docs: add info regarding monitored CT logs and network considerations

d-Rickyy-b · d-Rickyy-b · commit 4045b06e51be · 2025-05-04T13:09:37.000+02:00
diff --git a/README.md b/README.md
@@ -26,6 +26,10 @@ I quickly thought about running my own instance of certstream. But I didn't want
 
 Setting up an instance of the certstream server is straightforward. You can either download and compile the code yourself, or use one of the [precompiled binaries](https://github.com/d-Rickyy-b/certstream-server-go/releases).
 
+By default, certstream-server-go will monitor all logs listed in the [Google Log list](https://www.gstatic.com/ct/log_list/v3/log_list.json), which are also included in the Chrome browser. There are more CT logs available than the ones listed there. Google provides [another list with all known CT logs](https://www.gstatic.com/ct/log_list/v3/all_logs_list.json). But not all of them might be relevant to you. Or maybe you are running your own CT log and want to monitor that as well?
+
+You can define additional logs in the config file. Check out the [sample config file](https://github.com/d-Rickyy-b/certstream-server-go/blob/master/config.sample.yaml)
+
 ### Docker
 
 There's also a prebuilt [Docker image](https://hub.docker.com/repository/docker/0rickyy0/certstream-server-go) available.
@@ -59,6 +63,13 @@ Read more about ping/pong WebSocket messages in the [Mozilla Developer Docs](htt
 
 At idle (no clients connected), the server uses about **40 MB** of RAM, **14.5 Mbit/s** and **4–10% CPU** (Oracle Free Tier) on average while processing around **250–300 certificates per second**.
 
+### Network considerations
+
+This tool requires outgoing access to the public internet to connect to the [Google Log list](https://www.gstatic.com/ct/log_list/v3/log_list.json) and the CT logs themselves.
+So if you happen to this tool in a corporate environment (e.g., behind a proxy/firewall), make sure to allow outgoing connections to gstatic.com and the CT logs you want to connect to.
+
+If you plan to connect clients to the server from outside your local network, make sure to allow incoming connections to the port you configured in the config file (webserver.listen_port).
+
 ### Monitoring
 
 **certstream-server-go** also offers a Prometheus metrics endpoint at `/metrics`. You can use this to monitor the server with Prometheus and Grafana.
