diff --git a/conf/uts-server.cnf b/conf/uts-server.cnf index 5d8485b..af3becc 100644 --- a/conf/uts-server.cnf +++ b/conf/uts-server.cnf @@ -12,30 +12,76 @@ tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 [ main ] -num_threads = 10 -#run_as_user = uts-server -enable_keep_alive = no + +# Comma-separated list of ips:ports to listen on. +# If the port is SSL, a letter s must be appended. listening_ports = 127.0.0.1:2020 #listening_ports = 80,443s -num_threads = 50 -run_as_user = uts-server -throttle = 10 +# Allows clients to reuse TCP connection for subsequent HTTP requests, which improves performance. enable_keep_alive = no -request_timeout_ms = 30000 -#ssl_certificate = /etc/uts-server/cert.pem -#ssl_verify_peer = yes -#ssl_ca_path = /etc/ssl/ca/ -#ssl_ca_file = /etc/uts-server/ca.pem -#ssl_verify_depth = 9 -#ssl_default_verify_paths = yes -#ssl_cipher_list = TLS_DH_anon_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256 -#ssl_protocol_version = 0 -#ssl_short_trust = no -#access_control_allow_origin = * -tcp_nodelay = 0 -log_level = info +# Number of worker threads. +num_threads = 50 + +# Switch to given user credentials after startup. +# Required to run on privileged ports and not be run as root. +# run_as_user = uts-server + +# Limit download speed for clients. throttle is a comma-separated list of key=value pairs: +# * limit speed for all connections +# x.x.x.x/mask limit speed for specified subnet +# The value is a floating-point number of bytes per second, optionally followed by a k or m character +# meaning kilobytes and megabytes respectively. A limit of 0 means unlimited rate +throttle = * +#throttle = *=1k,10.10.0.0/16=10m,10.20.0.0/16=0 + +# Timeout for network read and network write operations, in milliseconds. +request_timeout_ms = 30000 + +# Path to the SSL certificate file. (PEM format containing private key and certificate) +#ssl_certificate = /etc/uts-server/cert.pem + +# Enable client's certificate verification by the server. +#ssl_verify_peer = yes + +# Name of a directory containing trusted CA certificates +#ssl_ca_path = /etc/ssl/ca/ + +# Path to a .pem file containing trusted certificates. The file may contain more than one certificate. +#ssl_ca_file = /etc/uts-server/ca.pem + +# Sets maximum depth of certificate chain. +# If client's certificate chain is longer than the depth set here connection is refused. +#ssl_verify_depth = 9 + +# Loads default trusted certificates locations set at openssl compile time. +#ssl_default_verify_paths = yes + +# see https://www.openssl.org/docs/manmaster/apps/ciphers.html for more detailed +#ssl_cipher_list = ALL:!eNULL + +# Sets the minimal accepted version of SSL/TLS protocol according to the table: +# SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2 0 +# SSL3+TLS1.0+TLS1.1+TLS1.2 1 +# TLS1.0+TLS1.1+TLS1.2 2 +# TLS1.1+TLS1.2 3 +# TLS1.2 4 + +#ssl_protocol_version = 3 + +# Enables the use of short lived certificates +#ssl_short_trust = no + +# comma separated list of IP subnets to accept/deny +# deny all accesses, only allow 192.168/16 subnet +#access_control_allow_origin = -0.0.0.0/0,+192.168/16 + +# Enable TCP_NODELAY socket option on client connections. +tcp_nodelay = 0 + +# loglevel +log_level = info #################################################################### [ tsa ]