X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=man%2Fngircd.conf.5.tmpl;h=38ac40b7965a4af72f5e6a7362c39c727a8733d4;hp=e8efab1f0bf75072d23a410d3f97e4f30a4a9c50;hb=5f400694cfee5bed6be0ac0a5c1638ed9b413c55;hpb=eba14d937d7d8980a1d178ca0066c577bf66c806 diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index e8efab1f..38ac40b7 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -52,8 +52,8 @@ for numbers all decimal integer values are valid. In addition, some string or numerical variables accept lists of values, separated by commas (","). .SH "SECTION OVERVIEW" -The file can contain blocks of four types: [Global], [Limits], [Options], -[Operator], [Server], and [Channel]. +The file can contain blocks of seven types: [Global], [Limits], [Options], +[SSL], [Operator], [Server], and [Channel]. .PP The main configuration of the server is stored in the .I [Global] @@ -68,8 +68,10 @@ block are used to tweak different limits and timeouts of the daemon, like the maximum number of clients allowed to connect to this server. Variables in the .I [Options] section can be used to enable or disable specific features of ngIRCd, like -support for IDENT, PAM, IPv6, SSL, and protocol and cloaking features. These -two sections are both optional. +support for IDENT, PAM, IPv6, and protocol and cloaking features. The +.I [SSL] +block contains all SSL-related configuration variables. These three sections +are all optional. .PP IRC operators of this server are defined in .I [Operator] @@ -81,7 +83,7 @@ blocks are used to configure pre-defined ("persistent") IRC channels. .PP There can be more than one [Operator], [Server] and [Channel] section per configuration file (one for each operator, server, and channel), but only -exactly one [Global], one [Limits], and one [Options] section. +exactly one [Global], one [Limits], one [Options], and one [SSL] section. .SH [GLOBAL] The .I [Global] @@ -126,7 +128,7 @@ if ngIRCd is using PAM! \fBPidFile\fR (string) This tells ngIRCd to write its current process ID to a file. Note that the pidfile is written AFTER chroot and switching the user ID, e.g. the directory -the pidfile resides in must be writeable by the ngIRCd user and exist in the +the pidfile resides in must be writable by the ngIRCd user and exist in the chroot directory (if configured, see above). .TP \fBPorts\fR (list of numbers) @@ -190,7 +192,7 @@ If a client fails to answer a PING with a PONG within seconds, it will be disconnected by the server. Default: 20. .SH [OPTIONS] Optional features and configuration options to further tweak the behavior of -ngIRCd. If you wan't to get started quickly, you most probably don't have to +ngIRCd. If you want to get started quickly, you most probably don't have to make changes here -- they are all optional. .TP \fBAllowRemoteOper\fR (boolean) @@ -244,6 +246,15 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. Default: yes. .TP +\fBMorePrivacy\fR (boolean) +This will cause ngIRCd to censor user idle time, logon time as well as the +part/quit messages (that are sometimes used to inform everyone about which +client software is being used). WHOWAS requests are also silently ignored. +This option is most useful when ngIRCd is being used together with +anonymizing software such as TOR or I2P and one does not wish to make it +too easy to collect statistics on the users. +Default: no. +.TP \fBNoticeAuth\fR (boolean) Normally ngIRCd doesn't send any messages to a client until it is registered. Enable this option to let the daemon send "NOTICE AUTH" messages to clients @@ -276,10 +287,37 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP -\fBSSLCertFile\fR (string) +\fBScrubCTCP\fR (boolean) +If set to true, ngIRCd will silently drop all CTCP requests sent to it from +both clients and servers. It will also not forward CTCP requests to any +other servers. CTCP requests can be used to query user clients about which +software they are using and which versions said software is. CTCP can also be +used to reveal clients IP numbers. ACTION CTCP requests are not blocked, +this means that /me commands will not be dropped, but please note that +blocking CTCP will disable file sharing between users! +Default: no. +.TP +\fBSyslogFacility\fR (string) +Syslog "facility" to which ngIRCd should send log messages. Possible +values are system dependent, but most probably "auth", "daemon", "user" +and "local1" through "local7" are possible values; see syslog(3). +Default is "local5" for historical reasons, you probably want to +change this to "daemon", for example. +.TP +\fBWebircPassword\fR (string) +Password required for using the WEBIRC command used by some Web-to-IRC +gateways. If not set or empty, the WEBIRC command can't be used. +Default: not set. +.SH [SSL] +All SSL-related configuration variables are located in the +.I [SSL] +section. Please note that this whole section is only recognized by ngIRCd +when it is compiled with support for SSL using OpenSSL or GnuTLS! +.TP +\fBCertFile\fR (string) SSL Certificate file of the private server key. .TP -\fBSSLDHFile\fR (string) +\fBDHFile\fR (string) Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS "certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not present, it will be generated on startup when ngIRCd was compiled with GnuTLS @@ -287,29 +325,17 @@ support (this may take some time). If ngIRCd was compiled with OpenSSL, then (Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be available. .TP -\fBSSLKeyFile\fR (string) +\fBKeyFile\fR (string) Filename of SSL Server Key to be used for SSL connections. This is required for SSL/TLS support. .TP -\fBSSLKeyFilePassword\fR (string) +\fBKeyFilePassword\fR (string) OpenSSL only: Password to decrypt the private key file. .TP -\fBSSLPorts\fR (list of numbers) +\fBPorts\fR (list of numbers) Same as \fBPorts\fR , except that ngIRCd will expect incoming connections to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669 and 6697. Default: none. -.TP -\fBSyslogFacility\fR (string) -Syslog "facility" to which ngIRCd should send log messages. Possible -values are system dependent, but most probably "auth", "daemon", "user" -and "local1" through "local7" are possible values; see syslog(3). -Default is "local5" for historical reasons, you probably want to -change this to "daemon", for example. -.TP -\fBWebircPassword\fR (string) -Password required for using the WEBIRC command used by some Web-to-IRC -gateways. If not set or empty, the WEBIRC command can't be used. -Default: not set. .SH [OPERATOR] .I [Operator] sections are used to define IRC Operators. There may be more than one @@ -325,10 +351,6 @@ Password of the IRC operator. \fBMask\fR (string) Mask that is to be checked before an /OPER for this account is accepted. Example: nick!ident@*.example.com -.SH [FEATURES] -An optional section that can be used to disable features at -run-time. A feature is enabled by default if if ngircd was built with -support for it. .SH [SERVER] Other servers are configured in .I [Server]