- # ssl: If you want the port(s) in this bind tag to use SSL, set this
- # to either "gnutls" or "openssl". The appropriate SSL module must be
- # loaded for SSL to work. If you do not want the port(s) in this bind
- # tag to support SSL, just remove or comment out this option.
- ssl="gnutls"
->
-
-<bind address="" port="6660-6669" type="clients">
-
-# When linking servers, the OpenSSL and GnuTLS implementations are completely
-# link-compatible and can be used alongside each other
-# on each end of the link without any significant issues.
-# Supported SSL types are: "openssl" and "gnutls".
-# You must load m_ssl_openssl for OpenSSL or m_ssl_gnutls for GnuTLS.
-
-<bind address="" port="7000,7001" type="servers">
-<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
-
-
-#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
-# #
-# You can configure the passwords here which you wish to use for #
-# the /DIE and /RESTART commands. Only trusted ircops who will #
-# need this ability should know the die and restart password. #
-# #
-
-<power
- # hash: what hash these passwords are hashed with.
- # Requires the module for selected hash (m_md5.so, m_sha256.so
- # or m_ripemd160.so) be loaded and the password hashing module
- # (m_password_hash.so) loaded.
- # Options here are: "md5", "sha256" and "ripemd160", or one of
- # these prefixed with "hmac-", e.g.: "hmac-sha256".
- # Optional, but recommended. Create hashed passwords with:
- # /mkpasswd <hash> <password>
- #hash="sha256"
-
- # diepass: Password for opers to use if they need to shutdown (die)
- # a server.
- #
- # IMPORTANT: leaving this field empty does not disable the use of
- # the DIE command. In order to prevent the use of this command you
- # should remove it from the command privileges of your opers.
- diepass=""
-
- # restartpass: Password for opers to use if they need to restart
- # a server.
- #
- # IMPORTANT: leaving this field empty does not disable the use of
- # the RESTART command. In order to prevent the use of this command
- # you should remove it from the command privileges of your opers.
- restartpass="">
+ # sslprofile: If you want the port(s) in this bind tag to use TLS (SSL), set this
+ # to the name of a custom <sslprofile> tag that you have defined. See the
+ # docs page for the TLS (SSL) module you are using for more details:
+ #
+ # GnuTLS: https://docs.inspircd.org/3/modules/ssl_gnutls#sslprofile
+ # mbedTLS: https://docs.inspircd.org/3/modules/ssl_mbedtls#sslprofile
+ # OpenSSL: https://docs.inspircd.org/3/modules/ssl_openssl#sslprofile
+ #
+ # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls
+ # for GnuTLS and ssl_mbedtls for mbedTLS.
+ sslprofile="Clients"
+
+ # defer: When this is non-zero, connections will not be handed over to
+ # the daemon from the operating system before data is ready.
+ # In Linux, the value indicates the time period we'll wait for a
+ # connection to come up with data. Don't set it too low!
+ # In BSD the value is ignored; only zero and non-zero is possible.
+ # Windows ignores this parameter completely.
+ # Note: This does not take effect on rehash.
+ # To change it on a running bind, you'll have to comment it out,
+ # rehash, comment it in and rehash again.
+ defer="0"
+
+ # free: When this is enabled the listener will be created regardless of
+ # whether the interface that provides the bind address is available. This
+ # is useful for if you are starting InspIRCd on boot when the server may
+ # not have brought the network interfaces up yet.
+ free="no">
+
+# Plaintext listener that binds on a TCP/IP endpoint:
+<bind address="" port="6667" type="clients">
+
+
+# Listener that binds on a UNIX endpoint (not supported on Windows):
+#<bind
+
+ # path: The location to store the UNIX socket
+ #path="/tmp/inspircd.sock"
+
+ # type: Type of bind block this is. It can either be clients or
+ # servers. Whichever you select will be the only type able to connect
+ # to this bind section.
+ #type="clients"
+
+ # permissions: The octal permissions to set on the UNIX socket after it has
+ # been created. If you are not familiar with octal permissions you should
+ # not define this or refer to http://permissions-calculator.org for help.
+ # Note: This does not take effect on rehash.
+ # To change it on a running bind, you'll have to comment it out,
+ # rehash, comment it in and rehash again.
+ #permissions=""
+
+ # replace: if the UNIX socket path already exists then remove it before
+ # attempting to create the new one. This is strongly recommended as it
+ # allows InspIRCd to create sockets in cases where it previously did not
+ # shut down cleanly and left a zombie socket behind.
+ #replace="yes">
+
+
+# Listener accepting HTML5 WebSocket connections.
+# Requires the websocket module and SHA-1 hashing support (provided by the sha1
+# module).
+#<bind address="" port="7002" type="clients" hook="websocket">
+
+
+# You can define a custom <sslprofile> tag which defines the TLS (SSL) configuration
+# for these listeners. See the docs page for the TLS (SSL) module you are using for
+# more details.
+#
+# Alternatively, you can use one of the default TLS (SSL) profiles which are created
+# when you have not defined any:
+# "openssl" (requires the ssl_openssl module)
+# "gnutls" (requires the ssl_gnutls module)
+# "mbedtls" (requires the ssl_mbedtls module)
+#
+# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are
+# completely link-compatible and can be used alongside each other on each end
+# of the link without any significant issues.