aboutsummaryrefslogtreecommitdiff
path: root/gmid/files/gmid.conf.new
diff options
context:
space:
mode:
Diffstat (limited to 'gmid/files/gmid.conf.new')
-rw-r--r--gmid/files/gmid.conf.new40
1 files changed, 23 insertions, 17 deletions
diff --git a/gmid/files/gmid.conf.new b/gmid/files/gmid.conf.new
index 3b725ad..c725e4f 100644
--- a/gmid/files/gmid.conf.new
+++ b/gmid/files/gmid.conf.new
@@ -1,24 +1,30 @@
-log {
- access /var/log/gmid/gmid.log
-}
+# Directory to isolate process.
+#
+# Only available when starting gmid as root.
+chroot "/srv/gmid"
+
+# User to run daemon as. Mandatory if chroot is used.
+user "gmid"
# An example of a server block:
-server "localhost" {
+server "example.com" {
listen on * port 1965
- # set the directory to serve
- root "localhost"
+ # Path to the root directory of your capsule.
+ root "example.com"
- # Set self-signed TLS cert and key. It's better to keep
- # the keys outside the chroot.
+ # Set self-signed TLS cert and key. It is better to keep the keys
+ # outside the chroot.
+ #
+ # This key expires after 365 days, keep in mind to renew it.
#
- # sudo -u gmid -- \
- # openssl req -x509 \
- # -newkey rsa:4096 \
- # -nodes \
- # -out /etc/gmid/certs/localhost.crt \
- # -keyout /etc/gmid/certs/localhost.key \
- # -subj "/CN=localhost"
- cert "/etc/gmid/certs/localhost.crt"
- key "/etc/gmid/certs/localhost.key"
+ # openssl req -x509 \
+ # -newkey rsa:4096 \
+ # -days 365 \
+ # -nodes \
+ # -out /etc/ssl/gmid/example.com.pem \
+ # -keyout /etc/ssl/gmid/example.com.key \
+ # -subj "/CN=example.com"
+ cert "/etc/ssl/gmid/example.com.pem"
+ key "/etc/ssl/gmid/example.com.key"
}