aboutsummaryrefslogtreecommitdiff
path: root/doc/doc.RPKI.CA.Configuration.rpkid
diff options
context:
space:
mode:
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.rpkid')
-rw-r--r--doc/doc.RPKI.CA.Configuration.rpkid86
1 files changed, 53 insertions, 33 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.rpkid b/doc/doc.RPKI.CA.Configuration.rpkid
index c17b2f53..21793157 100644
--- a/doc/doc.RPKI.CA.Configuration.rpkid
+++ b/doc/doc.RPKI.CA.Configuration.rpkid
@@ -1,60 +1,80 @@
-****** rpkid.conf ******
+rpkid's default config file is the system rpkid.conf file. Start rpkid with -
+c filename to choose a different config file. All options are in the section
+[rpkid]. BPKI Certificates and keys may be in either DER or PEM format.
-rpkid's default config file is the system rpkid.conf file. Start rpkid with "-
-c filename" to choose a different config file. All options are in the section "
-[rpkid]". Certificates and keys may be in either DER or PEM format.
-
-Options:
+sql-database::
-startup-message::
+ MySQL database name for rpkid.
- String to log on startup, useful when debugging a collection of rpkid
- instances at once.
+ Default: ${myrpki::rpkid_sql_database}
sql-username::
- Username to hand to MySQL when connecting to rpkid's database.
-
-sql-database::
+ MySQL user name for rpkid.
- MySQL's database name for rpkid's database.
+ Default: ${myrpki::rpkid_sql_username}
sql-password::
- Password to hand to MySQL when connecting to rpkid's database.
+ MySQL password for rpkid.
+
+ Default: ${myrpki::rpkid_sql_password}
+
+server-host::
+
+ Host on which rpkid should listen for HTTP service requests.
+
+ Default: ${myrpki::rpkid_server_host}
+
+server-port::
+
+ Port on which rpkid should listen for HTTP service requests.
+
+ Default: ${myrpki::rpkid_server_port}
+
+irdb-url::
+
+ HTTP service URL rpkid should use to contact irdbd. If irdbd is
+ running on the same machine as rpkid, this can and probably should be
+ a loopback URL, since nobody but rpkid needs to talk to irdbd.
+
+ Default: http://${myrpki::irdbd_server_host}:${myrpki::
+ irdbd_server_port}/
bpki-ta::
- Name of file containing BPKI trust anchor. All BPKI certificate
- verification within rpkid traces back to this trust anchor.
+ Where rpkid should look for the BPKI trust anchor. All BPKI
+ certificate verification within rpkid traces back to this trust
+ anchor. Don't change this unless you really know what you are doing.
+
+ Default: ${myrpki::bpki_servers_directory}/ca.cer
rpkid-cert::
- Name of file containing rpkid's own BPKI EE certificate.
+ Where rpkid should look for its own BPKI EE certificate. Don't change
+ this unless you really know what you are doing.
-rpkid-key::
+ Default: ${myrpki::bpki_servers_directory}/rpkid.cer
- Name of file containing RSA key corresponding to rpkid-cert.
+rpkid-key::
-irbe-cert::
+ Where rpkid should look for the private key corresponding to its own
+ BPKI EE certificate. Don't change this unless you really know what
+ you are doing.
- Name of file containing BPKI certificate used by IRBE (rpkic, GUI)
- when talking to rpkid.
+ Default: ${myrpki::bpki_servers_directory}/rpkid.key
irdb-cert::
- Name of file containing BPKI certificate used by irdbd.
+ Where rpkid should look for irdbd's BPKI EE certificate. Don't change
+ this unless you really know what you are doing.
-irdb-url::
-
- Service URL for irdbd. Must be a http:// URL.
-
-server-host::
+ Default: ${myrpki::bpki_servers_directory}/irdbd.cer
- Hostname or IP address on which to listen for HTTP connections.
- Default is the wildcard address (IPv4 0.0.0.0, IPv6 ::), which should
- work in most cases.
+irbe-cert::
-server-port::
+ Where rpkid should look for the back-end control client's BPKI EE
+ certificate. Don't change this unless you really know what you are
+ doing.
- TCP port on which to listen for HTTP connections.
+ Default: ${myrpki::bpki_servers_directory}/irbe.cer