summaryrefslogtreecommitdiff
blob: d80ecd0250d20a0a5d271fd0f0a7ee7f4220b6eb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# conf.d file for shellinaboxd
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

# Options available (copied from the man page):
#
# Sometimes, it is not necessary to replace the entire style sheet using the
# --static-file option. But instead a small incremental change should be made to
# the visual  appearance  of the terminal. The --css option provides a means to
# append additional style rules to the end of the default styles.css sheet. More
# than one --css option can be given on the same command line.
#
# You shouldn't need to change this value 
# unless you want to load your own style sheets.
SIAB_CSS_DIR="/usr/share/shellinabox-resources"

# If built with SSL/TLS support enabled, the daemon will look in SIAB_CERT_DIR for any
# certificates. If unspecified, this defaults to the current working directory.         
# 
# If the browser negotiated a Server Name Identification the daemon will look for
# a matching certificate-SERVERNAME.pem file. This allows for virtual hosting
# of multiple server names on the same IP address and port.                                                                                                            
# 
# If no SNI handshake took place, it falls back on using the certificate in the
# certificate.pem file.                                                                  
# 
# The administrator should make sure that there are matching certificates for
# each of the virtual hosts on this server, and that there is a generic certifi‐
# cate.pem file.

# If no suitable certificate is installed, shellinaboxd will attempt to invoke
# /usr/bin/openssl and create a new self-signed certificate. This only
# succeeds if, after dropping privileges, shellinaboxd has write
# permissions for SIAB_CERT_DIR.                                                                                       
# 
# Most browsers show a warning message when encountering a self-signed
# certificate and then allow the user the option of accepting the certificate.
# Due to this usability problem, and due to the perceived security
# implications, the use of auto-generated self-signed certificates is intended
# for testing or in  intranet deployments, only.
#
SIAB_CERT_DIR="/etc/shellinabox/cert"

# By default, shellinaboxd redirects all incoming HTTP requests to their
# equivalent HTTPS URLs. If promoting of connections to encrypted SSL/TLS
# sessions is undesired, this behavior can be disabled.
# 
# This option is also useful during testing or for deployment in trusted
# intranets, if SSL certificates are unavailable.
#
# SIAB_DISABLE_SSL and SIAB_CERT_DIR are mutually exclusive options.

# Add this option to SIAB_OPTS if you don't want SSL support.
SIAB_DISABLE_SSL="--disable-ssl"

# Default port to listen on.
SIAB_HTTP_PORT="4200"

# Run shellinabox as this user.
SIAB_USER="shellinaboxd"

# Run shellinabox as this group.
SIAB_GROUP="shellinaboxd"

# Default service to launch
SIAB_SERVICE="/:LOGIN"

# SIAB log file.
SIAB_LOGFILE="/var/log/shellinabox.log"

# Do not add both SIAB_CSS_DIR or SIAB_CERT_DIR to SIAB_OPTS.

# Default setup turns off SSL.
SIAB_OPTS="${SIAB_DISABLE_SSL} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE} --verbose"

# Uncomment this line to activate SSL.
# SIAB_OPTS="--cert=${SIAB_CERT_DIR} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE}"