SSL options added to configuration files
This commit is contained in:
parent
f6f5f9c2c7
commit
b8730cbf86
2 changed files with 68 additions and 24 deletions
|
@ -43,19 +43,24 @@ serverinfo {
|
||||||
/* for IPv6 */
|
/* for IPv6 */
|
||||||
#vhost6 = "3ffe:80e8:546::2";
|
#vhost6 = "3ffe:80e8:546::2";
|
||||||
|
|
||||||
/* ssl_private_key: our ssl private key */
|
/* ssl_private_key: our ssl private key */
|
||||||
ssl_private_key = "etc/test.key";
|
ssl_private_key = "etc/test.key";
|
||||||
|
|
||||||
/* ssl_cert: certificate for our ssl server */
|
|
||||||
ssl_cert = "etc/test.cert";
|
|
||||||
|
|
||||||
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
|
|
||||||
ssl_dh_params = "etc/dh.pem";
|
|
||||||
|
|
||||||
/* default max clients: the default maximum number of clients
|
/* ssl_cert: certificate for our ssl server */
|
||||||
* allowed to connect. This can be changed once ircd has started by
|
ssl_cert = "etc/test.cert";
|
||||||
* issuing:
|
|
||||||
* /quote set maxclients <limit>
|
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
|
||||||
|
ssl_dh_params = "etc/dh.pem";
|
||||||
|
|
||||||
|
/* ssld_count: number of ssld processes you want to start, if you have a really busy
|
||||||
|
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
|
||||||
|
*/
|
||||||
|
ssld_count = 1;
|
||||||
|
|
||||||
|
/* default max clients: the default maximum number of clients
|
||||||
|
* allowed to connect. This can be changed once ircd has started by
|
||||||
|
* issuing:
|
||||||
|
* /quote set maxclients <limit>
|
||||||
*/
|
*/
|
||||||
default_max_clients = 1024;
|
default_max_clients = 1024;
|
||||||
};
|
};
|
||||||
|
@ -113,10 +118,12 @@ listen {
|
||||||
*/
|
*/
|
||||||
#host = "192.169.0.1";
|
#host = "192.169.0.1";
|
||||||
port = 5000, 6665 .. 6669;
|
port = 5000, 6665 .. 6669;
|
||||||
|
sslport = 9999;
|
||||||
|
|
||||||
/* Listen on IPv6 (if you used host= above). */
|
/* Listen on IPv6 (if you used host= above). */
|
||||||
#host = "3ffe:1234:a:b:c::d";
|
#host = "3ffe:1234:a:b:c::d";
|
||||||
#port = 5000, 6665 .. 6669;
|
#port = 5000, 6665 .. 6669;
|
||||||
|
#sslport = 9999;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* auth {}: allow users to connect to the ircd (OLD I:)
|
/* auth {}: allow users to connect to the ircd (OLD I:)
|
||||||
|
@ -261,6 +268,16 @@ connect "irc.uplink.com" {
|
||||||
#aftype = ipv6;
|
#aftype = ipv6;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
connect "ssl.uplink.com" {
|
||||||
|
host = "192.168.0.1";
|
||||||
|
send_password = "password";
|
||||||
|
accept_password = "anotherpassword";
|
||||||
|
port = 9999;
|
||||||
|
hub_mask = "*";
|
||||||
|
class = "server";
|
||||||
|
flags = ssl, topicburst;
|
||||||
|
};
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "services.int";
|
name = "services.int";
|
||||||
};
|
};
|
||||||
|
|
|
@ -116,19 +116,24 @@ serverinfo {
|
||||||
*/
|
*/
|
||||||
#vhost6 = "3ffe:80e8:546::2";
|
#vhost6 = "3ffe:80e8:546::2";
|
||||||
|
|
||||||
/* ssl_private_key: our ssl private key */
|
/* ssl_private_key: our ssl private key */
|
||||||
ssl_private_key = "etc/test.key";
|
ssl_private_key = "etc/test.key";
|
||||||
|
|
||||||
/* ssl_cert: certificate for our ssl server */
|
|
||||||
ssl_cert = "etc/test.cert";
|
|
||||||
|
|
||||||
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
|
|
||||||
ssl_dh_params = "etc/dh.pem";
|
|
||||||
|
|
||||||
/* default max clients: the default maximum number of clients
|
/* ssl_cert: certificate for our ssl server */
|
||||||
* allowed to connect. This can be changed once ircd has started by
|
ssl_cert = "etc/test.cert";
|
||||||
* issuing:
|
|
||||||
* /quote set maxclients <limit>
|
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
|
||||||
|
ssl_dh_params = "etc/dh.pem";
|
||||||
|
|
||||||
|
/* ssld_count: number of ssld processes you want to start, if you have a really busy
|
||||||
|
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
|
||||||
|
*/
|
||||||
|
ssld_count = 1;
|
||||||
|
|
||||||
|
/* default max clients: the default maximum number of clients
|
||||||
|
* allowed to connect. This can be changed once ircd has started by
|
||||||
|
* issuing:
|
||||||
|
* /quote set maxclients <limit>
|
||||||
*/
|
*/
|
||||||
default_max_clients = 1024;
|
default_max_clients = 1024;
|
||||||
};
|
};
|
||||||
|
@ -252,20 +257,28 @@ listen {
|
||||||
/* port: the specific port to listen on. if no host is specified
|
/* port: the specific port to listen on. if no host is specified
|
||||||
* before, it will listen on all available IPs.
|
* before, it will listen on all available IPs.
|
||||||
*
|
*
|
||||||
|
* sslport: the specific port to listen ssl connections on. if no
|
||||||
|
* host is specified before, it will listen on all available IPs.
|
||||||
|
*
|
||||||
* ports are seperated via a comma, a range may be specified using ".."
|
* ports are seperated via a comma, a range may be specified using ".."
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
|
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
|
||||||
port = 5000, 6665 .. 6669;
|
port = 5000, 6665 .. 6669;
|
||||||
|
|
||||||
|
/* sslport: listen for ssl connections on all available IPs, port 9999 */
|
||||||
|
sslport = 9999;
|
||||||
|
|
||||||
/* host: set a specific IP/host the ports after the line will listen
|
/* host: set a specific IP/host the ports after the line will listen
|
||||||
* on. This may be ipv4 or ipv6.
|
* on. This may be ipv4 or ipv6.
|
||||||
*/
|
*/
|
||||||
host = "1.2.3.4";
|
host = "1.2.3.4";
|
||||||
port = 7000, 7001;
|
port = 7000, 7001;
|
||||||
|
sslport = 9000, 9001;
|
||||||
|
|
||||||
host = "3ffe:1234:a:b:c::d";
|
host = "3ffe:1234:a:b:c::d";
|
||||||
port = 7002;
|
port = 7002;
|
||||||
|
sslport = 9002;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* auth {}: allow users to connect to the ircd (OLD I:) */
|
/* auth {}: allow users to connect to the ircd (OLD I:) */
|
||||||
|
@ -454,6 +467,7 @@ connect "irc.uplink.com" {
|
||||||
* autoconn - automatically connect to this server
|
* autoconn - automatically connect to this server
|
||||||
* compressed - compress traffic via ziplinks
|
* compressed - compress traffic via ziplinks
|
||||||
* topicburst - burst topics between servers
|
* topicburst - burst topics between servers
|
||||||
|
* ssl - ssl/tls encrypted server connections
|
||||||
*/
|
*/
|
||||||
flags = compressed, topicburst;
|
flags = compressed, topicburst;
|
||||||
};
|
};
|
||||||
|
@ -475,6 +489,19 @@ connect "ipv6.some.server" {
|
||||||
class = "server";
|
class = "server";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
connect "ssl.uplink.com" {
|
||||||
|
/* Example of ssl server-to-server connection, ssl flag doesn't need
|
||||||
|
* compressed flag, 'cause it uses own compression
|
||||||
|
*/
|
||||||
|
host = "192.168.0.1";
|
||||||
|
send_password = "password";
|
||||||
|
accept_password = "anotherpassword";
|
||||||
|
port = 9999;
|
||||||
|
hub_mask = "*";
|
||||||
|
class = "server";
|
||||||
|
flags = ssl, topicburst;
|
||||||
|
};
|
||||||
|
|
||||||
/* cluster {}; servers that we propagate things to automatically.
|
/* cluster {}; servers that we propagate things to automatically.
|
||||||
* NOTE: This does NOT grant them privileges to apply anything locally,
|
* NOTE: This does NOT grant them privileges to apply anything locally,
|
||||||
* you must add a seperate shared block for that. Clustering will
|
* you must add a seperate shared block for that. Clustering will
|
||||||
|
|
Loading…
Reference in a new issue