--help: Show this help
--config <filename>: Load additional config options from a YAML file
--bash-completion: Generate a completion script for the bash shell
Run ". <(receptor --bash-completion)" to activate now
--node: Specifies the node configuration of this instance (required)
id=<string>: Node ID. Defaults to the local hostname. datadir=<string>: Directory in which to
store node data. (default: /tmp/receptor) firewallrules=<JSON list of JSON dict of JSON data to
JSON data>: Firewall rules, see documentation for syntax. maxidleconnectiontimeout=<string>:
Maximum duration with no traffic before a backend connection is timed out and refreshed.
receptorkubesupportreconnect=<string> receptorkubeclientsetqps=<string>
receptorkubeclientsetburst=<string> receptorkubeclientsetratelimiter=<string>
--local-only: Runs a self-contained node with no backend
local=<bool>
--version: Displays the Receptor version.
--log-level: Specifies the verbosity level for command output
level=<string>: Log level: Error, Warning, Info or Debug (default: error)
--trace: Enables packet tracing output
--control-service: Runs a control service
service=<string>: Receptor service name to listen on (default: control) filename=<string>:
Specifies the filename of a local Unix socket to bind to the service. permissions=<int>: Socket
file permissions (default: 0600) tls=<string>: Name of TLS server config for the Receptor listener
tcplisten=<string>: Local TCP port or host:port to bind to the control service tcptls=<string>:
Name of TLS server config for the TCP listener
Commands that configure resources used by other commands:
--tls-server: Define a TLS server configuration
name=<string>: Name of this TLS server configuration (required) cert=<string>: Server certificate
filename (required) key=<string>: Server private key filename (required) requireclientcert=<bool>:
Require client certificates (default: false) clientcas=<string>: Filename of CA bundle to verify
client certs with pinnedclientcert=<[]string (may be repeated)>: Pinned fingerprint of required
client certificate skipreceptornamescheck=<bool>: Skip verifying ReceptorNames OIDs in certificate
at startup (default: false) mintls13=<bool>: Set minimum TLS version to 1.3. Otherwise the minimum
is 1.2 (default: false)
--tls-client: Define a TLS client configuration
name=<string>: Name of this TLS client configuration (required) cert=<string>: Client certificate
filename (required) key=<string>: Client private key filename (required) rootcas=<string>: Root CA
bundle to use instead of system trust insecureskipverify=<bool>: Accept any server cert (default:
false) pinnedservercert=<[]string (may be repeated)>: Pinned fingerprint of required server
certificate skipreceptornamescheck=<bool>: if true, skip verifying ReceptorNames OIDs in
certificate at startup mintls13=<bool>: Set minimum TLS version to 1.3. Otherwise the minimum is
1.2 (default: false)
Commands to configure back-ends, which connect Receptor nodes together:
--tcp-listener: Run a backend listener on a TCP port
bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local TCP port to
listen on (required) tls=<string>: Name of TLS server config cost=<float64>: Connection cost
(weight) (default: 1.0) nodecost=<JSON dict of string to float64>: Per-node costs
allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection
--tcp-peer: Make an outbound backend connection to a TCP peer
address=<string>: Remote address (Host:Port) to connect to (required) redial=<bool>: Keep
redialing on lost connection (default: true) tls=<string>: Name of TLS client config
cost=<float64>: Connection cost (weight) (default: 1.0) allowedpeers=<[]string (may be repeated)>:
Peer node IDs to allow via this connection
--udp-listener: Run a backend listener on a UDP port
bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local UDP port to
listen on (required) cost=<float64>: Connection cost (weight) (default: 1.0) nodecost=<JSON dict
of string to float64>: Per-node costs allowedpeers=<[]string (may be repeated)>: Peer node IDs to
allow via this connection
--udp-peer: Make an outbound backend connection to a UDP peer
address=<string>: Host:Port to connect to (required) redial=<bool>: Keep redialing on lost
connection (default: true) cost=<float64>: Connection cost (weight) (default: 1.0)
allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection
--ws-listener: Run an http server that accepts websocket connections
bindaddr=<string>: Local address to bind to (default: 0.0.0.0) port=<int>: Local TCP port to run
http server on (required) path=<string>: URI path to the websocket server (default: /)
tls=<string>: Name of TLS server config cost=<float64>: Connection cost (weight) (default: 1.0)
nodecost=<JSON dict of string to float64>: Per-node costs allowedpeers=<[]string (may be
repeated)>: Peer node IDs to allow via this connection
--ws-peer: Connect outbound to a websocket peer
address=<string>: URL to connect to (required) redial=<bool>: Keep redialing on lost connection
(default: true) extraheader=<string>: Sends extra HTTP header on initial connection tls=<string>:
Name of TLS client config cost=<float64>: Connection cost (weight) (default: 1.0)
allowedpeers=<[]string (may be repeated)>: Peer node IDs to allow via this connection
Commands to configure services that run on top of the Receptor mesh:
--command-service: Run an interactive command via a Receptor service
service=<string>: Receptor service name to bind to (required) command=<string>: Command to execute
on a connection (required) tls=<string>: Name of TLS server config
--ip-router: Run an IP router using a tun interface
networkname=<string>: Name of this network and service. (required) interface=<string>: Name of the
local tun interface localnet=<string>: Local /30 CIDR address (required) routes=<string>: Comma
separated list of CIDR subnets to advertise
--tcp-server: Listen for TCP and forward via Receptor
port=<int>: Local TCP port to bind to (required) bindaddr=<string>: Address to bind TCP listener
to (default: 0.0.0.0) remotenode=<string>: Receptor node to connect to (required)
remoteservice=<string>: Receptor service name to connect to (required) tlsserver=<string>: Name of
TLS server config for the TCP listener tlsclient=<string>: Name of TLS client config for the
Receptor connection
--tcp-client: Listen on a Receptor service and forward via TCP
service=<string>: Receptor service name to bind to (required) address=<string>: Address for
outbound TCP connection (required) tlsserver=<string>: Name of TLS server config for the Receptor
service tlsclient=<string>: Name of TLS client config for the TCP connection
--udp-server: Listen for UDP and forward via Receptor
port=<int>: Local UDP port to bind to (required) bindaddr=<string>: Address to bind UDP listener
to (default: 0.0.0.0) remotenode=<string>: Receptor node to connect to (required)
remoteservice=<string>: Receptor service name to connect to (required)
--udp-client: Listen on a Receptor service and forward via UDP
service=<string>: Receptor service name to bind to (required) address=<string>: Address for
outbound UDP connection (required)
--unix-socket-server: Listen on a Unix socket and forward via Receptor
filename=<string>: Socket filename, which will be overwritten (required) permissions=<int>: Socket
file permissions (default: 0600) remotenode=<string>: Receptor node to connect to (required)
remoteservice=<string>: Receptor service name to connect to (required) tls=<string>: Name of TLS
client config for the Receptor connection
--unix-socket-client: Listen via Receptor and forward to a Unix socket
service=<string>: Receptor service name to bind to (required) filename=<string>: Socket filename,
which must already exist (required) tls=<string>: Name of TLS server config for the Receptor
connection
Commands to configure workers that process units of work:
--work-signing: Private key to sign work submissions
privatekey=<string>: Private key to sign work submissions tokenexpiration=<string>: Expiration of
the signed json web token, e.g. 3h or 3h30m
--work-verification: Public key to verify work submissions
publickey=<string>: Public key to verify signed work submissions
--work-command: Run a worker using an external command
worktype=<string>: Name for this worker type (required) command=<string>: Command to run to
process units of work (required) params=<string>: Command-line parameters
allowruntimeparams=<bool>: Allow users to add more parameters (default: false)
verifysignature=<bool>: Verify a signed work submission (default: false)
--work-kubernetes: Run a worker using Kubernetes
worktype=<string>: Name for this worker type (required) namespace=<string>: Kubernetes namespace
to create pods in image=<string>: Container image to use for the worker pod command=<string>:
Command to run in the container (overrides entrypoint) params=<string>: Command-line parameters to
pass to the entrypoint authmethod=<string>: One of: kubeconfig, incluster (default: incluster)
kubeconfig=<string>: Kubeconfig filename (for authmethod=kubeconfig) pod=<string>: Pod definition
filename, in json or yaml format allowruntimeauth=<bool>: Allow passing API parameters at runtime
(default: false) allowruntimecommand=<bool>: Allow specifying image & command at runtime (default:
false) allowruntimeparams=<bool>: Allow adding command parameters at runtime (default: false)
allowruntimepod=<bool>: Allow passing Pod at runtime (default: false) deletepodonrestart=<bool>:
On restart, delete the pod if in pending state (default: true) streammethod=<string>: Method for
connecting to worker pods: logger or tcp (default: logger) verifysignature=<bool>: Verify a signed
work submission (default: false)
--work-python: Run a worker using a Python plugin
[DEPRECATION WARNING] This option is not currently being used. This feature will be removed from receptor
in a future release.
worktype=<string>: Name for this worker type (required) plugin=<string>: Python module name of the
worker plugin (required) function=<string>: Receptor-exported function to call (required)
config=<JSON dict with string keys>: Plugin-specific configuration
Commands to generate certificates and run a certificate authority
--cert-init: Initialize PKI CA
commonname=<string>: Common name to assign to the certificate (required) bits=<int>: Bit length of
the encryption keys of the certificate (required) notbefore=<string>: Effective (NotBefore)
date/time, in RFC3339 format notafter=<string>: Expiration (NotAfter) date/time, in RFC3339 format
outcert=<string>: File to save the CA certificate to (required) outkey=<string>: File to save the
CA private key to (required)
--cert-makereq: Create certificate request
commonname=<string>: Common name to assign to the certificate (required) bits=<int>: Bit length of
the encryption keys of the certificate dnsname=<[]string (may be repeated)>: DNS names to add to
the certificate ipaddress=<[]string (may be repeated)>: IP addresses to add to the certificate
nodeid=<[]string (may be repeated)>: Receptor node IDs to add to the certificate outreq=<string>:
File to save the certificate request to (required) inkey=<string>: Private key to use for the
request outkey=<string>: File to save the private key to (new key will be generated)
--cert-signreq: Sign request and produce certificate
req=<string>: Certificate Request PEM filename (required) cacert=<string>: CA certificate PEM
filename (required) cakey=<string>: CA private key PEM filename (required) notbefore=<string>:
Effective (NotBefore) date/time, in RFC3339 format notafter=<string>: Expiration (NotAfter)
date/time, in RFC3339 format outcert=<string>: File to save the signed certificate to (required)
verify=<bool>: If true, do not prompt the user for verification (default: False)
Install Now
PNG Icons
