| blob | 9497b1c63bbf69341a241b6d9e6f722bb81210b3 |
1 # Network UPS Tools: example upsd configuration file
2 #
3 # This file contains access control data, you should keep it secure.
4 #
5 # It should only be readable by the user that upsd becomes. See the FAQ.
6 #
7 # Each entry below provides usage and default value.
8 #
9 # For more information, refer to upsd.conf manual page.
10 #
11 # NOTE: Contents of this file should be pure ASCII (character codes
12 # not in range would be ignored with a warning message).
14 # =======================================================================
15 # MAXAGE <seconds>
16 # MAXAGE 15
17 #
18 # This defaults to 15 seconds. After a UPS driver has stopped updating
19 # the data for this many seconds, upsd marks it stale and stops making
20 # that information available to clients. After all, the only thing worse
21 # than no data is bad data.
22 #
23 # You should only use this if your driver has difficulties keeping
24 # the data fresh within the normal 15 second interval. Watch the syslog
25 # for notifications from upsd about staleness.
27 # =======================================================================
28 # TRACKINGDELAY <seconds>
29 # TRACKINGDELAY 3600
30 #
31 # This defaults to 1 hour. When instant commands and variables setting status
32 # tracking is enabled, status execution information are kept during this
33 # amount of time, and then cleaned up.
35 # =======================================================================
36 # ALLOW_NO_DEVICE <Boolean>
37 # ALLOW_NO_DEVICE true
38 #
39 # Normally upsd requires that at least one device section is defined in ups.conf
40 # when the daemon starts, to serve its data. For automatically managed services
41 # it may be preferred to have upsd always running, and reload the configuration
42 # when power devices become defined.
43 #
44 # Boolean values 'true', 'yes', 'on' and '1' mean that the server would not
45 # refuse to start with zero device sections found in ups.conf.
46 #
47 # Boolean values 'false', 'no', 'off' and '0' mean that the server should refuse
48 # to start if zero device sections were found in ups.conf. This is the default.
50 # =======================================================================
51 # ALLOW_NOT_ALL_LISTENERS <Boolean>
52 # ALLOW_NOT_ALL_LISTENERS true
53 #
54 # Normally upsd requires that all `LISTEN` directives can be honoured at the
55 # moment the daemon starts. If your LAN IP address (or host name) used in one
56 # of the `LISTEN` directives may be not always accessible, and for some reason
57 # do not want to just `LISTEN *` on the wildcard interface, but e.g. you still
58 # want to use `upsmon` on `localhost`, this option can help. Note you would
59 # have to restart `upsd` to pick up the `LISTEN`ed IP address if it appears
60 # later.
61 #
62 # Boolean values 'true', 'yes', 'on' and '1' mean that the server would not
63 # refuse to start if it can listen on at least one interface.
64 #
65 # Boolean values 'false', 'no', 'off' and '0' mean that the server should
66 # refuse to start if it can not LISTEN on each and every (non-localhost)
67 # interface found in upsd.conf. This is the default.
69 # =======================================================================
70 # STATEPATH <path>
71 # STATEPATH /var/run/nut
72 #
73 # Tell upsd to look for the driver state sockets in 'path' rather
74 # than the default that was compiled into the program.
75 # Note that the drivers must use the same path, so `upsd` would prefer the
76 # same-named setting from `ups.conf` global section, if present, over its own.
77 # Environment variable NUT_STATEPATH set by caller can override this setting.
79 # =======================================================================
80 # LISTEN <IP address or name> [<port>]
81 # LISTEN 127.0.0.1 3493
82 # LISTEN ::1 3493
83 # LISTEN myhostname 83493
84 # LISTEN myhostname.mydomain
85 #
86 # With no LISTEN statement, the default is localhost and port 3493.
87 # In case of IP v4 or v6 disabled kernel, only the available one will
88 # be used.
89 # Note that it is not true for Windows platforms. You shouldn't use IPv6 in
90 # your configuration files unless you have IPv6 installed.
91 #
92 # As a special case, `LISTEN * <port>` (with an asterisk) will try
93 # to listen on "ANY" IP address for both IPv6 (::0) and IPv4 (0.0.0.0),
94 # subject to `upsd` command-line arguments, or system configuration.
95 # Note that if the system supports IPv4-mapped IPv6 addressing per RFC-3493,
96 # and does not allow to disable this mode, then there may be one listening
97 # socket to handle both address families.
98 #
99 # One or more LISTEN statements give the IP address (or name that
100 # resolves to such an address) for upsd to listen on, optionally with
101 # a port number.
102 #
103 # As an example, a machine with a LAN and a WAN interface that also
104 # functions as a router and firewall might be configured to listen
105 # only on the LAN interface.
106 #
107 # This will only be read at startup of upsd. If you make changes here,
108 # you'll need to restart upsd, as reload will have no effect.
109 #
110 # Please note that older NUT releases could have been using the IPv4-mapped
111 # IPv6 addressing (sometimes also known as "dual-stack") mode, if provided
112 # by the system. Current versions (since NUT v2.8.1 release) explicitly try
113 # to restrict their listening sockets to only support one address family on
114 # each socket, and so avoid IPv4-mapped mode where possible.
116 # =======================================================================
117 # MAXCONN <connections>
118 # MAXCONN 1024
119 #
120 # This defaults to maximum number allowed on your system. Each UPS, each
121 # LISTEN address and each client count as one connection. If the server
122 # runs out of connections, it will no longer accept new incoming client
123 # connections. Only set this if you know exactly what you're doing.
125 # =======================================================================
126 # CERTFILE <certificate file>
127 # CERTFILE /usr/local/ups/etc/upsd.pem
128 #
129 # When compiled with SSL support with OpenSSL backend,
130 # you can enter the certificate file here.
131 # The certificates must be in PEM format and must be sorted starting with
132 # the subject's certificate (server certificate), followed by intermediate
133 # CA certificates (if applicable_ and the highest level (root) CA. It should
134 # end with the server key. See 'docs/security.txt' or the Security chapter of
135 # NUT user manual for more information on the SSL support in NUT.
136 #
137 # See 'docs/security.txt' or the Security chapter of NUT user manual
138 # for more information on the SSL support in NUT.
140 # =======================================================================
141 # CERTPATH <certificate file or directory>
142 # CERTPATH /usr/local/ups/etc/cert/upsd
143 #
144 # When compiled with SSL support with NSS backend,
145 # you can enter the certificate path here.
146 # Certificates are stored in a dedicated database (split into 3 files).
147 # Specify the path of the database directory.
148 #
149 # See 'docs/security.txt' or the Security chapter of NUT user manual
150 # for more information on the SSL support in NUT.
152 # =======================================================================
153 # CERTIDENT <certificate name> <database password>
154 # CERTIDENT "my nut server" "MyPasSw0rD"
155 #
156 # When compiled with SSL support with NSS backend,
157 # you can specify the certificate name to retrieve from database to
158 # authenticate itself and the password
159 # required to access certificate related private key.
160 #
161 # See 'docs/security.txt' or the Security chapter of NUT user manual
162 # for more information on the SSL support in NUT.
164 # =======================================================================
165 # CERTREQUEST <certificate request level>
166 # CERTREQUEST REQUIRE
167 #
168 # When compiled with SSL support with NSS backend and client certificate
169 # validation (disabled by default, see 'docs/security.txt'),
170 # you can specify if upsd requests or requires client's' certificates.
171 # Possible values are :
172 # - 0 to not request to clients to provide any certificate
173 # - 1 to require to all clients a certificate
174 # - 2 to require to all clients a valid certificate
175 #
176 # See 'docs/security.txt' or the Security chapter of NUT user manual
177 # for more information on the SSL support in NUT.
179 # =======================================================================
180 # DISABLE_WEAK_SSL <Boolean>
181 # DISABLE_WEAK_SSL true
182 #
183 # Tell upsd to disable older/weak SSL/TLS protocols and ciphers.
184 #
185 # With relatively recent versions of OpenSSL or NSS it will be restricted
186 # to TLSv1.2 or better.
187 #
188 # Unless you have really ancient clients, you probably want to enable this.
189 # Currently disabled by default to ensure compatibility with existing setups.
191 # =======================================================================
192 # DEBUG_MIN <Integer>
193 # DEBUG_MIN 2
194 #
195 # Optionally specify a minimum debug level for `upsd` data daemon, e.g. for
196 # troubleshooting a deployment, without impacting foreground or background
197 # running mode directly, and without need to edit init-scripts or service
198 # unit definitions. Note that command-line option `-D` can only increase
199 # this verbosity level.
200 #
201 # NOTE: if the running daemon receives a `reload` command, presence of the
202 # `DEBUG_MIN NUMBER` value in the configuration file can be used to tune
203 # debugging verbosity in the running service daemon (it is recommended to
204 # comment it away or set the minimum to explicit zero when done, to avoid
205 # huge journals and I/O system abuse). Keep in mind that for this run-time
206 # tuning, the `DEBUG_MIN` value *present* in *reloaded* configuration files
207 # is applied instantly and overrides any previously set value, from file
208 # or CLI options, regardless of older logging level being higher or lower
209 # than the newly found number; a missing (or commented away) value however
210 # does not change the previously active logging verbosity.