SSL options added to configuration files

This commit is contained in:
Valery Yatsko 2008-04-07 15:45:15 +04:00
parent f6f5f9c2c7
commit b8730cbf86
2 changed files with 68 additions and 24 deletions

View file

@ -43,19 +43,24 @@ serverinfo {
/* for IPv6 */ /* for IPv6 */
#vhost6 = "3ffe:80e8:546::2"; #vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */ /* ssl_private_key: our ssl private key */
ssl_private_key = "etc/test.key"; ssl_private_key = "etc/test.key";
/* ssl_cert: certificate for our ssl server */
ssl_cert = "etc/test.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
/* default max clients: the default maximum number of clients /* ssl_cert: certificate for our ssl server */
* allowed to connect. This can be changed once ircd has started by ssl_cert = "etc/test.cert";
* issuing:
* /quote set maxclients <limit> /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
/* ssld_count: number of ssld processes you want to start, if you have a really busy
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
*/
ssld_count = 1;
/* default max clients: the default maximum number of clients
* allowed to connect. This can be changed once ircd has started by
* issuing:
* /quote set maxclients <limit>
*/ */
default_max_clients = 1024; default_max_clients = 1024;
}; };
@ -113,10 +118,12 @@ listen {
*/ */
#host = "192.169.0.1"; #host = "192.169.0.1";
port = 5000, 6665 .. 6669; port = 5000, 6665 .. 6669;
sslport = 9999;
/* Listen on IPv6 (if you used host= above). */ /* Listen on IPv6 (if you used host= above). */
#host = "3ffe:1234:a:b:c::d"; #host = "3ffe:1234:a:b:c::d";
#port = 5000, 6665 .. 6669; #port = 5000, 6665 .. 6669;
#sslport = 9999;
}; };
/* auth {}: allow users to connect to the ircd (OLD I:) /* auth {}: allow users to connect to the ircd (OLD I:)
@ -261,6 +268,16 @@ connect "irc.uplink.com" {
#aftype = ipv6; #aftype = ipv6;
}; };
connect "ssl.uplink.com" {
host = "192.168.0.1";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
service { service {
name = "services.int"; name = "services.int";
}; };

View file

@ -116,19 +116,24 @@ serverinfo {
*/ */
#vhost6 = "3ffe:80e8:546::2"; #vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */ /* ssl_private_key: our ssl private key */
ssl_private_key = "etc/test.key"; ssl_private_key = "etc/test.key";
/* ssl_cert: certificate for our ssl server */
ssl_cert = "etc/test.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
/* default max clients: the default maximum number of clients /* ssl_cert: certificate for our ssl server */
* allowed to connect. This can be changed once ircd has started by ssl_cert = "etc/test.cert";
* issuing:
* /quote set maxclients <limit> /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
/* ssld_count: number of ssld processes you want to start, if you have a really busy
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
*/
ssld_count = 1;
/* default max clients: the default maximum number of clients
* allowed to connect. This can be changed once ircd has started by
* issuing:
* /quote set maxclients <limit>
*/ */
default_max_clients = 1024; default_max_clients = 1024;
}; };
@ -252,20 +257,28 @@ listen {
/* port: the specific port to listen on. if no host is specified /* port: the specific port to listen on. if no host is specified
* before, it will listen on all available IPs. * before, it will listen on all available IPs.
* *
* sslport: the specific port to listen ssl connections on. if no
* host is specified before, it will listen on all available IPs.
*
* ports are seperated via a comma, a range may be specified using ".." * ports are seperated via a comma, a range may be specified using ".."
*/ */
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */ /* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
port = 5000, 6665 .. 6669; port = 5000, 6665 .. 6669;
/* sslport: listen for ssl connections on all available IPs, port 9999 */
sslport = 9999;
/* host: set a specific IP/host the ports after the line will listen /* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6. * on. This may be ipv4 or ipv6.
*/ */
host = "1.2.3.4"; host = "1.2.3.4";
port = 7000, 7001; port = 7000, 7001;
sslport = 9000, 9001;
host = "3ffe:1234:a:b:c::d"; host = "3ffe:1234:a:b:c::d";
port = 7002; port = 7002;
sslport = 9002;
}; };
/* auth {}: allow users to connect to the ircd (OLD I:) */ /* auth {}: allow users to connect to the ircd (OLD I:) */
@ -454,6 +467,7 @@ connect "irc.uplink.com" {
* autoconn - automatically connect to this server * autoconn - automatically connect to this server
* compressed - compress traffic via ziplinks * compressed - compress traffic via ziplinks
* topicburst - burst topics between servers * topicburst - burst topics between servers
* ssl - ssl/tls encrypted server connections
*/ */
flags = compressed, topicburst; flags = compressed, topicburst;
}; };
@ -475,6 +489,19 @@ connect "ipv6.some.server" {
class = "server"; class = "server";
}; };
connect "ssl.uplink.com" {
/* Example of ssl server-to-server connection, ssl flag doesn't need
* compressed flag, 'cause it uses own compression
*/
host = "192.168.0.1";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
/* cluster {}; servers that we propagate things to automatically. /* cluster {}; servers that we propagate things to automatically.
* NOTE: This does NOT grant them privileges to apply anything locally, * NOTE: This does NOT grant them privileges to apply anything locally,
* you must add a seperate shared block for that. Clustering will * you must add a seperate shared block for that. Clustering will