diff options
| author | Wayne Davison <wayne@opencoder.net> | 2022-06-19 11:15:36 -0700 |
|---|---|---|
| committer | Wayne Davison <wayne@opencoder.net> | 2022-06-19 11:42:25 -0700 |
| commit | b38780f3fdcccd9280452536440e32dec32bade0 (patch) | |
| tree | 971411ef53343d774ef4bc6d90967640a855b9e0 | |
| parent | 5f33238f0667af79608b80f5befec973c3fc5135 (diff) | |
| download | rsync-b38780f3fdcccd9280452536440e32dec32bade0.tar.gz | |
Some proxy improvements (mainly).
| -rw-r--r-- | rsyncd.conf.5.md | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/rsyncd.conf.5.md b/rsyncd.conf.5.md index c61765a7..8bcbec0a 100644 --- a/rsyncd.conf.5.md +++ b/rsyncd.conf.5.md @@ -1114,15 +1114,15 @@ SSL proxy. ## SSL/TLS Daemon Setup When setting up an rsync daemon for access via SSL/TLS, you will need to -configure a proxy (such as haproxy or nginx) as the front-end that handles the -encryption. +configure a TCP proxy (such as haproxy or nginx) as the front-end that handles +the encryption. - You should limit the access to the backend-rsyncd port to only allow the proxy to connect. If it is on the same host as the proxy, then configuring it to only listen on localhost is a good idea. -- You should consider turning on the `proxy protocol` parameter if your proxy - supports sending that information. The examples below assume that this is - enabled. +- You should consider turning on the `proxy protocol` rsync-daemon parameter if + your proxy supports sending that information. The examples below assume that + this is enabled. An example haproxy setup is as follows: @@ -1149,14 +1149,14 @@ An example nginx proxy setup is as follows: > ssl_certificate_key /etc/letsencrypt/example.com/privkey.pem; > > proxy_pass localhost:873; -> proxy_protocol on; # Requires "proxy protocol = true" +> proxy_protocol on; # Requires rsyncd.conf "proxy protocol = true" > proxy_timeout 1m; > proxy_connect_timeout 5s; > } > } > ``` -## EXAMPLES +## DAEMON CONFIG EXAMPLES A simple rsyncd.conf file that allow anonymous rsync to a ftp area at `/home/ftp` would be: @@ -1237,8 +1237,9 @@ Thanks to Karsten Thygesen for his many suggestions and documentation! ## AUTHOR -Rsync was written by Andrew Tridgell and Paul Mackerras. Many people have -later contributed to it. +Rsync was originally written by Andrew Tridgell and Paul Mackerras. Many +people have later contributed to it. It is currently maintained by Wayne +Davison. Mailing lists for support and development are available at <https://lists.samba.org/>. |