# # stud(8), The Scalable TLS Unwrapping Daemon's configuration # # NOTE: all config file parameters can be overriden # from command line! # Listening address. REQUIRED. # # type: string # syntax: [HOST]:PORT frontend = "[*]:8443" # Upstream server address. REQUIRED. # # type: string # syntax: [HOST]:PORT. backend = "[127.0.0.1]:8000" # SSL x509 certificate file. REQUIRED. # List multiple certs to use SNI. Certs are used in the order they # are listed; the last cert listed will be used if none of the others match # # type: string pem-file = "" # SSL protocol. # # tls = on # ssl = off # List of allowed SSL ciphers. # # Run openssl ciphers for list of available ciphers. # type: string ciphers = "" # Enforce server cipher list order # # type: boolean prefer-server-ciphers = off # Use specified SSL engine # # type: string ssl-engine = "" # Directory for OCSP staple retrieval # # type: string ocsp-dir = "%%CACHE_DIR%%" # Number of worker processes # # type: integer workers = 1 # Listen backlog size # # type: integer backlog = 100 # TCP socket keepalive interval in seconds # # type: integer keepalive = 3600 # Chroot directory # # type: string chroot = "" # Set uid after binding a socket # # type: string user = "hitch" # Set gid after binding a socket # # type: string group = "hitch" # Quiet execution, report only error messages # # type: boolean quiet = off # Use syslog for logging # # type: boolean syslog = on # Syslog facility to use # # type: string syslog-facility = "daemon" # Run as daemon # # type: boolean daemon = on # Report client address by writing IP before sending data # # NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy. # # type: boolean write-ip = off # Report client address using SENDPROXY protocol, see # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt # for details. # # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy. # # type: boolean write-proxy = off # Report client address using SENDPROXY v2 binary protocol, see # http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt # for details. # # NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy. # # type: boolean write-proxy-v2 = off # Proxy an existing SENDPROXY protocol header through this request. # # NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy. # # type: boolean proxy-proxy = off # EOF