zarafa-ical.cfg (5) - Linux Manuals

zarafa-ical.cfg: The Zarafa iCal/CalDAV gateway configuration file

NAME

zarafa-ical.cfg - The Zarafa iCal/CalDAV gateway configuration file

SYNOPSIS

ical.cfg

DESCRIPTION

The ical.cfg is a configuration file for the Zarafa iCal/CalDAV Gateway. ical.cfg contains instructions for the software to set up the logging system and to enable or disable the normal or SSL part of the service.

FILE FORMAT

The file consists of one big section, but parameters can be grouped by functionality.

The parameters are written in the form:

name = value

The file is line-based. Each newline-terminated line represents either a comment, nothing, a parameter or a directive. A line beginning with `#' is considered a comment, and will be ignored by Zarafa. Parameter names are case sensitive. Lines beginning with `!' are directives.

Directives are written in the form:

!directive[argument(s)]

The following directives exist:

include

Include and process argument

Example: !include common.cfg

EXPLANATION OF EACH PARAMETER

server_bind

IP address to bind to. 0.0.0.0 for any address.

Default: 0.0.0.0

ical_enable

Enable iCal/CalDAV service with value yes. All other values disable the service.

Default: yes

ical_port

The iCal/CalDAV service will listen on this port for incoming connections.

Default: 8080

icals_enable

Enable SSL iCal/CalDAV service with value yes. All other values disable the service.

Default: yes

icals_port

The SSL iCal/CalDAV service will listen on this port for incoming connections.

Default: 8443

server_socket

The http address of the Zarafa server.

Default: http://localhost:236/zarafa

It is not advised to specify the UNIX socket here, but the http address instead. In default configuration the gateway will then be trusted by the Zarafa server (as set in its local_admin_users configuration setting). Unless is run as an untrusted user, by specifying the run_as_user, the gateway always authenticates users even if they provide no or wrong credentials!

run_as_user

After correctly starting, the iCal/CalDAV gateway process will become this user, dropping root privileges. Note that the log file needs to be writeable by this user, and the directory too to create new logfiles after logrotation. This can also be achieved by setting the correct group and permissions.

Default value is empty, not changing the user after starting.

run_as_group

After correctly starting, the iCal/CalDAV gateway process will become this group, dropping root privileges.

Default value is empty, not changing the group after starting.

pid_file

Write the process ID number to this file. This is used by the init.d script to correctly stop/restart the service.

Default: /var/run/zarafa-ical.pid

running_path

Change directory to this path when running in daemonize mode. When using the -F switch to run in the foreground the directory will not be changed.

Default: /

process_model

You can change the process model between fork and thread. The forked model uses somewhat more resources, but if a crash is triggered, this will only affect one user. In the threaded model, a crash means all users are affected, and will not be able to use the service.

Default: fork

ssl_private_key_file

The iCal/CalDAV gateway will use this file as private key for SSL TLS. This file can be created with: openssl genrsa -out /etc/zarafa/ical/privkey.pem 2048.

Default: /etc/zarafa/ical/privkey.pem

ssl_certificate_file

The iCal/CalDAV gateway will use this file as certificate for SSL TLS. A self-signed certificate can be created with: openssl req -new -x509 -key /etc/zarafa/ical/privkey.pem -out /etc/zarafa/ical/cert.pem -days 1095.

Default: /etc/zarafa/ical/cert.pem

ssl_verify_client

Enable client certificate verification with value yes. All other values disable the verification.

Default: no

ssl_verify_file

The file to verify the clients certificates with.

Default: value not set.

ssl_verify_path

The path with the files to verify the clients certificates with.

Default: value not set.

ssl_protocols

Disabled or enabled protocol names. Supported protocol names are SSLv2, SSLv3 and TLSv1. If Zarafa was linked against OpenSSL 1.0.1 or later there is additional support for the new protocols TLSv1.1 and TLSv1.2. To exclude both, SSLv2 and SSLv3 set ssl_protocols to !SSLv2 !SSLv3. SSLv2 is considered unsafe and these connections should not be accepted.

Default: !SSLv2

ssl_ciphers

SSL ciphers to use, set to ALL for backward compatibility.

Default: ALL:!LOW:!SSLv2:!EXP:!aNULL

ssl_prefer_server_ciphers

Prefer the server's order of SSL ciphers over client's.

Default: no

log_method

The method which should be used for logging. Valid values are:

syslog

Use the Linux system log. All messages will be written to the mail facility. See also syslog.conf(5).

file

Log to a file. The filename will be specified in log_file.

Default: file

log_file

When logging to a file, specify the filename in this parameter. Use - (minus sign) for stderr output.

Default: /var/log/zarafa/ical.log

log_level

The level of output for logging in the range from 0 to 5. 0=no logging, 5=full logging.

Default: 2

log_timestamp

Specify whether to prefix each log line with a timestamp in 'file' logging mode.

Default: 1

enable_ical_get

Enable the ical GET method to download an entire calendar. When set to 'yes', the GET method is enabled and allowed. If not, then calendars can only be retrieved with the CalDAV PROPFIND method, which is much more efficient. This option allows you to force the use of CalDAV which lowers load on your server.

RELOADING

The following options are reloadable by sending the zarafa-ical process a HUP signal:

log_level

FILES

/etc/zarafa/ical.cfg

The Zarafa iCal/CalDAV gateway configuration file.

AUTHOR

Written by Zarafa.

SEE ALSO

zarafa-ical(1)