diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ftpsync.conf.sample | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/etc/ftpsync.conf.sample b/etc/ftpsync.conf.sample index 1524e72..50b084b 100644 --- a/etc/ftpsync.conf.sample +++ b/etc/ftpsync.conf.sample @@ -31,6 +31,32 @@ ## If we need a user we also need a password #RSYNC_PASSWORD= +## Set to "true" to tunnel your rsync through stunnel. +## +## ftpsync will then use rsync's -e option to wrap the connection +## with bin/rsync-ssl-tunnel which sets up an stunnel to connect to +## RSYNC_SSL_PORT on the remote site. (This requires server +## support, obviously.) +## +## ftpsync can use either stunnel4, stunnel4-old, or socat to set up the +## encrypted tunnel. +## o stunnel4 requires at least stunnel4 version 5.15 built aginst openssl +## 1.0.2 or later such that the stunnel build supports the checkHost +## service-level option. This will cause stunnel to verify both the +## peer certificate's validity and that it's actually for the host we wish +## to connect to. +## o stunnel4-old will skip the checkHost check. As such it will connect +## to any peer that is able to present a valid certificate, regardless of +## which name it is made out to. +## o socat will verify the peer certificate name only starting with version +## 1.7.3 (Debian 9.0). +## To test if things work, you can run +## RSYNC_SSL_PORT=1873 RSYNC_SSL_CAPATH=/etc/ssl/certs RSYNC_SSL_METHOD=socat rsync -e 'bin/rsync-ssl-tunnel' <server>:: +#RSYNC_SSL=false +#RSYNC_SSL_PORT=1873 +#RSYNC_SSL_CAPATH=/etc/ssl/certs +#RSYNC_SSL_METHOD=stunnel4 + ## In which directory should logfiles end up ## Note that BASEDIR defaults to $HOME, but can be set before calling the ## ftpsync script to any value you want (for example using pam_env) |