kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/hitch/files/hitch.conf.sample.in
Ryan Steinmetz 32f57c225b - Update to 1.5.0 
- Add OCSP stapling smarts to port [1]

PR:		232436 [1]
Submitted by:	Graham Percival [1]
2018-12-20 21:07:47 +00:00

135 lines
2.5 KiB
Text
Raw Blame History

#
# stud(8), The Scalable TLS Unwrapping Daemon's configuration
#
# NOTE: all config file parameters can be overriden
# from command line!
# Listening address. REQUIRED.
#
# type: string
# syntax: [HOST]:PORT
frontend = "[*]:8443"
# Upstream server address. REQUIRED.
#
# type: string
# syntax: [HOST]:PORT.
backend = "[127.0.0.1]:8000"
# SSL x509 certificate file. REQUIRED.
# List multiple certs to use SNI. Certs are used in the order they
# are listed; the last cert listed will be used if none of the others match
#
# type: string
pem-file = ""
# SSL protocol.
#
# tls = on
# ssl = off
# List of allowed SSL ciphers.
#
# Run openssl ciphers for list of available ciphers.
# type: string
ciphers = ""
# Enforce server cipher list order
#
# type: boolean
prefer-server-ciphers = off
# Use specified SSL engine
#
# type: string
ssl-engine = ""
# Directory for OCSP staple retrieval
#
# type: string
ocsp-dir = "%%CACHE_DIR%%"
# Number of worker processes
#
# type: integer
workers = 1
# Listen backlog size
#
# type: integer
backlog = 100
# TCP socket keepalive interval in seconds
#
# type: integer
keepalive = 3600
# Chroot directory
#
# type: string
chroot = ""
# Set uid after binding a socket
#
# type: string
user = "hitch"
# Set gid after binding a socket
#
# type: string
group = "hitch"
# Quiet execution, report only error messages
#
# type: boolean
quiet = off
# Use syslog for logging
#
# type: boolean
syslog = on
# Syslog facility to use
#
# type: string
syslog-facility = "daemon"
# Run as daemon
#
# type: boolean
daemon = on
# Report client address by writing IP before sending data
#
# NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
#
# type: boolean
write-ip = off
# Report client address using SENDPROXY protocol, see
# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
# for details.
#
# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
#
# type: boolean
write-proxy = off
# Report client address using SENDPROXY v2 binary protocol, see
# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
# for details.
#
# NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy.
#
# type: boolean
write-proxy-v2 = off
# Proxy an existing SENDPROXY protocol header through this request.
#
# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy.
#
# type: boolean
proxy-proxy = off
# EOF
Reference in a new issue View git blame Copy permalink