summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'www-misc/shellinabox/files/shellinaboxd.conf')
-rw-r--r--www-misc/shellinabox/files/shellinaboxd.conf75
1 files changed, 75 insertions, 0 deletions
diff --git a/www-misc/shellinabox/files/shellinaboxd.conf b/www-misc/shellinabox/files/shellinaboxd.conf
new file mode 100644
index 000000000000..7f020c123d1c
--- /dev/null
+++ b/www-misc/shellinabox/files/shellinaboxd.conf
@@ -0,0 +1,75 @@
+# conf.d file for shellinaboxd
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Options available (copied from the man page):
+#
+# Sometimes, it is not necessary to replace the entire style sheet using the
+# --static-file option. But instead a small incremental change should be made to
+# the visual appearance of the terminal. The --css option provides a means to
+# append additional style rules to the end of the default styles.css sheet. More
+# than one --css option can be given on the same command line.
+#
+# You shouldn't need to change this value
+# unless you want to load your own style sheets.
+SIAB_CSS_DIR="/usr/share/shellinabox-resources"
+
+# If built with SSL/TLS support enabled, the daemon will look in SIAB_CERT_DIR for any
+# certificates. If unspecified, this defaults to the current working directory.
+#
+# If the browser negotiated a Server Name Identification the daemon will look for
+# a matching certificate-SERVERNAME.pem file. This allows for virtual hosting
+# of multiple server names on the same IP address and port.
+#
+# If no SNI handshake took place, it falls back on using the certificate in the
+# certificate.pem file.
+#
+# The administrator should make sure that there are matching certificates for
+# each of the virtual hosts on this server, and that there is a generic certifi‐
+# cate.pem file.
+#
+# If no suitable certificate is installed, shellinaboxd will attempt to invoke
+# /usr/bin/openssl and create a new self-signed certificate. This only
+# succeeds if, after dropping privileges, shellinaboxd has write
+# permissions for SIAB_CERT_DIR.
+#
+# Most browsers show a warning message when encountering a self-signed
+# certificate and then allow the user the option of accepting the certificate.
+# Due to this usability problem, and due to the perceived security
+# implications, the use of auto-generated self-signed certificates is intended
+# for testing or in intranet deployments, only.
+#
+SIAB_CERT_DIR="/etc/shellinabox/cert"
+
+# By default, shellinaboxd redirectes all incoming HTTP requests to their
+# equivalent HTTPS URLs. If promoting of connections to encrypted SSL/TLS
+# sessions is undesired, this behavior can be disabled.
+#
+# This option is also useful during testing or for deployment in trusted
+# intranets, if SSL certificates are unavailable.
+#
+# SIAB_DISABLE_SSL and SIAB_CERT_DIR are mutually exclusive options.
+#
+# Add this option to SIAB_OPTS if you don't want SSL support.
+SIAB_DISABLE_SSL="--disable-ssl"
+
+# Default port to listen on.
+SIAB_HTTP_PORT="4200"
+
+# Run shellinabox as this user.
+SIAB_USER="shellinaboxd"
+
+# Run shellinabox as this group.
+SIAB_GROUP="shellinaboxd"
+
+# Default service to launch
+SIAB_SERVICE="/:LOGIN"
+
+# Do not add both SIAB_CSS_DIR or SIAB_CERT_DIR to SIAB_OPTS.
+
+# Default setup turns off SSL.
+SIAB_OPTS="${SIAB_DISABLE_SSL} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE}"
+
+# Uncomment this line to activate SSL.
+# SIAB_OPTS="--cert=${SIAB_CERT_DIR} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE}"