mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-10-12 20:27:27 +08:00
Code Issues Releases Wiki Activity
3c3c591bb9
ULib/tests/examples/wi-auth/etc/firenze_ssl.cfg
stefanocasazza 3c3c591bb9 clean history
2015-01-23 17:24:36 +01:00

164 lines
8.7 KiB
INI
Raw Blame History

# ----------------------------------------------------------------------------------------------------------------------------------------
# userver - configuration parameters
# ----------------------------------------------------------------------------------------------------------------------------------------
# ENABLE_IPV6 flag to indicate use of ipv6
# SERVER host name or ip address for the listening socket
# PORT port number for the listening socket
# SOCKET_NAME file name for the listening socket
# IP_ADDRESS public ip address of host for the interface connected to the Internet (autodetected if not specified)
# ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK])
#
# ENABLE_RFC1918_FILTER reject request from private IP to public server address
# ALLOWED_IP_PRIVATE list of comma separated client private address for IP-based access control (IPADDR[/MASK]) for public server
#
# LISTEN_BACKLOG max number of ready to be delivered connections to accept()
# USE_TCP_OPTIMIZATION flag indicating the use of TCP/IP options to optimize data transmission (NODELAY, DEFER_ACCEPT, QUICKACK)
# SET_REALTIME_PRIORITY flag indicating that the preforked processes will be scheduled under the real-time policies SCHED_FIFO
#
# PID_FILE write pid on file indicated
# WELCOME_MSG message of welcome to send initially to client
# RUN_AS_USER downgrade security to that user account
# DOCUMENT_ROOT The directory out of which you will serve your documents
#
# LOG_FILE locations for file log
# LOG_FILE_SZ memory size for file log
# LOG_MSG_SIZE limit length of print network message to LOG_MSG_SIZE chars (default 128)
#
# PLUGIN list of plugins to load, a flexible way to add specific functionality to the server
# PLUGIN_DIR directory of plugins to load
#
# REQ_TIMEOUT timeout for request from client
# MAX_KEEP_ALIVE Specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session.
# (Value <= 1 will disable Keep-Alive)
#
# DH_FILE DH param
# CERT_FILE certificate of server
# KEY_FILE private key of server
# PASSWORD password for private key of server
# CA_FILE locations of trusted CA certificates used in the verification
# CA_PATH locations of trusted CA certificates used in the verification
#
# VERIFY_MODE mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4)
# ----------------------------------------------------------------------------------------------------------------------------------------
# how to verify peer certificates. The possible values of this setting are:
#
# SSL_VERIFY_NONE - do not verify anything
# SSL_VERIFY_PEER - verify the peer certificate, if one is presented
# SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented
#
# SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE.
# SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
# ----------------------------------------------------------------------------------------------------------------------------------------
#
# PREFORK_CHILD number of child server processes created at startup ( 0 - serialize, no forking
# 1 - classic, forking after accept client)
# >1 - pool of process serialize plus monitoring process)
# ----------------------------------------------------------------------------------------------------------------------------------------
userver {
PORT 443
PID_FILE /var/run/userver-firenze_ssl.pid
RUN_AS_USER unirel
DOCUMENT_ROOT ~/wi-auth/www
LOG_FILE /var/log/userver-firenze_ssl.log
# LOG_FILE_SZ 1M
LOG_MSG_SIZE -1
PLUGIN "ssi http"
REQ_TIMEOUT 5
CA_PATH /home/unirel/userver/etc/CApath
KEY_FILE /home/unirel/userver/etc/certificates/wifi-aaa.comune.fi.it.key
CERT_FILE /home/unirel/userver/etc/certificates/wifi-aaa.comune.fi.it.cer
PREFORK_CHILD 3
}
# ------------------------------------------------------------------------------------------------------------------------------------------
# http - plugin parameters
# ------------------------------------------------------------------------------------------------------------------------------------------
# ALIAS vector of URI redirection (request -> alias)
# REWRITE_RULE_NF vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)
#
# MAINTENANCE_MODE to switch the site to a maintenance page only
#
# APACHE_LIKE_LOG file to write NCSA extended/combined log format: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
#
# ENABLE_INOTIFY enable automatic update of document root image with inotify
# TELNET_ENABLE accept fragmentation of header request (as happen with telnet)
# CACHE_FILE_MASK mask (DOS regexp) of pathfile that be cached in memory
#
# MIN_SIZE_FOR_SENDFILE for major size it is better to use sendfile() to serve static content
#
# VIRTUAL_HOST flag to activate practice of maintaining more than one server on one machine,
# as differentiated by their apparent hostname
# DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic)
#
# ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive)
#
# URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes
# URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
#
# URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection
# URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL
#
# SESSION_COOKIE_OPTION eventual params for session cookie (lifetime, path, domain, secure, HttpOnly)
# ------------------------------------------------------------------------------------------------------------------------------------------
# This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks
# ------------------------------------------------------------------------------------------------------------------------------------------
# LIMIT_REQUEST_BODY restricts the total size of the HTTP request body sent from the client
# REQUEST_READ_TIMEOUT set timeout for receiving requests
# ------------------------------------------------------------------------------------------------------------------------------------------
http {
ALIAS [
/login_request/OP /cgi-bin/OP.cgi
/favicon.ico|/images/logo_fiwifi.png|/css/livevalidation.css|/js/livevalidation_standalone.compressed.js /nostat
]
APACHE_LIKE_LOG /var/log/httpd/access_log
TELNET_ENABLE yes
URI_PROTECTED_MASK /admin*
# MAINTENANCE_MODE /ErrorDocument/down.html
CACHE_FILE_MASK "css/livevalidation.css| \
js/livevalidation_standalone.compressed.js| \
images/logo_fiwifi.png| \
10.30.1.111/admin.html| \
10.30.1.111/index.shtml| \
10.30.1.111/css/layoutv1.css| \
wifi-aaa.comune.fi.it/js/*.js| \
wifi-aaa.comune.fi.it/css/*.css| \
wifi-aaa.comune.fi.it/index.shtml| \
wifi-aaa.comune.fi.it/images/*.png"
VIRTUAL_HOST yes
LIMIT_REQUEST_BODY 100K
REQUEST_READ_TIMEOUT 30
}
# -----------------------------------------------------------------------------------------------------
# ssi - plugin parameters
# -----------------------------------------------------------------------------------------------------
# ENVIRONMENT path of file configuration environment for SSI
#
# SSI_AUTOMATIC_ALIASING special SSI HTML file that is recognized automatically as alias of all
# uri request without suffix (generally cause navigation directory not working)
# -----------------------------------------------------------------------------------------------------
ssi {
ENVIRONMENT ~/wi-auth/etc/environment.conf
SSI_AUTOMATIC_ALIASING /index.shtml
}
Reference in New Issue View Git Blame Copy Permalink