fix: make SSL_CLIENT_CERT_FILE optional

config.py

@@ -12,6 +12,6 @@
 
 SSL_CERT_FILE = config("SSL_CERT_FILE", default="/var/lib/marzban-node/ssl_cert.pem")
 SSL_KEY_FILE = config("SSL_KEY_FILE", default="/var/lib/marzban-node/ssl_key.pem")
-SSL_CLIENT_CERT_FILE = config("SSL_CLIENT_CERT_FILE", default="/var/lib/marzban-node/ssl_client_cert.pem")
+SSL_CLIENT_CERT_FILE = config("SSL_CLIENT_CERT_FILE", default="")
 
 DEBUG = config("DEBUG", cast=bool, default=False)

docker-compose.yml

@@ -5,5 +5,10 @@ services:
     restart: always
     network_mode: host
 
+    environment:
+      SSL_CERT_FILE: "/var/lib/marzban-node/ssl_cert.pem"
+      SSL_KEY_FILE: "/var/lib/marzban-node/ssl_key.pem"
+      # SSL_CLIENT_CERT_FILE: "/var/lib/marzban-node/ssl_client_cert.pem"
+
     volumes:
       - /var/lib/marzban-node:/var/lib/marzban-node

main.py

@@ -24,13 +24,17 @@ def generate_ssl_files():
                 os.path.isfile(SSL_KEY_FILE))):
         generate_ssl_files()
 
-    if not os.path.isfile(SSL_CLIENT_CERT_FILE):
+    if not SSL_CLIENT_CERT_FILE:
+        logger.warning(
+            "You are running node without SSL_CLIENT_CERT_FILE, be aware that everyone can connect to this node and this isn't secure!")
+
+    if SSL_CLIENT_CERT_FILE and not os.path.isfile(SSL_CLIENT_CERT_FILE):
         logger.error("Client's certificate file specified on SSL_CLIENT_CERT_FILE is missing")
         exit(0)
 
     authenticator = SSLAuthenticator(keyfile=SSL_KEY_FILE,
                                      certfile=SSL_CERT_FILE,
-                                     ca_certs=SSL_CLIENT_CERT_FILE)
+                                     ca_certs=SSL_CLIENT_CERT_FILE or None)
     thread = ThreadedServer(XrayService(),
                             port=SERVICE_PORT,
                             authenticator=authenticator)