Add sslproxy.conf man page and example sslproxy.conf, and related make changes

7 years ago · a79cf4e0d1
parent d52ee62079
commit a79cf4e0d1
3 changed files with 134 additions and 1 deletions
--- a/14
+++ b/14
@ -149,6 +149,7 @@ endif

 PREFIX?=	/usr/local
 MANDIR?=	share/man
+EXAMPLESDIR?=	share/examples

 INSTALLUID?=	0
 INSTALLGID?=	0
@ -158,6 +159,7 @@ BINMODE?=	0755
 MANUID?=	$(INSTALLUID)
 MANGID?=	$(INSTALLGID)
 MANMODE?=	0644
+EXAMPLESMODE?=	0444
 ifeq ($(shell id -u),0)
 BINOWNERFLAGS?=	-o $(BINUID) -g $(BINGID)
 MANOWNERFLAGS?=	-o $(MANUID) -g $(MANGID)
@ -441,13 +443,23 @@ install: $(TARGET)
 	test -d $(DESTDIR)$(PREFIX)/bin || $(MKDIR) -p $(DESTDIR)$(PREFIX)/bin
 	test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man1 || \
 		$(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man1
+	test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man5 || \
+		$(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man5
+	test -d $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/sslproxy || \
+		$(MKDIR) -p $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/sslproxy
 	$(INSTALL) $(BINOWNERFLAGS) -m $(BINMODE) \
 		$(TARGET) $(DESTDIR)$(PREFIX)/bin/
 	$(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \
 		$(TARGET).1 $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/
+	$(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \
+		$(TARGET).conf.5 $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/
+	$(INSTALL) $(MANOWNERFLAGS) -m $(EXAMPLESMODE) \
+		$(TARGET).conf $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/sslproxy/

 deinstall:
-	$(RM) -f $(DESTDIR)$(PREFIX)/bin/$(TARGET) $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/$(TARGET).1
+	$(RM) -f $(DESTDIR)$(PREFIX)/bin/$(TARGET) $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/$(TARGET).1 \
+		$(DESTDIR)$(PREFIX)/$(MANDIR)/man5/$(TARGET).conf.5
+	$(RM) -rf $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/sslproxy/

 ifdef GITDIR
 lint:
--- a/sslproxy.conf
+++ b/sslproxy.conf
@ -0,0 +1,39 @@
+# This is the SSLproxy configuration file
+
+# Use CA cert (and key) to sign forged certs
+CACert /etc/sslproxy/ca.crt
+# Use CA key (and cert) to sign forged certs
+CAKey /etc/sslproxy/ca.key
+
+# Close connections after this many seconds of idle time
+ConnIdleTimeout 120
+
+# Check for expired connections every this many seconds
+ExpiredConnCheckPeriod 10
+
+# Retry to shut ssl conns down after this many micro seconds
+# Increasing this delay may avoid dirty shutdowns on slow connections,
+# but increases resource usage, such as file desriptors and memory
+SSLShutdownRetryDelay 100
+
+# Write pid to file
+PidFile /var/run/sslproxy.pid
+
+# Log statistics to syslog
+LogStats yes
+
+# Log statistics every this many ExpiredConnCheckPeriod periods
+StatsPeriod 1
+
+# Drop privileges to user and group
+User _sslproxy
+Group _sslproxy
+
+# Remove HTTP header line for Accept-Encoding
+RemoveHTTPAcceptEncoding no
+
+# Proxy specifications
+# type listenaddr+port up:utmport
+ProxySpec https 127.0.0.1 8443 up:8080
+ProxySpec pop3s 127.0.0.1 8995 up:8110
+ProxySpec smtps 127.0.0.1 8465 up:9199
--- a/sslproxy.conf.5
+++ b/sslproxy.conf.5
@ -0,0 +1,82 @@
+.TH "sslproxy.conf" "5" "August 22, 2017" "sslproxy 0.5.0" "SSLproxy"
+.SH "NAME"
+.LP 
+\fBsslproxy.conf\fR \- Configuration file for SSLproxy
+.SH "DESCRIPTION"
+.LP 
+The file sslproxy.conf configures SSLproxy, sslproxy(1).
+.SH "FILE FORMAT"
+The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are of the form \fBOption Argument\fR. The arguments are of the following types:
+.TP
+\fBBOOL\fR 
+Boolean value (yes/no).
+.TP 
+\fBSTRING\fR
+String.
+.TP 
+\fBNUMBER\fR
+Unsigned integer.
+.SH "DIRECTIVES"
+.LP 
+When an option is not used (hashed or doesn't exist in the configuration file) sslproxy takes a default action.
+.TP 
+\fBCACert STRING\fR
+Use CA cert (and key) to sign forged certs.
+.TP
+\fBCAKey STRING\fR
+Use CA key (and cert) to sign forged certs.
+.TP
+\fBConnIdleTimeout NUMBER\fR
+Close connections after this many seconds of idle time.
+.br
+Default: 120
+.TP
+\fBExpiredConnCheckPeriod NUMBER\fR
+Check for expired connections every this many seconds.
+.br 
+Default: 10.
+.TP 
+\fBSSLShutdownRetryDelay NUMBER\fR
+Retry to shut ssl conns down after this many micro seconds. Increasing this delay may avoid dirty shutdowns on slow connections, but increases resource usage, such as file desriptors and memory.
+.br 
+Default: 100
+.TP 
+\fBPidFile STRING\fR
+Write pid to file.
+.TP
+\fBLogStats BOOL\fR
+Log statistics to syslog.
+.br
+Default: yes
+.TP 
+\fBStatsPeriod NUMBER\fR
+Log statistics every this many ExpiredConnCheckPeriod periods.
+.br 
+Default: 1
+.TP 
+\fBUser STRING\fR
+Drop privileges to user.
+.br 
+Default: _sslproxy
+.TP
+\fBGroup STRING\fR
+Drop privileges to group.
+.br
+Default: _sslproxy
+.TP
+\fBRemoveHTTPAcceptEncoding BOOL\fR
+Remove HTTP header line for Accept-Encoding.
+.br
+Default: yes
+.TP 
+\fBProxySpec STRING\fR
+Proxy specification: type listenaddr+port up:utmport. Multiple specs are allowed, one on each line.
+.SH "FILES"
+.LP 
+/etc/sslproxy/sslproxy.conf
+.SH "AUTHOR"
+.LP 
+Soner Tari <sonertari@gmail.com>
+.SH "SEE ALSO"
+.LP 
+sslproxy(1)