X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fmodules.conf.example;h=37492ac0973a8e450ed2abfd3602874111870f82;hb=ccebfe6e637b420bef05e8e0faf29bb19f1883d9;hp=d68248163ae57285a67987e0b21c1c9519eb9712;hpb=c2a3321540c2178b2752dc102b2f57c8501f468d;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index d68248163..37492ac09 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -177,7 +177,7 @@ # users that send overly capitalised messages to channels. Unlike the # blockcaps module this module is more flexible as it has more options # for punishment and allows channels to configure their own punishment -# policies. +# policies. # # # You may also configure the characters which anticaps considers to be @@ -210,7 +210,7 @@ # For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask # on join. This can be combined with extbans, for example +w o:R:Brain # will op anyone identified to the account "Brain". -# Another useful combination is with SSL client certificate +# Another useful combination is with TLS (SSL) client certificate # fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will # give halfop to the user(s) having the given certificate. # @@ -349,7 +349,7 @@ # IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html # # When using this method you must specify a wildcard mask or CIDR range -# to allow gateway connections from and at least one of either a SSL +# to allow gateway connections from and at least one of either a TLS (SSL) # client certificate fingerprint for the gateway or a password to be # sent in the WEBIRC command. # @@ -943,7 +943,7 @@ # other modules that need it using the libMaxMindDB library. # # # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_geo_maxmind.cpp +# ./configure --enable-extras geo_maxmind # and run make install, then uncomment this module to enable it. # # # # This module requires libMaxMindDB to be installed on your system. # @@ -1177,7 +1177,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 client-to-client tags module: Provides the message-tags IRCv3 -# extension which allows clients to add extra data to their messages. +# extension which allows clients to add extra data to their messages. # This is used to support new IRCv3 features such as replies and ids. # @@ -1224,14 +1224,15 @@ # # host - A glob match for the SNI hostname to apply this policy to. # duration - The amount of time that the policy lasts for. Defaults to -# approximately two months by default. +# five minutes by default. You should raise this to a month +# or two once you know that your config is valid. # port - The port on which TLS connections to the server are being # accepted. You MUST have a CA-verified certificate on this # port. Self signed certificates are not acceptable. # preload - Whether client developers can include your certificate in # preload lists. # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. @@ -1262,7 +1263,7 @@ # LDAP module: Allows other SQL modules to access a LDAP database # through a unified API. # This modules is in extras. Re-run configure with: -# ./configure --enable-extras=m_ldap.cpp +# ./configure --enable-extras ldap # and run make install, then uncomment this module to enable it. # # @@ -1406,7 +1407,7 @@ # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. # This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_mysql.cpp +# ./configure --enable-extras mysql # and run make install, then uncomment this module to enable it. # # @@ -1596,7 +1597,7 @@ # # # enableumode - If enabled, user mode +O is required for override. # # # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper levels module: Gives each oper a level and prevents actions @@ -1692,7 +1693,7 @@ # 'saveperiod' determines how often to check if the database needs to be # saved to disk. Defaults to every five seconds. # # # @@ -1703,7 +1704,7 @@ # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. # This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_pgsql.cpp +# ./configure --enable-extras pgsql # and run make install, then uncomment this module to enable it. # # @@ -1803,7 +1804,7 @@ # nokicks (+Q) mode is set. Defaults to false. # protectedrank: Members having this rank or above may not be /REMOVE'd # by anyone. Set to 0 to disable this feature. Defaults to 50000. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Repeat module: Allows to block, kick or ban upon similar messages @@ -1946,12 +1947,14 @@ # Layer via AUTHENTICATE. Note: You also need to have cap loaded # for SASL to work. # -# Define the following to your services server name to improve security -# by ensuring the SASL messages are only sent to the services server -# and not to all connected servers. This prevents a rogue server from -# capturing SASL messages and disables the SASL cap when services is -# down. -# + +# You must define to the name of your services server so +# that InspIRCd knows where to send SASL authentication messages and +# when it should enable the SASL capability. +# You can also define to require users to use TLS (SSL) +# in order to be able to use SASL. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, @@ -2106,14 +2109,14 @@ # You can optionally let the user know that their command was blocked. # # You may also let SHUN affect opers (defaults to no). -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL mode module: Adds support for SSL-only channels via the '+z' -# channel mode, SSL-only private messages via the '+z' user mode and -# the 'z:' extban which matches SSL client certificate fingerprints. +# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z' +# channel mode, TLS (SSL)-only private messages via the '+z' user mode and +# the 'z:' extban which matches TLS (SSL) client certificate fingerprints. # -# Does not do anything useful without a working SSL module and the +# Does not do anything useful without a working TLS (SSL) module and the # sslinfo module (see below). # # @@ -2122,15 +2125,15 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL rehash signal module: Allows the SSL modules to be rehashed by +# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by # sending SIGUSR1 to a running InspIRCd process. -# This modules is in extras. Re-run configure with: -# ./configure --enable-extras=m_sslrehashsignal.cpp +# This module is in extras. Re-run configure with: +# ./configure --enable-extras sslrehashsignal # and run make install, then uncomment this module to enable it. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS, +# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS, # if enabled. You must answer 'yes' in ./configure when asked or # manually symlink the source for this module from the directory # src/modules/extra, if you want to enable this, or it will not load. @@ -2143,26 +2146,26 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL info module: Allows users to retrieve information about other -# users' peer SSL certificates and keys via the SSLINFO command. +# users' peer TLS (SSL) certificates and keys via the SSLINFO command. # This can be used by client scripts to validate users. For this to # work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded. # This module also adds the " is using a secure connection" -# and " has client certificate fingerprint " -# WHOIS lines, the ability for opers to use SSL cert fingerprints to -# verify their identity and the ability to force opers to use SSL +# and " has TLS (SSL) client certificate fingerprint " +# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to +# verify their identity and the ability to force opers to use TLS (SSL) # connections in order to oper up. It is highly recommended to load -# this module if you use SSL on your network. +# this module if you use TLS (SSL) on your network. # For how to use the oper features, please see the first # example tag in opers.conf.example. # # # -# If you want to prevent users from viewing SSL certificate information +# If you want to prevent users from viewing TLS (SSL) certificate information # and fingerprints of other users, set operonly to yes. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS. +# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS. # # #-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# @@ -2171,7 +2174,7 @@ # https://docs.inspircd.org/3/modules/ssl_mbedtls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL, +# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL, # if enabled. You must answer 'yes' in ./configure when asked or symlink # the source for this module from the directory src/modules/extra, if # you want to enable this, or it will not load. @@ -2202,7 +2205,7 @@ # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_sqlite3.cpp +# ./configure --enable-extras sqlite3 # and run make install, then uncomment this module to enable it. # # # @@ -2243,8 +2246,9 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # -# connected to non SSL enabled ports to enable SSL, if a proper SSL # -# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). # +# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if # +# a proper TLS (SSL) module is loaded (either ssl_gnutls, # +# ssl_mbedtls or ssl_openssl). # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -2327,7 +2331,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # WebSocket module: Adds HTML5 WebSocket support. # Specify hook="websocket" in a tag to make that port accept -# WebSocket connections. Compatible with SSL/TLS. +# WebSocket connections. Compatible with TLS (SSL). # Requires SHA-1 hash support available in the sha1 module. # #