nut-debian/conf/upsd.conf.sample

169 lines
7.2 KiB
Plaintext
Raw Permalink Normal View History

2010-03-26 01:20:59 +02:00
# Network UPS Tools: example upsd configuration file
#
# This file contains access control data, you should keep it secure.
#
# It should only be readable by the user that upsd becomes. See the FAQ.
2012-01-24 12:22:33 +02:00
#
# Each entry below provides usage and default value.
2022-07-10 10:23:45 +03:00
#
# For more information, refer to upsd.conf manual page.
2010-03-26 01:20:59 +02:00
# =======================================================================
# MAXAGE <seconds>
# MAXAGE 15
#
# This defaults to 15 seconds. After a UPS driver has stopped updating
# the data for this many seconds, upsd marks it stale and stops making
# that information available to clients. After all, the only thing worse
# than no data is bad data.
#
# You should only use this if your driver has difficulties keeping
# the data fresh within the normal 15 second interval. Watch the syslog
# for notifications from upsd about staleness.
2022-07-10 10:23:45 +03:00
# =======================================================================
# TRACKINGDELAY <seconds>
# TRACKINGDELAY 3600
#
# This defaults to 1 hour. When instant commands and variables setting status
# tracking is enabled, status execution information are kept during this
# amount of time, and then cleaned up.
# =======================================================================
# ALLOW_NO_DEVICE <Boolean>
# ALLOW_NO_DEVICE true
#
# Normally upsd requires that at least one device section is defined in ups.conf
# when the daemon starts, to serve its data. For automatically managed services
# it may be preferred to have upsd always running, and reload the configuration
# when power devices become defined.
#
# Boolean values 'true', 'yes', 'on' and '1' mean that the server would not
# refuse to start with zero device sections found in ups.conf.
#
# Boolean values 'false', 'no', 'off' and '0' mean that the server should refuse
# to start if zero device sections were found in ups.conf. This is the default.
2011-01-26 11:35:08 +02:00
# =======================================================================
# STATEPATH <path>
# STATEPATH /var/run/nut
#
# Tell upsd to look for the driver state sockets in 'path' rather
# than the default that was compiled into the program.
2010-03-26 01:20:59 +02:00
# =======================================================================
2022-07-10 10:23:45 +03:00
# LISTEN <IP address or name> [<port>]
2010-03-26 01:20:59 +02:00
# LISTEN 127.0.0.1 3493
2012-01-24 12:22:33 +02:00
# LISTEN ::1 3493
2022-07-10 10:23:45 +03:00
# LISTEN myhostname 83493
# LISTEN myhostname.mydomain
2012-01-24 12:22:33 +02:00
#
# This defaults to the localhost listening addresses and port 3493.
# In case of IP v4 or v6 disabled kernel, only the available one will be used.
2010-03-26 01:20:59 +02:00
#
2022-07-10 10:23:45 +03:00
# You may specify each interface IP address or name that you want upsd to
# listen on for connections, optionally with a port number.
2010-03-26 01:20:59 +02:00
#
# You may need this if you have multiple interfaces on your machine and
# you don't want upsd to listen to all interfaces (for instance on a
# firewall, you may not want to listen to the external interface).
#
# This will only be read at startup of upsd. If you make changes here,
# you'll need to restart upsd, reload will have no effect.
# =======================================================================
# MAXCONN <connections>
2011-01-26 11:35:08 +02:00
# MAXCONN 1024
2010-03-26 01:20:59 +02:00
#
# This defaults to maximum number allowed on your system. Each UPS, each
# LISTEN address and each client count as one connection. If the server
# runs out of connections, it will no longer accept new incoming client
# connections. Only set this if you know exactly what you're doing.
2011-01-26 11:35:08 +02:00
# =======================================================================
# CERTFILE <certificate file>
2013-11-24 17:00:12 +02:00
# CERTFILE /usr/local/ups/etc/upsd.pem
2011-01-26 11:35:08 +02:00
#
2013-11-24 17:00:12 +02:00
# When compiled with SSL support with OpenSSL backend,
# you can enter the certificate file here.
2011-01-26 11:35:08 +02:00
# The certificates must be in PEM format and must be sorted starting with
# the subject's certificate (server certificate), followed by intermediate
# CA certificates (if applicable_ and the highest level (root) CA. It should
# end with the server key. See 'docs/security.txt' or the Security chapter of
# NUT user manual for more information on the SSL support in NUT.
2013-11-24 17:00:12 +02:00
#
# See 'docs/security.txt' or the Security chapter of NUT user manual
# for more information on the SSL support in NUT.
# =======================================================================
# CERTPATH <certificate file or directory>
# CERTPATH /usr/local/ups/etc/cert/upsd
#
# When compiled with SSL support with NSS backend,
# you can enter the certificate path here.
2022-07-10 10:23:45 +03:00
# Certificates are stored in a dedicated database (split into 3 files).
2013-11-24 17:00:12 +02:00
# Specify the path of the database directory.
2022-07-10 10:23:45 +03:00
#
2013-11-24 17:00:12 +02:00
# See 'docs/security.txt' or the Security chapter of NUT user manual
# for more information on the SSL support in NUT.
# =======================================================================
# CERTIDENT <certificate name> <database password>
# CERTIDENT "my nut server" "MyPasSw0rD"
#
# When compiled with SSL support with NSS backend,
# you can specify the certificate name to retrieve from database to
# authenticate itself and the password
# required to access certificate related private key.
2022-07-10 10:23:45 +03:00
#
2013-11-24 17:00:12 +02:00
# See 'docs/security.txt' or the Security chapter of NUT user manual
# for more information on the SSL support in NUT.
# =======================================================================
# CERTREQUEST <certificate request level>
# CERTREQUEST REQUIRE
#
# When compiled with SSL support with NSS backend and client certificate
# validation (disabled by default, see 'docs/security.txt'),
# you can specify if upsd requests or requires client's' certificates.
# Possible values are :
# - 0 to not request to clients to provide any certificate
# - 1 to require to all clients a certificate
# - 2 to require to all clients a valid certificate
2022-07-10 10:23:45 +03:00
#
2013-11-24 17:00:12 +02:00
# See 'docs/security.txt' or the Security chapter of NUT user manual
# for more information on the SSL support in NUT.
2022-07-10 10:23:45 +03:00
# =======================================================================
# DISABLE_WEAK_SSL <Boolean>
# DISABLE_WEAK_SSL true
#
# Tell upsd to disable older/weak SSL/TLS protocols and ciphers.
#
# With relatively recent versions of OpenSSL or NSS it will be restricted
# to TLSv1.2 or better.
#
# Unless you have really ancient clients, you probably want to enable this.
# Currently disabled by default to ensure compatibility with existing setups.
# =======================================================================
# DEBUG_MIN <Integer>
# DEBUG_MIN 2
#
# Optionally specify a minimum debug level for `upsd` data daemon, e.g. for
# troubleshooting a deployment, without impacting foreground or background
# running mode directly, and without need to edit init-scripts or service
# unit definitions. Note that command-line option `-D` can only increase
# this verbosity level.
#
# NOTE: if the running daemon receives a `reload` command, presence of the
# `DEBUG_MIN NUMBER` value in the configuration file can be used to tune
# debugging verbosity in the running service daemon (it is recommended to
# comment it away or set the minimum to explicit zero when done, to avoid
# huge journals and I/O system abuse). Keep in mind that for this run-time
# tuning, the `DEBUG_MIN` value *present* in *reloaded* configuration files
# is applied instantly and overrides any previously set value, from file
# or CLI options, regardless of older logging level being higher or lower
# than the newly found number; a missing (or commented away) value however
# does not change the previously active logging verbosity.