diff options
Diffstat (limited to 'roles/znc/templates/znc.conf.j2')
-rw-r--r-- | roles/znc/templates/znc.conf.j2 | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index c1e97d4..71f3495 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -15,7 +15,7 @@ Version = 1.6.5 HideVersion = true MaxBufferSize = {{ znc.buffer_size }} -SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 +SSLProtocols = +TLSv1.2 -TLSv1.1 -TLSv1 -SSLv3 -SSLv2 // SSL: https://wiki.znc.in/Signed_SSL_certificate // Everything in a single file, in the order from the most *private* to @@ -23,28 +23,23 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 // i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem +// NOTE: SSLKeyFile & SSLDHParamFile requires version >=1.7 //SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt -// version >=1.7 //SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key //SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem -<Listener ipv4> +// NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on +// both IPv4 & IPv6, therefore bind them separately. +{% for listener in ["ipv4", "ipv6"] %} +<Listener {{ listener }}> AllowIRC = true AllowWeb = false - IPv4 = true - // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6 - IPv6 = false - Port = {{ znc.port }} - SSL = true -</Listener> -<Listener ipv6> - AllowIRC = true - AllowWeb = false - IPv4 = false - IPv6 = true + IPv4 = {% if listener == "ipv4" %}true{% else %}false{% endif %} + IPv6 = {% if listener == "ipv6" %}true{% else %}false{% endif %} Port = {{ znc.port }} SSL = true </Listener> +{% endfor %} <User {{ znc.username }}> Admin = true |