Add dehydrated configuration.
This commit is contained in:
parent
351d41e943
commit
e8f50a863f
10 changed files with 715 additions and 6 deletions
147
etc/dehydrated/config
Normal file
147
etc/dehydrated/config
Normal file
|
|
@ -0,0 +1,147 @@
|
|||
# This is the main config file for dehydrated.
|
||||
# This file is looked for in the following locations:
|
||||
# $SCRIPTDIR/config (next to this script)
|
||||
# /usr/local/etc/dehydrated/config
|
||||
# /etc/dehydrated/config
|
||||
# ${PWD}/config (in current working-directory)
|
||||
|
||||
# Which user should dehydrated run as? This will be implictly enforced when running as root.
|
||||
# Default: <unset>
|
||||
#DEHYDRATED_USER=""
|
||||
|
||||
# Which group should dehydrated run as? This will be implictly enforced when running as root.
|
||||
# Default: <unset>
|
||||
#DEHYDRATED_GROUP=""
|
||||
|
||||
# Resolve names to addresses of IP version only, for curl.
|
||||
# Supported values: 4, 6.
|
||||
# Default: <unset>
|
||||
#IP_VERSION=""
|
||||
|
||||
# Path to certificate authority.
|
||||
# Default: https://acme-v02.api.letsencrypt.org/directory
|
||||
#CA="https://acme-v02.api.letsencrypt.org/directory"
|
||||
# Use staging server for testing:
|
||||
#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
|
||||
# Path to old certificate authority.
|
||||
# Set this value to your old CA when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
|
||||
# If dehydrated detects an account-key for the old CA it will automatically reuse that key
|
||||
# instead of registering a new one.
|
||||
# Default: https://acme-v01.api.letsencrypt.org/directory
|
||||
#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
|
||||
|
||||
# Which challenge should be used?
|
||||
# Supported values: http-01, dns-01, tls-alpn-01.
|
||||
# Default: http-01
|
||||
#CHALLENGETYPE="http-01"
|
||||
|
||||
# Path to a directory containing additional config files.
|
||||
# This allows overriding the defaults found in the main configuration file.
|
||||
# Additional config files in this directory must be named with a '.sh' ending.
|
||||
# Default: <unset>
|
||||
#CONFIG_D=""
|
||||
|
||||
# Base directory for account key, generated certificates and list of domains.
|
||||
# Default: $SCRIPTDIR
|
||||
BASEDIR="/etc/dehydrated"
|
||||
|
||||
# File containing the list of domains for which to request certificates.
|
||||
# Default: $BASEDIR/domains.txt
|
||||
DOMAINS_TXT="${BASEDIR}/domains"
|
||||
|
||||
# Directory for per-domain configuration files.
|
||||
# If not set, per-domain configurations are sourced from each certificates output directory.
|
||||
# Default: <unset>
|
||||
DOMAINS_D="${BASEDIR}/domains.d"
|
||||
|
||||
# Output directory for generated certificates.
|
||||
# Default: ${BASEDIR}/certs
|
||||
#CERTDIR="${BASEDIR}/certs"
|
||||
|
||||
# Output directory for alpn verification certificates.
|
||||
# Default: ${BASEDIR}/alpn-certs
|
||||
#ALPNCERTDIR="${BASEDIR}/alpn-certs"
|
||||
|
||||
# Directory for account keys and registration information.
|
||||
# Default: ${BASEDIR}/accounts
|
||||
#ACCOUNTDIR="${BASEDIR}/accounts"
|
||||
|
||||
# Output directory for challenge-tokens to be served by webserver, or deployed in $HOOK.
|
||||
# Default: /var/www/dehydrated
|
||||
WELLKNOWN="/srv/dehydrated"
|
||||
|
||||
# Default keysize for private keys.
|
||||
# Default: 4096
|
||||
#KEYSIZE="4096"
|
||||
|
||||
# Path to openssl config file.
|
||||
# To try and figure out the system default, leave this unset.
|
||||
# Default: <unset>
|
||||
#OPENSSL_CNF=""
|
||||
|
||||
# Path to OpenSSL binary.
|
||||
# Default: openssl
|
||||
#OPENSSL="openssl"
|
||||
|
||||
# Extra options passed to the curl binary.
|
||||
# Default: <unset>
|
||||
#CURL_OPTS=""
|
||||
|
||||
# Program or function called at certain stages of processing.
|
||||
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
|
||||
# Default: <unset>
|
||||
HOOK="${BASEDIR}/hooks/default"
|
||||
|
||||
# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
|
||||
# Default: no
|
||||
#HOOK_CHAIN="no"
|
||||
|
||||
# Minimum days before expiration to automatically renew certificate.
|
||||
# Default: 30
|
||||
#RENEW_DAYS="30"
|
||||
|
||||
# Regenerate private keys instead of just signing new certificates on renewal?
|
||||
# Default: yes
|
||||
PRIVATE_KEY_RENEW="no"
|
||||
|
||||
# Create an extra private key for rollover?
|
||||
# Default: no
|
||||
#PRIVATE_KEY_ROLLOVER="no"
|
||||
|
||||
# Which public key algorithm should be used?
|
||||
# Supported: rsa, prime256v1, secp384r1.
|
||||
# Default: rsa
|
||||
KEY_ALGO="secp384r1"
|
||||
|
||||
# E-mail to use during the registration.
|
||||
# Default: <unset>
|
||||
CONTACT_EMAIL="sysadmin@slackware.uk"
|
||||
|
||||
# Lockfile location, to prevent concurrent execution.
|
||||
# Default: $BASEDIR/lock
|
||||
LOCKFILE="/run/dehydrated.lock"
|
||||
|
||||
# Option to add CSR-flag indicating OCSP stapling to be mandatory.
|
||||
# Default: no
|
||||
#OCSP_MUST_STAPLE="no"
|
||||
|
||||
# Fetch OCSP responses.
|
||||
# Default: no
|
||||
#OCSP_FETCH="no"
|
||||
|
||||
# OCSP refresh interval, in days.
|
||||
# Default: 5
|
||||
#OCSP_DAYS="5"
|
||||
|
||||
# Issuer chain cache directory.
|
||||
# Default: $BASEDIR/chains
|
||||
#CHAINCACHE="${BASEDIR}/chains"
|
||||
|
||||
# Automatic cleanup?
|
||||
# Default: no
|
||||
AUTO_CLEANUP="yes"
|
||||
|
||||
# ACME API version.
|
||||
# Default: auto
|
||||
#API=auto
|
||||
Loading…
Add table
Add a link
Reference in a new issue