forked from AGWA/titus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
titus.conf.example
76 lines (59 loc) · 2.36 KB
/
titus.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Run as a daemon?
#daemon yes
#pid-file /var/run/titus.pid
# Which port to listen on
port 443
# Run in transparent proxy mode (see titus(8) man page)?
#transparent no
# Minimum number of children to keep running waiting for connections
#min-spare-children 3
# Maximum number of children (i.e. connections) at once
#max-children 100
# Maximum time (in seconds) that TLS handshake may take
#max-handshake-time 10
# What user and group to run the network-talking processes as
network-user titus
network-group nogroup
# What user and group to run the key server processes as
keyserver-user titus-keys
keyserver-group nogroup
# Directory to chroot to (this should be empty and not writable by the titus user)
chroot /var/lib/titus/empty
# Virtual host that matches any connection to 192.0.2.5
vhost
# Local address of connection (if not specified, any local address matches)
local-address 192.0.2.5
# TLS key and certificate for this vhost
key /etc/ssl/private/example.com.key
cert /etc/ssl/certs/example.com.chained.crt
# Address of backend application
backend 127.0.0.1
backend-port 6443
# Virtual host that matches a server name of www.example.com
vhost
# Server name (SNI) (if not specified, any server name matches)
sni-name www.example.com
# TLS key and certificate for this vhost
key /etc/ssl/private/www.example.com.key
cert /etc/ssl/certs/www.example.com.chained.crt
# Address of backend application
backend 127.0.0.1
backend-port 7443
# Virtual host that matches any connection
vhost
# TLS key and certificate for this vhost
key /etc/ssl/private/wildcard.example.com.key
cert /etc/ssl/certs/wildcard.example.com.chained.crt
# Address of backend application
backend 127.0.0.1
backend-port 8443
# TLS settings (see titus(8) man page)
#ciphers ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA
#dhgroup 14
#ecdhcurve secp521r1
#compression no
#sslv3 no
#tlsv1 yes
#tlsv1.1 yes
#tlsv1.2 yes
#honor-client-cipher-order no