# ---------------------------------------------------------------------------------------------------------------------------------------- # userver - configuration parameters # ---------------------------------------------------------------------------------------------------------------------------------------- # ENABLE_IPV6 flag to indicate use of ipv6 # SERVER host name or ip address for the listening socket # PORT port number for the listening socket # SOCKET_NAME file name for the listening socket # IP_ADDRESS public ip address of host for the interface connected to the Internet (autodetected if not specified) # ALLOWED_IP client address IP-based access control (IPADDR[/MASK]) # # USE_TCP_OPTIMIZATION flag indicating the use of TCP/IP options to optimize data transmission (NODELAY, DEFER_ACCEPT, QUICKACK) # # PID_FILE write pid on file indicated # WELCOME_MSG message of welcome to send initially to client # RUN_AS_USER downgrade security to that user account # DOCUMENT_ROOT The directory out of which you will serve your documents # # LOG_FILE locations for file log # LOG_FILE_SZ memory size for file log # LOG_MSG_SIZE limit length of print network message to LOG_MSG_SIZE chars (default 128) # # PLUGIN list of plugins to load, a flexible way to add specific functionality to the server # PLUGIN_DIR directory of plugins to load # # REQ_TIMEOUT timeout for request from client # MAX_KEEP_ALIVE Specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session. # (Value <= 1 will disable Keep-Alive) # # DH_FILE DH param # CERT_FILE certificate of server # KEY_FILE private key of server # PASSWORD password for private key of server # CA_FILE locations of trusted CA certificates used in the verification # CA_PATH locations of trusted CA certificates used in the verification # # VERIFY_MODE mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4) # ---------------------------------------------------------------------------------------------------------------------------------------- # how to verify peer certificates. The possible values of this setting are: # # SSL_VERIFY_NONE - do not verify anything # SSL_VERIFY_PEER - verify the peer certificate, if one is presented # SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented # # SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE. # SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT. # ---------------------------------------------------------------------------------------------------------------------------------------- # # PREFORK_CHILD number of child server processes created at startup ( 0 - serialize, no forking # 1 - classic, forking after accept client) # >1 - pool of process serialize plus monitoring process) # ---------------------------------------------------------------------------------------------------------------------------------------- userver { USE_TCP_OPTIMIZATION yes PID_FILE /var/run/RA.pid RUN_AS_USER ra DOCUMENT_ROOT /srv/RA/www LOG_FILE /var/log/RA.log LOG_MSG_SIZE -1 # LOG_FILE_SZ 1M PLUGIN "ssi http" REQ_TIMEOUT 300 MAX_KEEP_ALIVE 1024 PREFORK_CHILD 2 } # ------------------------------------------------------------------------------------------------------------------------------------------ # http - plugin parameters # ------------------------------------------------------------------------------------------------------------------------------------------ # ALIAS vector of URI redirection (request -> alias) # REWRITE_RULE_NF vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...) # # ENABLE_INOTIFY enable automatic update of document root image with inotify # CACHE_FILE_MASK mask (DOS regexp) of pathfile that be cached in memory # # VIRTUAL_HOST flag to activate practice of maintaining more than one server on one machine, # as differentiated by their apparent hostname # DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic) # # ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive) # # URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes # URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK # # URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection # # This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks # # LIMIT_REQUEST_BODY restricts the total size of the HTTP request body sent from the client # REQUEST_READ_TIMEOUT set timeout for receiving requests # ------------------------------------------------------------------------------------------------------------------------------------------ http { # URI_PROTECTED_MASK /card-generation DIGEST_AUTHENTICATION yes } # ----------------------------------------------------------------------------------------------------- # ssi - plugin parameters # ----------------------------------------------------------------------------------------------------- # ENVIRONMENT path of file configuration environment for SSI # # SSI_AUTOMATIC_ALIASING special SSI HTML file that is recognized automatically as alias of all # uri request without suffix (generally cause navigation directory not working) # ----------------------------------------------------------------------------------------------------- ssi { ENVIRONMENT ~/etc/environment.conf SSI_AUTOMATIC_ALIASING index.shtml }