X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=config;h=0256c45c84015ca3e6d261ebb5958e659c20fcb9;hb=83ad6ee48b4c521a89129fd36852d0ede3424cfc;hp=30cd96ac2d525a1d67a1ce1ebced7aa2cd9ffa49;hpb=2b177e993a6a466b82afd020eaa4666b6e25f157;p=privoxy.git diff --git a/config b/config index 30cd96ac..0256c45c 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # Sample Configuration File for Privoxy 3.0.29 # -# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/ +# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/ # ##################################################################### # # @@ -567,7 +567,7 @@ logfile logfile # # The available debug levels are: # -# debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +# debug 1 # Log the destination for each request. See also debug 1024. # debug 2 # show each connection status # debug 4 # show I/O status # debug 8 # show header parsing @@ -609,7 +609,7 @@ logfile logfile # you read the log messages, you may even be able to solve the # problem on your own. # -#debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +#debug 1 # Log the destination for each request. #debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. #debug 4096 # Startup banner and warnings #debug 8192 # Non-fatal errors @@ -1000,7 +1000,7 @@ enforce-blocks 0 # whole destination part are optional. # # If your system implements RFC 3493, then src_addr and dst_addr -# can be IPv6 addresses delimeted by brackets, port can be a +# can be IPv6 addresses delimited by brackets, port can be a # number or a service name, and src_masklen and dst_masklen can # be a number from 0 to 128. # @@ -1986,13 +1986,13 @@ socket-timeout 300 # Notes: # # Under high load incoming connection may queue up before -# Privoxy gets around to serve them. The queue length is -# limitted by the operating system. Once the queue is full, -# additional connections are dropped before Privoxy can accept -# and serve them. +# Privoxy gets around to serve them. The queue length is limited +# by the operating system. Once the queue is full, additional +# connections are dropped before Privoxy can accept and serve +# them. # # Increasing the queue length allows Privoxy to accept more -# incomming connections that arrive roughly at the same time. +# incoming connections that arrive roughly at the same time. # # Note that Privoxy can only request a certain queue length, # whether or not the requested length is actually used depends @@ -2467,6 +2467,9 @@ socket-timeout 300 # This directive specifies the directory where the CA key, the # CA certificate and the trusted CAs file are located. # +# The permissions should only let Privoxy and the Privoxy admin +# access the directory. +# # Examples: # # ca-directory /usr/local/etc/privoxy/CA @@ -2497,8 +2500,15 @@ socket-timeout 300 # This directive specifies the name of the CA certificate file # in ".crt" format. # -# It can be generated with: openssl req -new -x509 -extensions -# v3_ca -keyout cakey.pem -out cacert.crt -days 3650 +# The file is used by Privoxy to generate website certificates +# when https inspection is enabled with the https-inspection +# action. +# +# Privoxy clients should import the certificate so that they can +# validate the generated certificates. +# +# The file can be generated with: openssl req -new -x509 +# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 # # Examples: # @@ -2592,7 +2602,14 @@ socket-timeout 300 # Notes: # # This directive specifies the directory where generated TLS/SSL -# keys and certificates are saved. +# keys and certificates are saved when https inspection is +# enabled with the https-inspection action. +# +# The keys and certificates currently have to be deleted +# manually when changing the ca-cert-file and the ca-cert-key. +# +# The permissions should only let Privoxy and the Privoxy admin +# access the directory. # # Examples: # @@ -2622,7 +2639,7 @@ socket-timeout 300 # Notes: # # This directive specifies the trusted CAs file that is used -# when validating certificates for intercepted TLS/SSL request. +# when validating certificates for intercepted TLS/SSL requests. # # An example file can be downloaded from https://curl.haxx.se/ca # /cacert.pem.