summaryrefslogtreecommitdiffstats
path: root/stunnel-rsyncd.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'stunnel-rsyncd.conf.in')
-rw-r--r--stunnel-rsyncd.conf.in30
1 files changed, 30 insertions, 0 deletions
diff --git a/stunnel-rsyncd.conf.in b/stunnel-rsyncd.conf.in
new file mode 100644
index 0000000..b3fd240
--- /dev/null
+++ b/stunnel-rsyncd.conf.in
@@ -0,0 +1,30 @@
+# This config for stunnel will start up rsync for an incoming ssl connection.
+foreground = no
+#output = /var/log/stunnel-rsyncd.log
+pid = /var/run/stunnel-rsyncd.pid
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+#compression = rle
+# This must be root for rsync to use chroot -- rsync will drop permissions:
+setuid = root
+setgid = root
+
+[rsync]
+accept = 874
+# You can set the cert to a combo *.pem file and omit the key, if you like.
+cert = /etc/rsync-ssl/certs/server.crt
+key = /etc/rsync-ssl/certs/server.key
+client = no
+
+# To allow anyone to try an ssl connection, use this:
+verify = 0
+CAfile = /etc/ssl/certs/ca-certificates.crt
+
+# To allow only cert-authorized clients, use something like this instead of the above:
+#verify = 3
+#CAfile = /etc/rsync-ssl/certs/allowed-clients.cert.pem
+
+exec = @bindir@/rsync
+# You can either share the same config as a normal daemon, or specify a separate config:
+execargs = rsync --server --daemon .
+#execargs = rsync --server --daemon --config=/etc/rsync-ssl/rsyncd.conf .
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 09:39:36 +0000