# conf.d file for shellinaboxd # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # Options available (copied from the man page): # # Sometimes, it is not necessary to replace the entire style sheet using the # --static-file option. But instead a small incremental change should be made to # the visual appearance of the terminal. The --css option provides a means to # append additional style rules to the end of the default styles.css sheet. More # than one --css option can be given on the same command line. # # You shouldn't need to change this value # unless you want to load your own style sheets. SIAB_CSS_DIR="/usr/share/shellinabox-resources" # If built with SSL/TLS support enabled, the daemon will look in SIAB_CERT_DIR for any # certificates. If unspecified, this defaults to the current working directory. # # If the browser negotiated a Server Name Identification the daemon will look for # a matching certificate-SERVERNAME.pem file. This allows for virtual hosting # of multiple server names on the same IP address and port. # # If no SNI handshake took place, it falls back on using the certificate in the # certificate.pem file. # # The administrator should make sure that there are matching certificates for # each of the virtual hosts on this server, and that there is a generic certifiā€ # cate.pem file. # # If no suitable certificate is installed, shellinaboxd will attempt to invoke # /usr/bin/openssl and create a new self-signed certificate. This only # succeeds if, after dropping privileges, shellinaboxd has write # permissions for SIAB_CERT_DIR. # # Most browsers show a warning message when encountering a self-signed # certificate and then allow the user the option of accepting the certificate. # Due to this usability problem, and due to the perceived security # implications, the use of auto-generated self-signed certificates is intended # for testing or in intranet deployments, only. # SIAB_CERT_DIR="/etc/shellinabox/cert" # By default, shellinaboxd redirectes all incoming HTTP requests to their # equivalent HTTPS URLs. If promoting of connections to encrypted SSL/TLS # sessions is undesired, this behavior can be disabled. # # This option is also useful during testing or for deployment in trusted # intranets, if SSL certificates are unavailable. # # SIAB_DISABLE_SSL and SIAB_CERT_DIR are mutually exclusive options. # # Add this option to SIAB_OPTS if you don't want SSL support. SIAB_DISABLE_SSL="--disable-ssl" # Default port to listen on. SIAB_HTTP_PORT="4200" # Run shellinabox as this user. SIAB_USER="shellinaboxd" # Run shellinabox as this group. SIAB_GROUP="shellinaboxd" # Default service to launch SIAB_SERVICE="/:LOGIN" # Beeps are disabled because of reports of the VLC plugin crashing # Firefox on Linux/x86_64. SIAB_OPTS="--no-beep" # Do not add both SIAB_CSS_DIR or SIAB_CERT_DIR to SIAB_OPTS. # Default setup turns off SSL. SIAB_OPTS="${SIAB_OPTS} ${SIAB_DISABLE_SSL} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE}" # Uncomment this line to activate SSL. # SIAB_OPTS="--cert=${SIAB_CERT_DIR} --port=${SIAB_HTTP_PORT} --user=${SIAB_USER} --group=${SIAB_GROUP} --service=${SIAB_SERVICE}"