This module contains configuration options solely needed if
running as stand-alone web server.
[access_allowed]
[access_log]
[debug_log]
[dir_listing_allowed]
[document_root]
[error_log]
[mime_types]
[pid_file]
[run_username]
[server_admin]
[server_signature]
[ssl_CertificateFile]
[ssl_CertificateKeyFile]
[ssl_Engine]
[ssl_Protocols]
[ssl_VerifyClient]
[ssl_VerifyDepth]
[ssl_debug]
[ssl_randfile]
Misc. options
- run_username
-
User account name to setuid after being started as root.
This options might be overriden by command-line
option -u.
- server_admin
-
Contact mail address of the server admin when running stand-alone.
- server_signature
-
This is the server's signature which can be appended to
every HTML page. You can use a dictionary string-formatting
of all environment vars.
Example:
server_signature = """%(SERVER_SOFTWARE)s at
%(SERVER_NAME)s
Port %(SERVER_PORT)s
"""
- access_allowed
-
List of accepted address/net mask strings of
accepted client addresses.
Example for accepting all client IP addresses:
access_allowed = ['0.0.0.0/0.0.0.0']
Example for accepting only clients from loopback network:
access_allowed = ['127.0.0.1/255.0.0.0']
Path names
Path names of needed files and directories.
- pid_file
-
Path name for file the PID of the main thread is written to.
- access_log
-
Path name of access log file.
- error_log
-
Path name of error log file.
- debug_log
-
Path name of debug log file. stdout and stderr are redirected
to this file for redirecting debug messages of underlying
modules.
- document_root
-
Where the static documents reside.
- mime_types
-
Path name of IANA mime.types file.
- dir_listing_allowed
-
Allow listing of directories. Set to 0 to disable,
set 1 to enable the directory listings.
SSL
These options configure the behaviour or basic options when
running with encryption protocl SSL.
These variables have pretty much the same meaning as similar
named SSL configuration directives in mod_ssl.
Note:
SSL support in stand-alone mode is still somewhat experimental
and some features are not fully implemented yet. If you need
a stable SSL implementation for production use run web2ldap under
the control of a full-blown SSL capable web server via FastCGI
(e.g. Apache or Netscape).
- ssl_Engine
-
Set on for having SSL support. If off the options in this section
are not needed. This options might be overriden by command-line
option -s.
- ssl_Protocols
-
List of supported protocols (up to now only ['sslv23'] works with Netscape).
- ssl_debug
-
Set to 'on' for debugging messages from M2Crypto module.
- ssl_CertificateFile
-
Server Certificate:
Point SSLCertificateFile at a PEM encoded certificate. If
the certificate is encrypted, then you will be prompted for a
pass phrase.
- ssl_CertificateKeyFile
-
Server Private Key:
If the key is not combined with the certificate, use this
directive to point at the key file.
- ssl_CACertificatePath or ssl_CACertificateFile
-
Certificate Authority (CA):
Set the CA certificate verification path where to find CA
certificates for client authentication or alternatively one
huge file containing all of them (file must be PEM encoded)
Note: Inside SSLCACertificatePath you need hash symlinks
to point to the certificate files. Use the provided
Makefile to update the hash symlinks after changes.
- ssl_VerifyClient
-
Client Authentication (Type):
Client certificate verification type and depth. Types are
none (0), optional (1), require (3).
- ssl_VerifyDepth
-
Depth is a
number which specifies how deeply to verify the certificate
issuer chain before deciding the certificate is not valid.
- ssl_randfile
-
File with random data to seed PRNG
(you won't need that on Linux since /dev/urandom is used there).
Page last modified: Saturday, 05-Jan-2002 21:06:44 CET,
© by
Michael Ströder <michael@stroeder.com>