guacd.conf.5.in (5298B)
1.\" 2.\" Licensed to the Apache Software Foundation (ASF) under one 3.\" or more contributor license agreements. See the NOTICE file 4.\" distributed with this work for additional information 5.\" regarding copyright ownership. The ASF licenses this file 6.\" to you under the Apache License, Version 2.0 (the 7.\" "License"); you may not use this file except in compliance 8.\" with the License. You may obtain a copy of the License at 9.\" 10.\" http://www.apache.org/licenses/LICENSE-2.0 11.\" 12.\" Unless required by applicable law or agreed to in writing, 13.\" software distributed under the License is distributed on an 14.\" "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15.\" KIND, either express or implied. See the License for the 16.\" specific language governing permissions and limitations 17.\" under the License. 18.\" 19.TH guacd.conf 5 "1 Jun 2017" "version @PACKAGE_VERSION@" "Apache Guacamole" 20. 21.SH NAME 22/etc/guacamole/guacd.conf \- Configuration file for guacd 23. 24.SH DESCRIPTION 25.B /etc/guacamole/guacd.conf 26is the configuration file for the Guacamole proxy daemon used by the Guacamole 27web application and framework, 28.B guacd. 29Use of this file is entirely optional, and all of its options can be specified 30from the command line when running 31.B guacd. 32If you provide both the 33.B guacd.conf 34file and command line options, the command line options will take precedence. 35. 36.SH SYNTAX 37.B guacd.conf 38is made up of sections, where each section contains a set of parameter/value 39pairs. The parameters available are dictated by the section in use, and 40parameters may only be specified within a section. 41.P 42The beginning of each section is denoted with a section name in brackets, and 43each section ends implicitly with the beginning of a new section, or at the end 44of the file. 45.TP 46\fB[server]\fR 47Contains parameters which control how 48.B guacd 49behaves as a server, from a network perspective. 50.TP 51\fB[daemon]\fR 52Parameters which configure how 53.B guacd 54behaves as a daemon, such as what file should contain the PID, if any. 55.TP 56\fB[ssl]\fR 57Parameters which control the SSL support of 58.B guacd, 59such as the certificate and private key used for encryption of the Guacamole 60protocol. This section and its parameters are only valid if 61.B guacd 62was built with SSL support. 63.P 64Parameters within sections are written as a parameter name, followed by an 65equals sign, followed by the parameter value, all on one line. Comments may be 66placed anywhere, and consist of arbitrary text following a 67.B # 68symbol until end-of-line: 69.TP 70\fIname\fR \fB=\fR \fIvalue\fR \fB#\fR \fISome arbitrary comment text\fR 71.P 72Beware that it is the combination of the section name with the parameter name 73that makes up the fully qualified name of a parameter. Each parameter 74absolutely 75.I must 76be placed only within its proper section, or 77.B guacd.conf 78will fail to be parsed, and 79.B guacd 80will not start. 81.P 82If special characters need to be placed within a parameter value, such as 83whitespace, \fB#\fR, \fB"\fR, or \fB\\\fR, the entire value must be enclosed in 84double quotes, and each occurrence of \fB"\fR or \fB\\\fR within the value must 85be escaped with backslashes: 86.TP 87\fIname\fR \fB=\fR \fB"\fR\fIquoted # value \\\\ with \\" special characters\fR\fB"\fR 88. 89.SH SERVER PARAMETERS 90.TP 91\fBbind_host\fR \fB=\fR \fIHOSTNAME\fR 92Requires 93.B guacd 94to bind to a specific host when listening for connections. By default, 95.B guacd 96will bind to localhost only. 97.TP 98\fBbind_port\fR \fB=\fR \fIPORT\fR 99Requires 100.B guacd 101to bind to a specific port when listening for connections. By default, 102.B guacd 103will bind to port 4822. 104. 105.SH DAEMON PARAMETERS 106.TP 107\fBlog_level\fR \fB=\fR \fILEVEL\fR 108Sets the maximum level at which 109.B guacd 110will log messages to syslog and, if running in the foreground, the console. 111Legal values are 112.B trace, 113.B debug, 114.B info, 115.B warning, 116and 117.B error. 118The default value is 119.B info. 120.TP 121\fBpid_file\fR \fB=\fR \fIFILE\fR 122Causes 123.B guacd 124to write its PID to the specified file upon startup. Note that 125.B guacd 126must have sufficient privileges to create or write this file, or it will fail 127to start. This parameter is typically needed for startup scripts, such that the 128script can report on the status of 129.B guacd 130and kill it if necessary. 131. 132.SH SSL PARAMETERS 133If 134.B guacd 135was built with SSL support, then connections between the web application and 136.B guacd 137can be encrypted if an SSL certificate and key file are given. 138.P 139When using a chain of certificates, you must append the additional certificates 140to your server certificate. This can be done easily with the standard 141.B cat 142command. Beware that the certificate for 143.B guacd 144.I must 145be the first certificate in the file. 146.TP 147\fBserver_certificate\fR \fB=\fR \fICERTIFICATE FILE\fR 148Enables SSL/TLS using the given cerficiate file. Future connections to 149.B guacd 150will require SSL/TLS enabled in the client (the web application). 151.TP 152\fBserver_key\fR \fB=\fR \fIKEY FILE\fR 153Enables SSL/TLS using the given private key file. Future connections to 154.B guacd 155will require SSL/TLS enabled in the client (the web application). 156. 157.SH EXAMPLE 158.nf 159.RS 160# 161# guacd.conf example 162# 163 164[daemon] 165 166pid_file = /var/run/guacd.pid 167 168[server] 169 170bind_host = localhost 171bind_port = 4822 172 173[ssl] 174 175server_certificate = /etc/ssl/certs/guacd.crt 176server_key = /etc/ssl/private/guacd.key 177.RE 178.fi