1
0
mirror of https://github.com/kakwa/uts-server synced 2024-11-05 17:28:51 +01:00
uts-server/conf/uts-server.cnf

152 lines
3.9 KiB
Plaintext
Raw Normal View History

# Section for declarinG OID mapping. Just add <name> = <OID> pairs.
2016-09-09 21:45:00 +02:00
[ oids ]
2016-08-25 23:03:56 +02:00
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
2016-09-10 00:50:24 +02:00
# Main configuration section (mostly http configuration).
2016-08-25 23:03:56 +02:00
[ main ]
# Comma-separated list of ips:ports to listen on.
# If the port is SSL, a letter s must be appended.
2016-09-10 12:03:03 +02:00
#
2016-09-10 00:50:24 +02:00
# Ex: listening_ports = 80,443s
2016-08-25 23:03:56 +02:00
listening_ports = 127.0.0.1:2020
2016-09-10 00:50:24 +02:00
# Allows clients to reuse TCP connection for subsequent
2016-09-09 21:45:00 +02:00
# HTTP requests, which improves performance.
2016-08-25 23:03:56 +02:00
enable_keep_alive = no
# Number of worker threads.
num_threads = 50
# Switch to given user credentials after startup.
# Required to run on privileged ports as non root user.
2016-09-10 00:50:24 +02:00
#run_as_user = uts-server
# Limit download speed for clients.
#
2016-09-10 03:27:41 +02:00
# Throttle is a comma-separated list of key=value pairs:
#
# - * -> limit speed for all connections
2016-09-10 03:27:41 +02:00
#
# - x.x.x.x/mask -> limit speed for specified subnet
2016-09-10 00:50:24 +02:00
#
# The value is a floating-point number of bytes per second,
# optionally followed by a k or m character
# meaning kilobytes and megabytes respectively.
2016-09-10 03:27:41 +02:00
#
# A limit of 0 means unlimited rate.
2016-09-10 03:27:41 +02:00
#
2016-09-10 00:50:24 +02:00
# Ex: throttle = *=1k,10.10.0.0/16=10m,10.20.0.0/16=0
2016-08-26 19:31:12 +02:00
throttle = *=0
# Timeout for network read and network write operations.
# In milliseconds.
2016-08-25 23:03:56 +02:00
request_timeout_ms = 30000
# Path to the SSL certificate file .
# PEM format must contain private key and certificate.
2016-08-25 23:03:56 +02:00
#ssl_certificate = /etc/uts-server/cert.pem
# Enable client's certificate verification by the server.
2016-08-25 23:03:56 +02:00
#ssl_verify_peer = yes
2016-09-10 00:50:24 +02:00
# Name of a directory containing trusted CA certificates.
2016-08-25 23:03:56 +02:00
#ssl_ca_path = /etc/ssl/ca/
# Path to a .pem file containing trusted certificates.
# The file may contain more than one certificate.
2016-08-25 23:03:56 +02:00
#ssl_ca_file = /etc/uts-server/ca.pem
# Sets maximum depth of certificate chain.
# If client's certificate chain is longer
# than the depth set here connection is refused.
2016-08-25 23:03:56 +02:00
#ssl_verify_depth = 9
# Loads default trusted certificates
# locations set at openssl compile time.
2016-08-25 23:03:56 +02:00
#ssl_default_verify_paths = yes
# See https://www.openssl.org/docs/manmaster/apps/ciphers.html
# for more detailed
#ssl_cipher_list = ALL:!eNULL
# Sets the minimal accepted version of SSL/TLS protocol
# according to the table:
#
2016-09-10 03:29:12 +02:00
# - SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2 -> 0
2016-09-10 03:27:41 +02:00
#
2016-09-10 03:29:12 +02:00
# - SSL3+TLS1.0+TLS1.1+TLS1.2 -> 1
2016-09-10 03:27:41 +02:00
#
2016-09-10 03:29:12 +02:00
# - TLS1.0+TLS1.1+TLS1.2 -> 2
2016-09-10 03:27:41 +02:00
#
2016-09-10 03:29:12 +02:00
# - TLS1.1+TLS1.2 -> 3
2016-09-10 03:27:41 +02:00
#
2016-09-10 03:29:12 +02:00
# - TLS1.2 -> 4
#ssl_protocol_version = 3
# Enables the use of short lived certificates
2016-08-25 23:03:56 +02:00
#ssl_short_trust = no
2016-09-10 00:50:24 +02:00
# Comma separated list of IP subnets to accept/deny
#
# Ex: -0.0.0.0/0,+192.168.0.0/16
# (deny all accesses, only allow 192.168.0.0/16 subnet)
#access_control_allow_origin = -0.0.0.0/0,+192.168/16
# Enable TCP_NODELAY socket option on client connections.
2016-08-25 23:03:56 +02:00
tcp_nodelay = 0
2016-09-10 00:50:24 +02:00
# Loglevel (debug, info, notice, warn, err, emerg, crit)
log_level = info
2016-08-25 23:03:56 +02:00
2016-09-10 00:50:24 +02:00
# Section defining which TSA section to use.
2016-08-25 23:03:56 +02:00
[ tsa ]
# Name of the TSA section to use as default.
default_tsa = tsa_config1
2016-08-25 23:03:56 +02:00
2016-09-10 00:50:24 +02:00
# Example of timestamp section configuration.
2016-08-25 23:03:56 +02:00
[ tsa_config1 ]
2016-09-10 00:50:24 +02:00
# TSA root directory.
dir = /etc/uts-server/pki
2016-09-10 00:50:24 +02:00
# OpenSSL engine to use for signing.
2016-09-09 21:45:00 +02:00
#crypto_device = builtin
2016-09-10 00:50:24 +02:00
# The TSA signing certificat. (optional)
signer_cert = $dir/tsacert.pem
2016-09-10 00:50:24 +02:00
# Certificate chain to include in reply. (optional)
certs = $dir/cacert.pem
2016-09-10 00:50:24 +02:00
# The TSA private key. (optional)
signer_key = $dir/private/tsakey.pem
2016-09-10 00:50:24 +02:00
# Policy if request did not specify it. (optional)
default_policy = tsa_policy1
2016-09-10 00:50:24 +02:00
# Acceptable policies. (optional)
other_policies = tsa_policy2, tsa_policy3
2016-09-10 00:50:24 +02:00
# Acceptable message digests. (mandatory)
digests = md5, sha1
2016-09-10 00:50:24 +02:00
# Timestamp accuracy. (optional)
accuracy = secs:1, millisecs:500, microsecs:100
2016-09-10 00:50:24 +02:00
# Number of decimals for timestamp. (optional)
clock_precision_digits = 0
2016-09-10 00:50:24 +02:00
# Is ordering defined for timestamps? (optional, default: no)
ordering = yes
2016-09-10 00:50:24 +02:00
# Must the TSA name be included in the reply? (optional, default: no)
tsa_name = yes
2016-09-10 00:50:24 +02:00
# Must the ESS cert id chain be included? (optional, default: no)
ess_cert_id_chain = no