mirror of
https://github.com/RsyncProject/rsync.git
synced 2025-12-23 23:28:17 -05:00
2a87d78f69
The new rsh-ssl-rsync helper script (replacing stunnel-rsync) supports openssl in addition to stunnel. The RSYNC_SSL_TYPE environment variable can be set to specify which type of connection to use, and the first arg to rsync-ssl can be --type=stunnel or --type=openssl to override the env var or the default of "stunnel". The helper script now looks for stunnel4 or stunnel on the PATH at runtime instead of having configure look for it at compile time.
31 lines
1016 B
Plaintext
31 lines
1016 B
Plaintext
# This config for stunnel will start up rsync for an incoming ssl connection.
|
|
foreground = no
|
|
#output = /var/log/stunnel-rsyncd.log
|
|
pid = /var/run/stunnel-rsyncd.pid
|
|
socket = l:TCP_NODELAY=1
|
|
socket = r:TCP_NODELAY=1
|
|
#compression = rle
|
|
# This must be root for rsync to use chroot -- rsync will drop permissions:
|
|
setuid = root
|
|
setgid = root
|
|
|
|
[rsync]
|
|
accept = 874
|
|
# You can set the cert to a combo *.pem file and omit the key, if you like.
|
|
cert = /etc/rsync-ssl/certs/server.crt
|
|
key = /etc/rsync-ssl/certs/server.key
|
|
client = no
|
|
|
|
# To allow anyone to try an ssl connection, use this:
|
|
verify = 0
|
|
CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
|
|
# To allow only cert-authorized clients, use something like this instead of the above:
|
|
#verify = 3
|
|
#CAfile = /etc/rsync-ssl/certs/allowed-clients.cert.pem
|
|
|
|
exec = @bindir@/rsync
|
|
# You can either share the same config as a normal daemon, or specify a separate config:
|
|
execargs = rsync --server --daemon .
|
|
#execargs = rsync --server --daemon --config=/etc/rsync-ssl/rsyncd.conf .
|