mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-01-10 15:48:38 +01:00
117 lines
3.1 KiB
Plaintext
117 lines
3.1 KiB
Plaintext
####### TLS-RELATED PARAMETERS #######
|
|
|
|
### Option: TLSCAFile
|
|
# Full pathname of a file containing the top-level CA(s) certificates for
|
|
# peer certificate verification.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCAFile=
|
|
|
|
TLSCAFile=${ZBX_TLSCAFILE}
|
|
|
|
### Option: TLSCRLFile
|
|
# Full pathname of a file containing revoked certificates.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCRLFile=
|
|
|
|
TLSCRLFile=${ZBX_TLSCRLFILE}
|
|
|
|
### Option: TLSCertFile
|
|
# Full pathname of a file containing the server certificate or certificate chain.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCertFile=
|
|
|
|
TLSCertFile=${ZBX_TLSCERTFILE}
|
|
|
|
### Option: TLSKeyFile
|
|
# Full pathname of a file containing the server private key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSKeyFile=
|
|
|
|
TLSKeyFile=${ZBX_TLSKEYFILE}
|
|
|
|
####### For advanced users - TLS ciphersuite selection criteria #######
|
|
|
|
### Option: TLSCipherCert13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert13=
|
|
|
|
TLSCipherCert13=${ZBX_TLSCIPHERCERT13}
|
|
|
|
### Option: TLSCipherCert
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert=
|
|
|
|
TLSCipherCert=${ZBX_TLSCIPHERCERT}
|
|
|
|
### Option: TLSCipherPSK13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example:
|
|
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK13=
|
|
|
|
TLSCipherPSK13=${ZBX_TLSCIPHERPSK13}
|
|
|
|
### Option: TLSCipherPSK
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
|
|
# Example for OpenSSL:
|
|
# kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK=
|
|
|
|
TLSCipherPSK=${ZBX_TLSCIPHERPSK}
|
|
|
|
### Option: TLSCipherAll13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example:
|
|
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll13=
|
|
|
|
TLSCipherAll13=${ZBX_TLSCIPHERALL13}
|
|
|
|
### Option: TLSCipherAll
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll=
|
|
|
|
TLSCipherAll=${ZBX_TLSCIPHERALL}
|