Show this help

--config <filename>: Load additional config options from a YAML file

--bash-completion: Generate a completion script for the bash shell

Run ". <(receptor --bash-completion)" to activate now

--node: Node configuration of this instance (required)

id=<string>: Node ID. Defaults to local hostname. datadir=<string>: Directory in which to store node data firewallrules=<JSON list of JSON dict of JSON data to JSON data>: Firewall Rules (see documentation for syntax) maxidleconnectiontimeout=<string>: Max duration with no traffic before a backend connection is timed out and refreshed.

--local-only: Run a self-contained node with no backends

--version: Show the Receptor version

--log-level: Set specific log level output

level=<string>: Log level: Error, Warning, Info or Debug (default: error)

--trace: Enables packet tracing output

--control-service: Run a control service

service=<string>: Receptor service name to listen on (default: control) filename=<string>: Filename of local Unix socket to bind to the service permissions=<int>: Socket file permissions (default: 0600) tls=<string>: Name of TLS server config for the Receptor listener tcplisten=<string>: Local TCP port or host:port to bind to the control service tcptls=<string>: Name of TLS server config for the TCP listener

Commands that configure resources used by other commands:

--tls-server: Define a TLS server configuration

name=<string>: Name of this TLS server configuration (required) cert=<string>: Server certificate filename (required) key=<string>: Server private key filename (required) requireclientcert=<bool>: Require client certificates (default: false) clientcas=<string>: Filename of CA bundle to verify client certs with pinnedclientcert=<[]string (may be repeated)>: Pinned fingerprint of required client certificate skipreceptornamescheck=<bool>: Skip verifying ReceptorNames OIDs in certificate at startup (default: false) mintls13=<bool>: Set minimum TLS version to 1.3. Otherwise the minimum is 1.2 (default: false)

--tls-client: Define a TLS client configuration

name=<string>: Name of this TLS client configuration (required) cert=<string>: Client certificate filename key=<string>: Client private key filename rootcas=<string>: Root CA bundle to use instead of system trust insecureskipverify=<bool>: Accept any server cert (default: false) pinnedservercert=<[]string (may be repeated)>: Pinned fingerprint of required server certificate skipreceptornamescheck=<bool>: if true, skip verifying ReceptorNames OIDs in certificate at startup mintls13=<bool>: Set minimum TLS version to 1.3. Otherwise the minimum is 1.2 (default: false)

Commands to configure back-ends, which connect Receptor nodes together:

--tcp-listener: Run a backend listener on a TCP port

bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local TCP port to listen on (required) tls=<string>: Name of TLS server config cost=<float64>: Connection cost (weight) (default: 1.0) nodecost=<JSON dict of string to float64>: Per-node costs allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

--tcp-peer: Make an outbound backend connection to a TCP peer

address=<string>: Remote address (Host:Port) to connect to (required) redial=<bool>: Keep redialing on lost connection (default: true) tls=<string>: Name of TLS client config cost=<float64>: Connection cost (weight) (default: 1.0) allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

--udp-listener: Run a backend listener on a UDP port

bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local UDP port to listen on (required) cost=<float64>: Connection cost (weight) (default: 1.0) nodecost=<JSON dict of string to float64>: Per-node costs allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

--udp-peer: Make an outbound backend connection to a UDP peer

address=<string>: Host:Port to connect to (required) redial=<bool>: Keep redialing on lost connection (default: true) cost=<float64>: Connection cost (weight) (default: 1.0) allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

--ws-listener: Run an http server that accepts websocket connections

bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local TCP port to run http server on (required) path=<string>: URI path to the websocket server (default: /) tls=<string>: Name of TLS server config cost=<float64>: Connection cost (weight) (default: 1.0) nodecost=<JSON dict of string to float64>: Per-node costs allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

--ws-peer: Connect outbound to a websocket peer

address=<string>: URL to connect to (required) redial=<bool>: Keep redialing on lost connection (default: true) extraheader=<string>: Sends extra HTTP header on initial connection tls=<string>: Name of TLS client config cost=<float64>: Connection cost (weight) (default: 1.0) allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection

Commands to configure services that run on top of the Receptor mesh:

--command-service: Run an interactive command via a Receptor service

service=<string>: Receptor service name to bind to (required) command=<string>: Command to execute on a connection (required) tls=<string>: Name of TLS server config

--ip-router: Run an IP router using a tun interface

networkname=<string>: Name of this network and service. (required) interface=<string>: Name of the local tun interface localnet=<string>: Local /30 CIDR address (required) routes=<string>: Comma separated list of CIDR subnets to advertise

--tcp-server: Listen for TCP and forward via Receptor

port=<int>: Local TCP port to bind to (required) bindaddr=<string>: Address to bind TCP listener to (default: 0.0.0.0) remotenode=<string>: Receptor node to connect to (required) remoteservice=<string>: Receptor service name to connect to (required) tlsserver=<string>: Name of TLS server config for the TCP listener tlsclient=<string>: Name of TLS client config for the Receptor connection

--tcp-client: Listen on a Receptor service and forward via TCP

service=<string>: Receptor service name to bind to (required) address=<string>: Address for outbound TCP connection (required) tlsserver=<string>: Name of TLS server config for the Receptor service tlsclient=<string>: Name of TLS client config for the TCP connection

--udp-server: Listen for UDP and forward via Receptor

port=<int>: Local UDP port to bind to (required) bindaddr=<string>: Address to bind UDP listener to (default: 0.0.0.0) remotenode=<string>: Receptor node to connect to (required) remoteservice=<string>: Receptor service name to connect to (required)

--udp-client: Listen on a Receptor service and forward via UDP

service=<string>: Receptor service name to bind to (required) address=<string>: Address for outbound UDP connection (required)

--unix-socket-server: Listen on a Unix socket and forward via Receptor

filename=<string>: Socket filename, which will be overwritten (required) permissions=<int>: Socket file permissions (default: 0600) remotenode=<string>: Receptor node to connect to (required) remoteservice=<string>: Receptor service name to connect to (required) tls=<string>: Name of TLS client config for the Receptor connection

--unix-socket-client: Listen via Receptor and forward to a Unix socket

service=<string>: Receptor service name to bind to (required) filename=<string>: Socket filename, which must already exist (required) tls=<string>: Name of TLS server config for the Receptor connection

Commands to configure workers that process units of work:

--work-signing: Private key to sign work submissions

privatekey=<string>: Private key to sign work submissions tokenexpiration=<string>: Expiration of the signed json web token, e.g. 3h or 3h30m

--work-verification: Public key to verify work submissions

publickey=<string>: Public key to verify signed work submissions

--work-command: Run a worker using an external command

worktype=<string>: Name for this worker type (required) command=<string>: Command to run to process units of work (required) params=<string>: Command-line parameters allowruntimeparams=<bool>: Allow users to add more parameters (default: false) verifysignature=<bool>: Verify a signed work submission (default: false)

--work-kubernetes: Run a worker using Kubernetes

worktype=<string>: Name for this worker type (required) namespace=<string>: Kubernetes namespace to create pods in image=<string>: Container image to use for the worker pod command=<string>: Command to run in the container (overrides entrypoint) params=<string>: Command-line parameters to pass to the entrypoint authmethod=<string>: One of: kubeconfig, incluster (default: incluster) kubeconfig=<string>: Kubeconfig filename (for authmethod=kubeconfig) pod=<string>: Pod definition filename, in json or yaml format allowruntimeauth=<bool>: Allow passing API parameters at runtime (default: false) allowruntimecommand=<bool>: Allow specifying image & command at runtime (default: false) allowruntimeparams=<bool>: Allow adding command parameters at runtime (default: false) allowruntimepod=<bool>: Allow passing Pod at runtime (default: false) deletepodonrestart=<bool>: On restart, delete the pod if in pending state (default: true) streammethod=<string>: Method for connecting to worker pods: logger or tcp (default: logger) verifysignature=<bool>: Verify a signed work submission (default: false)

--work-python: Run a worker using a Python plugin

worktype=<string>: Name for this worker type (required) plugin=<string>: Python module name of the worker plugin (required) function=<string>: Receptor-exported function to call (required) config=<JSON dict with string keys>: Plugin-specific configuration

Commands to generate certificates and run a certificate authority

--cert-init: Initialize PKI CA

commonname=<string>: Common name to assign to the certificate (required) bits=<int>: Bit length of the encryption keys of the certificate (required) notbefore=<string>: Effective (NotBefore) date/time, in RFC3339 format notafter=<string>: Expiration (NotAfter) date/time, in RFC3339 format outcert=<string>: File to save the CA certificate to (required) outkey=<string>: File to save the CA private key to (required)

--cert-makereq: Create certificate request

commonname=<string>: Common name to assign to the certificate (required) bits=<int>: Bit length of the encryption keys of the certificate dnsname=<[]string (may be repeated)>: DNS names to add to the certificate ipaddress=<[]string (may be repeated)>: IP addresses to add to the certificate nodeid=<[]string (may be repeated)>: Receptor node IDs to add to the certificate outreq=<string>: File to save the certificate request to (required) inkey=<string>: Private key to use for the request outkey=<string>: File to save the private key to (new key will be generated)

--cert-signreq: Sign request and produce certificate

req=<string>: Certificate Request PEM filename (required) cacert=<string>: CA certificate PEM filename (required) cakey=<string>: CA private key PEM filename (required) notbefore=<string>: Effective (NotBefore) date/time, in RFC3339 format notafter=<string>: Expiration (NotAfter) date/time, in RFC3339 format outcert=<string>: File to save the signed certificate to (required) verify=<bool>: If true, do not prompt the user for verification (default: False)

The full documentation for receptor is maintained as a Texinfo manual. If the info and receptor programs are properly installed at your site, the command

info receptor

should give you access to the complete manual.

November 2024 receptor 1.4.4