4 # Main Debian configuration file for the SILC server. Some option in this file
5 # are managed using debconf. You can invoke `dpkg-reconfigure silcd` if
6 # you want to change such options.
8 # The syntax and options of this file are documented in silcd.conf(5).
10 # Most of the settings in this file are optional. If some setting is
11 # mandatory it is mentioned separately. If some setting is omitted it means
12 # that its builtin default value will be used. Boolean values, that is
13 # setting something on or off, is done by setting either "true" or "false"
14 # value, respectively.
16 # The ServerInfo section is mandatory section. Other sections are optional.
17 # However, if General section is defined it must be defined before the
18 # ConnectionParams sections. On the other hand, the ConnectionParams section
19 # must be defined before Client, ServerConnection or RouterConnection
20 # sections. Other sections can be in free order.
24 # Include global algorithms from the "silcalgs.conf" file. This file defines
25 # ciphers, hash functions, HMACs and PKCS algorithms that can be used.
27 Include "/etc/silcd/silcalgs.conf";
30 # General configuration options
32 # These defines the default behaviour of the server. Most of these values
33 # can be overridden with ConnectionParams, which can be defined independently
34 # for different connections.
37 # If both passphrase and public key authentication is set for a
38 # connection the public key authentication is the preferred one
39 # to use. Set this to `true' to prefer passphrase authentication
40 # over public key authentication in these cases.
41 #prefer_passphrase_auth = true;
43 # Set this to true if the server should require fully qualified
44 # domain names (FQDN) for incoming connections. If true, a host
45 # without FQDN cannot connect to the server.
46 #require_reverse_lookup = true;
48 # Maximum number of connections server can handle. If you want
49 # to limit the number of incoming connections, define the
50 # connections_max in the ConnectionParams.
51 connections_max = 1000;
53 # Maximum number of incoming connections allowed per single host.
54 # For example, if this is one (1) it means a host can link only
55 # once to the server. Attempting to connect more than once would
56 # be refused. This can be overridden with ConnectionParams.
57 #connections_max_per_host = 10;
59 # Required version of the remote side. If these are specified then
60 # the remote must be of at least this version, or newer. If older
61 # then the connection will not be allowed.
63 # version_protocol - SILC protocol version ("major.minor")
64 # version_software - software version ("major.minor")
65 # version_software_vendor - vendor specific version extension
67 # The version_software_vendor may be for example a string or a build
68 # number of the software. The string can be a regex string to match
69 # more widely. Usually the vendor version checking is not necessary
70 # and can be omitted. These can be overridden with ConnectionParams.
71 #version_protocol = "1.3";
72 #version_software = "2.0";
73 #version_software_vendor = "SomeVendor";
75 # Default keepalive frequency (seconds). This can be overridden with
76 # with ConnectionParams.
79 # Dynamic router connections. If this is set for normal SILC server
80 # the connection to primary router is not created untill it is actually
81 # needed. Giving for example /WHOIS foobar@silcnet.org would then
82 # create connection to the primary router to resolve user foobar.
83 # On the other hand giving /WHOIS foobar would try to search the
84 # user foobar locally, without creating the connection. Note that
85 # giving /JOIN foobar will also created the connection as current
86 # SILC Server version supports only global channels (all JOINs require
87 # connection to router, if one is configured).
88 #dynamic_server = true;
90 # Default reconnection parameters defines how the server reconnect
91 # to the remote if the connection was lost. The reconnection phase
92 # use so called exponential backoff algorithm; The reconnect
93 # interval grows when reconnect count grows. Next example will
94 # attempt to reconnect after 10 seconds of disconnect, and the
95 # interval grows up to 600 seconds or until 7 times was attempted
96 # to reconnect. These settings has effect only when connecting
99 # reconnect_count - how many times reconnect is attempted
100 # reconnect_interval - how often reconnect it performed (seconds)
101 # reconnect_interval_max - maximum interval for reconnect, the
102 # server never waits longer than this to
103 # reconnect (seconds).
104 # reconnect_keep_trying - whether to keep trying even after
105 # reconnect_count is reached (the interval
106 # will be reconnect_interval_max).
108 # These can be overridden with ConnectionParams.
110 reconnect_interval = 10;
111 reconnect_interval_max = 600;
112 reconnect_keep_trying = true;
114 # Key exchange protocol rekey interval (seconds). How often to
115 # regenerate the session key with the remote. Initiator will perform
116 # the rekey and this setting affects only when connecting as initiator.
117 # This can be overridden with ConnectionParams.
118 #key_exchange_rekey = 3600;
120 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
121 # the rekey process with PFS, making the new key more secure since it
122 # is not dependent in any way of the old key. This will make the rekey
123 # process somewhat slower, than without PFS. This can be overridden
124 # with ConnectionParams.
125 #key_exchange_pfs = true;
127 # Key exchange timeout (seconds). If the key exchange protocol is not
128 # finished in this time period the remote connection will be closed.
129 #key_exchange_timeout = 60;
131 # Connection authentication timeout (seconds). If the connection
132 # authentication protocol is not finished in this time period the
133 # remote connection will be closed.
134 #conn_auth_timeout = 60;
136 # Channel key rekey interval (seconds). How often channel key is
137 # regenerated. Note that channel key is regenerated also always when
138 # someone joins or leaves the channel.
139 #channel_rekey_secs = 3600;
141 # SILC session detachment disabling and limiting. By default clients
142 # can detach their sessions from server. If you set detach_disabled
143 # to true the DETACH command cannot be used by clients. If you want
144 # to limit for how long the server keeps detached sessions you can
145 # set the time (minutes) in detach_timeout. After that timeout the
146 # detached session is closed if it is not resumed. By default
147 # sessions are persistent as long as server is running.
148 #detach_disabled = true;
149 #detach_timeout = 1440;
151 # Quality of Service (QoS) settings. The QoS can be used to handle
152 # the incoming data and limit its handling rate to avoid flooding.
153 # By default QoS is disabled and can be enabled by setting "qos" to
154 # true value. The "qos_rate_limit" is the data reads per second,
155 # and if more frequently is read due to for example data flooding,
156 # QoS is applied to the data. The "qos_bytes_limit" is maximum bytes
157 # allowed for incoming data. If more is received at once the QoS
158 # is applied to the data. The "qos_limit_sec" and "qos_limit_usec"
159 # is the timeout used to delay the data handling, seconds and
160 # microseconds, respectively. NOTE: If you enable QoS in General
161 # section it applies to server connections as well. Server
162 # connections SHOULD NOT use QoS. This can be overridden with
165 #qos_rate_limit = 10;
166 #qos_bytes_limit = 2048;
168 #qos_limit_usec = 500000;
170 # Limit on how many channels one client can join. Default is 50.
171 #channel_join_limit = 100;
173 # HTTP server access to the server for retrieving server statistics
174 # with a web browser. This is disabled by default.
176 #http_server_ip = "127.0.0.1";
177 #http_server_port = 5000;
179 # Debug string. Debug string can be set to print debugging from
180 # the running server. The debug is redirected to stderr.
194 # Primary listener. Specify the IP address and the port to bind
195 # the server. The public_ip can be used to specify the public IP
196 # if the server is behind NAT.
199 # public_ip = "11.1.1.1";
200 Include "/etc/silcd/silcd-primary-ip.conf";
204 # Secondary listener(s). If you need to bind your server into
205 # several interfaces use the Secondary to specify the listener(s).
207 #Secondary { ip = "10.2.1.60"; port = 706; };
208 #Secondary { ip = "10.2.1.160"; port = 706; };
211 # ServerType field specifies the purpose of this server
212 # This is only a descriptive field.
217 # Geographic location
227 # Admin's email address
232 # Run SILC server as specific user and group. The server must be
233 # initially run as root.
239 # Public and private keys
241 PublicKey = "/etc/silcd/silcd.pub";
242 PrivateKey = "/etc/silcd/silcd.prv";
247 # Specifies the text file displayed on client connection
249 #MotdFile = "/etc/silcd/motd.txt";
254 PidFile = "/var/run/silcd.pid";
260 # This section is used to set various logging files, their paths, maximum
261 # sizes and logging options.
263 # There are only four defined channels allowed for defining (see below).
264 # The log channels have an importance value, and most important channels
265 # are redirected on the less important ones, thus setting a valid logging
266 # file for "Info" will ensure logging for all channels, while setting
267 # logging file for "Errors" will ensure logging for channels "Errors"
268 # and "Fatals". If only, for example, "Info" is set then all logs go to
269 # that file (like in example below).
272 # Use timestamp in the logging files? (Usually it is a good idea,
273 # but you may want to disable this if you run silcd under some
277 # If QuickLogs is true, then the logging files will be updated
278 # real-time. This causes a bit more CPU and HDD activity, but
279 # reduces memory usage. By default it is false and log files are
280 # written with FlushDelay timeout.
284 # FlushDelay tells log files update delay (seconds) in case you
285 # have chosen buffering output. This setting has effect only if
286 # the QuickLogs is false.
290 # Informational messages
292 File = "/var/log/silcd/silcd.log";
298 # File = "/var/log/silcd/silcd_warnings.log";
304 # File = "/var/log/silcd/silcd_errors.log";
310 # File = "/var/log/silcd/silcd_fatals.log";
316 # Connection Parameters
318 # This section defined connection parameters. It is possible to use
319 # specific parameters in different connections, and to define different
320 # parameters to different connections. The parameters can define how the
321 # connection is handled and how the session is managed. If connection
322 # parameters are not used in connections the default values will apply
323 # (or values defined in General section). You can have multiple
324 # ConnectionParams blocks defined.
327 # unique name. The name is used to reference to this parameter
328 # block from the connections. This field is mandatory.
331 # Maximum number of connections allowed. More connections will be
332 # refused. This can be used for example to limit number of clients.
333 # Note that this never can be larger than the connections_max
334 # specified in General section.
335 connections_max = 200;
337 # Maximum number of connections allowed per host. For example, if
338 # this is one (1) it means a host can link only once to the server.
339 # Attempting to link more than once would be refused.
341 # If this connection parameters block is used with incoming server
342 # connections it is recommended that this value is set to one (1).
343 connections_max_per_host = 10;
345 # Required version of the remote side. If these are specified then
346 # the remote must be of at least this version, or newer. If older
347 # then the connection will not be allowed.
349 # version_protocol - SILC protocol version ("major.minor")
350 # version_software - software version ("major.minor")
351 # version_software_vendor - vendor specific version extension
353 # The version_software_vendor may be for example a string or a build
354 # number of the software. The string can be a regex string to match
355 # more widely. Usually the vendor version checking is not necessary
356 # and can be omitted. These can be overridden with ConnectionParams.
357 #version_protocol = "1.1";
358 #version_software = "1.3";
359 #version_software_vendor = "SomeVendor";
361 # Keepalive frequency (seconds).
362 keepalive_secs = 300;
364 # Reconnection parameters defines how the server reconnects to
365 # the remote if the connection was lost. The reconnection phase
366 # use so called exponential backoff algorithm; The reconnect
367 # interval grows when reconnect count grows. Next example will
368 # attempt to reconnect after 10 seconds of disconnect, and the
369 # interval grows up to 600 seconds or until 7 times was attempted
370 # to reconnect. These settings has effect only when connecting
373 # reconnect_count - how many times reconnect is attempted
374 # reconnect_interval - how often reconnect it performed (seconds)
375 # reconnect_interval_max - maximum interval for reconnect, the
376 # server never waits longer than this to
377 # reconnect (seconds).
378 # reconnect_keep_trying - whether to keep trying even after
379 # reconnect_count is reached (the interval
380 # will be reconnect_interval_max).
382 reconnect_interval = 10;
383 reconnect_interval_max = 600;
384 reconnect_keep_trying = true;
386 # Key exchange protocol rekey interval (seconds). How often to
387 # regenerate the session key with the remote. Initiator will perform
388 # the rekey and this setting affects only when connecting as initiator.
389 #key_exchange_rekey = 3600;
391 # Key exchange with Perfect Forward Secrecy (PFS). This will perform
392 # the rekey process with PFS, making the new key more secure since it
393 # is not dependent in any way of the old key. This will make the rekey
394 # process somewhat slower, than without PFS.
395 #key_exchange_pfs = true;
397 # Anonymous connection. This setting has effect only when this
398 # this is used with client connections. If set to true then clients
399 # using this connection parameter will be anonymous connections.
400 # This means that the client's username and hostname information
401 # is scrambled and anonymous mode is set for the user.
404 # Quality of Service (QoS) settings. The QoS can be used to handle
405 # the incoming data and limit its handling rate to avoid flooding.
406 # By default QoS is disabled and can be enabled by setting "qos" to
407 # true value. The "qos_rate_limit" is the incmoing data reading
408 # per second, and if more frequently than the set limit is read the
409 # QoS is applied to the data. The "qos_bytes_limit" is maximum bytes
410 # allowed for incoming data. If more is received at once the QoS
411 # is applied to the data. The "qos_limit_sec" and "qos_limit_usec"
412 # is the timeout used to delay the data handling, seconds and
413 # microseconds, respectively. For server connections QoS SHOULD NOT
416 #qos_rate_limit = 10;
417 #qos_bytes_limit = 2048;
419 #qos_limit_usec = 500000;
423 # Configured client connections.
425 # The "Host" defines the incoming IP address or hostname of the client.
426 # If it is omitted all hosts will match this client connection. The
427 # "Params" is optional and can be used to set specific connection parameters
428 # for this connection.
430 # The authentication data is specified by Passphrase and/or PublicKey.
431 # If both are provided then both password and public key based authentication
432 # is allowed. The "PublicKey" includes the single key contained in the
433 # specified file, while "PublicKeyDir" includes all files in the specified
434 # directory, which must all be valid public keys with ".pub" suffix.
436 # Next example connection will match to all incoming client connections,
437 # and no authentication is required.
441 #Passphrase = "secret";
442 #PublicKey = "/path/to/the/user_my.pub";
443 #PublicKey = "/path/to/the/user_221.pub";
444 #PublicKey = "/path/to/the/user_313.pub";
445 #PublicKeyDir = "/path/to/keys/dir/";
450 # Configured server administrator connections
452 # The fields "Host", "User", and "Nick", are optional but you are encouraged
453 # in using them to better identify your admins.
455 # The authentication data is specified by Passphrase and/or PublicKey.
456 # If both are provided then both password and public key based authentication
457 # is allowed. If the PublicKey is used it includes the file path to the
458 # public key file. If none of them is provided then authentication is not
462 Include "/etc/silcd/silcd-admin.conf";
466 # Configured server connections.
468 # If server connections are configured it means that this server is
469 # router server. Normal servers must not configure server connections.
470 # Thus, if this server is not router do not configure this section. If
471 # your server is router, this must be configured. The Host (mandatory)
472 # specifies the remote server.
474 # The authentication data is specified by Passphrase and/or PublicKey.
475 # If both are provided then both password and public key based authentication
476 # is allowed. If the PublicKey is used it includes the file path to the
477 # public key file. If none of them is provided then authentication is not
480 # If the connection is backup connection then set the "Backup" option
481 # to true. For normal connections set it false. If it is set to true then
482 # your server will be backup router.
486 # Passphrase = "verysecret";
487 # #PublicKey = "/etc/silcd/router.pub";
493 # Configured router connections
495 # For normal servers only one entry maybe configured to this section. It
496 # must be the router this server will be connected to. For router servers,
497 # this section includes all configured router connections. The first
498 # configured connection is the primary route. The Host (mandatory) specifies
499 # the remote hostname or IP address. The Port specifies the remote port
500 # to connect when Initiator is true. When Initiator is false the Port
501 # specifies the local port (listener port).
503 # The authentication data is specified by Passphrase and/or PublicKey.
504 # If both are provided then both password and public key based authentication
505 # is allowed. If the PublicKey is used it includes the file path to the
506 # public key file. If none of them is provided then authentication is not
509 # If you are the initiator of the connection then set the "Initiator"
510 # option to true. If you are the responder of the connection (waiting for
511 # incoming connection) then set it to false.
513 # If the connection is backup router connection then set the "BackupHost"
514 # option to the IP address of the router that the backup router will
515 # replace if it becomes unavailable. Set also the router's port to the
516 # "BackupPort" option. For normal connection leave both commented. If this
517 # backup router is in our cell then set the "BackupLocal" option to true.
518 # If the backup router is in other cell then set it to false.
521 # Host = "10.2.1.100";
523 # Passphrase = "verysecret";
524 # #PublicKey = "/etc/silcd/router.pub";
527 # #BackupHost = "10.2.1.6";
529 # #BackupLocal = true;
535 # These connections are denied to connect to our server.
537 # The "Reason" field is mandatory, while the "Host" field can be omitted to
541 # Host = "10.2.1.99";
542 # Reason = "Go away spammer";
546 # Reason = "You are not welcome.";