From: Sebastian Harl Date: Sun, 1 Feb 2015 16:17:59 +0000 (+0100) Subject: sysdbd.conf(5): Document the Listen SSL options. X-Git-Tag: sysdb-0.7.0~16 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=faf43f85e96c8bf723c6554d9113eafd5afe5130;p=sysdb.git sysdbd.conf(5): Document the Listen SSL options. --- diff --git a/doc/sysdbd.conf.5.txt b/doc/sysdbd.conf.5.txt index ff4c710..5aed24f 100644 --- a/doc/sysdbd.conf.5.txt +++ b/doc/sysdbd.conf.5.txt @@ -12,6 +12,10 @@ SYNOPSIS Interval 300 Listen "unix:/var/run/sysdbd.sock" + + SSLCertificate "/etc/sysdb/ssl/cert.pem" + SSLCertificateKey "/etc/sysdb/ssl/key.pem" + LoadPlugin "syslog" @@ -38,12 +42,12 @@ any real (user-facing) functionality, the most important part of the configuration is loading and configuring plugins. The syntax of this configuration file is similar to that of the Apache -webserver. It is made up of _options_ and _sections_. Each option contains a +webserver. It is made up of _options_ and _blocks_. Each option contains a _key_ and one or more _values_ separated by spaces and terminated by a newline -character. Sections are enclosed in a start- and end-tag, each on a line of +character. Blocks are enclosed in a start- and end-tag, each on a line of their own. These tags are enclosed in angle brackets and also contain a key -and value. Section end-tags only contain the key of the start-tag prepended by -a forward-slash ("/"). Empty lines are ignored as well as any unquoted hash +and value. A block's end-tag only contain the key of the start-tag prepended +by a forward-slash ("/"). Empty lines are ignored as well as any unquoted hash symbol ("#") including anything following up to the following newline. Keys are unquoted strings consisting only of alphanumeric characters and the underscore character ("_"). Values may either be unquoted strings, quoted @@ -70,13 +74,28 @@ GLOBAL SETTINGS *Listen* '':: Sets the address on which sysdbd is to listen for client connections. It - supports UNIX domain sockets. The path name needs to be prefixed by - 'unix:'. + supports UNIX domain sockets and TCP sockets using TLS encryption. UNIX + socket addresses are specified by the path name of the socket, optionally + prefixed with 'unix:'. TCP listen addresses may be specified as + ':', optionally prefixed with 'tcp:'. The host may be a + hostname, an IPv4 address or and IPv6 address. It may be empty or + '0.0.0.0' / '::' to listen on all local addresses. *Listen* may optionally + be a block containing any of the following options: + + *SSLCertificate* '';; + Specify the SSL server certificate file to use for SSL connections. + + *SSLCertificateKey* '';; + Specify the SSL server private key file to use for SSL connections. + + *SSLCACertificates* '';; + Specify the file containing CA certificates for client verification + purposes to use for SSL connnections. *LoadBackend* '':: Loads the backend named ''. Backends are special plugins taking care - of collecting values from external systems. This may optionally be a - section containing any of the following options: + of collecting values from external systems. This may optionally be a block + containing any of the following options: *Interval* '';; Overwrite the global interval setting by setting a custom interval to