SSLproxy/sslproxy.conf.5
2018-02-28 02:16:18 +03:00

126 lines
3.8 KiB
Groff

.\" SSLproxy - transparent SSL/TLS proxy for diverting packets to programs
.\" Copyright (c) 2017-2018, Soner Tari <sonertari@gmail.com>
.\" All rights reserved.
.\" https://github.com/sonertari/SSLproxy
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions, and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "sslproxy.conf" "5" "February 28, 2018" "sslproxy 0.5.4" "SSLproxy"
.SH "NAME"
.LP
\fBsslproxy.conf\fR \- Configuration file for SSLproxy
.SH "DESCRIPTION"
.LP
The file sslproxy.conf configures SSLproxy, sslproxy(1).
.SH "FILE FORMAT"
The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are of the form \fBOption Argument\fR. The arguments are of the following types:
.TP
\fBBOOL\fR
Boolean value (yes/no).
.TP
\fBSTRING\fR
String.
.TP
\fBNUMBER\fR
Unsigned integer.
.SH "DIRECTIVES"
.LP
When an option is not used (hashed or doesn't exist in the configuration file) sslproxy takes a default action.
.TP
\fBCACert STRING\fR
Use CA cert (and key) to sign forged certs.
.TP
\fBCAKey STRING\fR
Use CA key (and cert) to sign forged certs.
.TP
\fBConnIdleTimeout NUMBER\fR
Close connections after this many seconds of idle time.
.br
Default: 120
.TP
\fBExpiredConnCheckPeriod NUMBER\fR
Check for expired connections every this many seconds.
.br
Default: 10.
.TP
\fBSSLShutdownRetryDelay NUMBER\fR
Retry to shut ssl conns down after this many micro seconds. Increasing this delay may avoid dirty shutdowns on slow connections, but increases resource usage, such as file desriptors and memory.
.br
Default: 100
.TP
\fBPidFile STRING\fR
Write pid to file.
.TP
\fBLogStats BOOL\fR
Log statistics to syslog.
.br
Default: yes
.TP
\fBStatsPeriod NUMBER\fR
Log statistics every this many ExpiredConnCheckPeriod periods.
.br
Default: 1
.TP
\fBUser STRING\fR
Drop privileges to user.
.br
Default: nobody, if run as root
.TP
\fBGroup STRING\fR
Drop privileges to group.
.br
Default: Primary group of user
.TP
\fBRemoveHTTPAcceptEncoding BOOL\fR
Remove HTTP header line for Accept-Encoding.
.br
Default: yes
.TP
\fBRemoveHTTPReferer BOOL\fR
Remove HTTP header line for Referer.
.br
Default: yes
.TP
\fBVerifyPeer BOOL\fR
Verify peer using default certificates.
.br
Default: yes
.TP
\fBAllowWrongHost BOOL\fR
Allow wrong host names in certificates.
.br
Default: no
.TP
\fBCiphers STRING\fR
Cipher specification for both server and client SSL/TLS connections.
.TP
\fBProxySpec STRING\fR
Proxy specification: type listenaddr+port up:utmport. Multiple specs are allowed, one on each line.
.SH "FILES"
.LP
/etc/sslproxy/sslproxy.conf
.SH "AUTHOR"
.LP
Soner Tari <sonertari@gmail.com>
.SH "SEE ALSO"
.LP
sslproxy(1)