diff options
Diffstat (limited to 'bin/OpenSim.ini.example')
-rw-r--r-- | bin/OpenSim.ini.example | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 5d969ce..3482270 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
@@ -46,11 +46,8 @@ | |||
46 | 46 | ||
47 | 47 | ||
48 | [Const] | 48 | [Const] |
49 | ; For a grid these will usually be the externally accessible IP/DNS | 49 | ; this section defines constants for grid services |
50 | ; name and use default public port 8002 and default private port 8003 | 50 | ; to simplify other configuration files default settings |
51 | ; For a standalone this will usually be the externally accessible IP/DNS | ||
52 | ; name and use default public port 9000. The private port is not used | ||
53 | ; in the configuration for a standalone. | ||
54 | 51 | ||
55 | ;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1" | 52 | ;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1" |
56 | BaseHostname = "127.0.0.1" | 53 | BaseHostname = "127.0.0.1" |
@@ -61,13 +58,13 @@ | |||
61 | ;# {PublicPort} {} {PublicPort} {8002 9000} "8002" | 58 | ;# {PublicPort} {} {PublicPort} {8002 9000} "8002" |
62 | PublicPort = "8002" | 59 | PublicPort = "8002" |
63 | 60 | ||
61 | ;grid default private port 8003, not used in standalone | ||
64 | ;# {PrivatePort} {} {PrivatePort} {8003} "8003" | 62 | ;# {PrivatePort} {} {PrivatePort} {8003} "8003" |
65 | ; port to access private grid services. | 63 | ; port to access private grid services. |
66 | ; grids that run all their regions should deny access to this port | 64 | ; grids that run all their regions should deny access to this port |
67 | ; from outside their networks, using firewalls | 65 | ; from outside their networks, using firewalls |
68 | PrivatePort = "8003" | 66 | PrivatePort = "8003" |
69 | 67 | ||
70 | |||
71 | [Startup] | 68 | [Startup] |
72 | ;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) " | 69 | ;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) " |
73 | ;; Console prompt | 70 | ;; Console prompt |
@@ -299,7 +296,18 @@ | |||
299 | ;; default is false | 296 | ;; default is false |
300 | ; TelehubAllowLandmark = false | 297 | ; TelehubAllowLandmark = false |
301 | 298 | ||
302 | 299 | ||
300 | ;; SSL certificate validation options | ||
301 | ;; you can allow selfsigned certificates or no official CA with next option set to true | ||
302 | ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true | ||
303 | ; NoVerifyCertChain = true | ||
304 | |||
305 | ;; you can also bypass the hostname or domain verification | ||
306 | ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true | ||
307 | ; NoVerifyCertHostname = true | ||
308 | ;; having both options true does provide encryption but with low security | ||
309 | ;; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it. | ||
310 | |||
303 | [AccessControl] | 311 | [AccessControl] |
304 | ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} | 312 | ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} |
305 | ;; Bar (|) separated list of viewers which may gain access to the regions. | 313 | ;; Bar (|) separated list of viewers which may gain access to the regions. |
@@ -443,7 +451,6 @@ | |||
443 | ;; Password for the default estate owner | 451 | ;; Password for the default estate owner |
444 | ; DefaultEstateOwnerPassword = password | 452 | ; DefaultEstateOwnerPassword = password |
445 | 453 | ||
446 | |||
447 | [SMTP] | 454 | [SMTP] |
448 | ;; The SMTP server enabled the email module to send email to external | 455 | ;; The SMTP server enabled the email module to send email to external |
449 | ;; destinations. | 456 | ;; destinations. |
@@ -476,7 +483,6 @@ | |||
476 | ;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {} | 483 | ;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {} |
477 | ; SMTP_SERVER_PASSWORD = "" | 484 | ; SMTP_SERVER_PASSWORD = "" |
478 | 485 | ||
479 | |||
480 | [Network] | 486 | [Network] |
481 | ;# {ConsoleUser} {} {User name for console account} {} | 487 | ;# {ConsoleUser} {} {User name for console account} {} |
482 | ;; Configure the remote console user here. This will not actually be used | 488 | ;; Configure the remote console user here. This will not actually be used |
@@ -493,10 +499,39 @@ | |||
493 | ;; the region ports use UDP. | 499 | ;; the region ports use UDP. |
494 | ; http_listener_port = 9000 | 500 | ; http_listener_port = 9000 |
495 | 501 | ||
502 | ; optional main server secure http (ssl) | ||
503 | ; to use ssl you need a ssl certificate in PKCS12 format that validates the ExternalHostnames | ||
504 | ; or their domains | ||
505 | ; some viewers by default only accept certificates signed by a oficial CA | ||
506 | ; to use others like self signed certificates with those viewers, | ||
507 | ; their debug option NoVerifySSLCert needs to be set true, You need to inform users about this | ||
508 | ; the main unsecure port will still open for some services. this may change in future. | ||
509 | |||
510 | ; set http_listener_ssl to enable main server ssl. it will replace unsecure port on most functions | ||
511 | ;# {http_listener_ssl}{} {enable main server ssl port)} {} false | ||
512 | ;http_listener_ssl = false | ||
513 | |||
514 | ; Set port for main SSL connections | ||
515 | ;# {http_listener_sslport}{} {main server ssl port)} {} 9001 | ||
516 | ;http_listener_sslport = 9001 ; | ||
517 | |||
518 | ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn | ||
519 | ; this may be removed in future | ||
520 | ;# {http_listener_cn}{} {main server ssl externalHostName)} {} "" | ||
521 | ;http_listener_cn = "myRegionsExternalHostName" | ||
522 | |||
523 | ; the path for the certificate path | ||
524 | ;# {http_listener_cert_path}{} {main server ssl certificate file path)} {} "" | ||
525 | ;http_listener_cert_path = "mycert.p12" | ||
526 | |||
527 | ;# {http_listener_cert_pass}{} {main server ssl certificate password)} {} "" | ||
528 | ;http_listener_cert_pass = "mycertpass" ; the cert passwork | ||
529 | |||
496 | ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN. | 530 | ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN. |
497 | ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter. | 531 | ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter. |
498 | ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below. | 532 | ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below. |
499 | ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing. | 533 | ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing. |
534 | ; this HTTP calls can also use ssl see opensimDefaults.ini | ||
500 | ; | 535 | ; |
501 | ; You can whitelist individual endpoints by IP or FQDN, e.g. | 536 | ; You can whitelist individual endpoints by IP or FQDN, e.g. |
502 | ; | 537 | ; |