diff options
author | Martins Abele <martins.abele@zabbix.com> | 2020-03-09 18:17:17 +0300 |
---|---|---|
committer | Martins Abele <martins.abele@zabbix.com> | 2020-03-09 18:17:17 +0300 |
commit | 7aeb20156503e2c08718194bdff7c0382a79b4f6 (patch) | |
tree | 542feefd1bbfd0d87e7f5a41374dae95c903adea /conf | |
parent | 7dc7d819c0aa22d6d76757849a86f9e01ea7a2a3 (diff) |
.......PS. [ZBXNEXT-2753] improved configuration file explananatory text
Diffstat (limited to 'conf')
-rw-r--r-- | conf/zabbix_proxy.conf | 43 | ||||
-rw-r--r-- | conf/zabbix_server.conf | 43 |
2 files changed, 38 insertions, 48 deletions
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf index 27ff23520a3..22f9ec966ca 100644 --- a/conf/zabbix_proxy.conf +++ b/conf/zabbix_proxy.conf @@ -738,52 +738,47 @@ StatsAllowedIP=127.0.0.1 # TLSPSKFile= ### Option: DBTLSConnect -# Setting this option enforces connecting to database using TLS. -# Supported option values: -# required - connect with encryption -# verify_ca - connect with encryption and check the certificate chain up to a trusted certificate -# authority (CA) -# verify_full - connect with encryption and also verify that the server host name or IP address -# matches its certificate +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate # On MySQL starting with 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and # "verify_full". -# On MariaDB starting from version 10.2.6 "required" and "verify_full" are supported. -# By default there are not set any connection options. Behaviour depends on database library compiled in. +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration # # Mandatory: no # Default: # DBTLSConnect= -### Option: DBTLSCertFile -# Full pathname of file containing client certificate for -# authenticating to database +### Option: DBTLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. # Supported only for MySQL and PostgreSQL # # Mandatory: no +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -# DBTLSCertFile= +# DBTLSCAFile= -### Option: DBTLSKeyFile -# Full pathname of file containing the private key for -# authenticating to database +### Option: DBTLSCertFile +# Full pathname of file containing Zabbix proxy certificate for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no # Default: -# DBTLSKeyFile= +# DBTLSCertFile= -### Option: DBTLSCAFile -# The path name of the Certificate Authority (CA) certificate file. -# MySQL: This option, if used, must specify the same certificate used by the server. +### Option: DBTLSKeyFile +# Full pathname of file containing the private key for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no -# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -# DBTLSCAFile= +# DBTLSKeyFile= ### Option: DBTLSCipher -# The list of encryption ciphers the client permits for connections that use TLS protocols up through TLSv1.2 +# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2 # Supported only for MySQL # # Mandatory no @@ -791,7 +786,7 @@ StatsAllowedIP=127.0.0.1 # DBTLSCipher= ### Option: DBTLSCipher13 -# The list of encryption ciphersuites the client permits for connections that use TLSv1.3 +# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol # Supported only for MySQL, starting from version 8.0.16 # # Mandatory no diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf index af07d1bdf1b..165134da56f 100644 --- a/conf/zabbix_server.conf +++ b/conf/zabbix_server.conf @@ -722,52 +722,47 @@ StatsAllowedIP=127.0.0.1 # TLSKeyFile= ### Option: DBTLSConnect -# Setting this option enforces connecting to database using TLS. -# Supported option values: -# required - connect with encryption -# verify_ca - connect with encryption and check the certificate chain up to a trusted certificate -# authority (CA) -# verify_full - connect with encryption and also verify that the server host name or IP address -# matches its certificate +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate # On MySQL starting with 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and # "verify_full". -# On MariaDB starting from version 10.2.6 "required" and "verify_full" are supported. -# By default there are not set any connection options. Behaviour depends on database library compiled in. +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration # # Mandatory: no # Default: # DBTLSConnect= -### Option: DBTLSCertFile -# Full pathname of file containing client certificate for -# authenticating to database +### Option: DBTLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. # Supported only for MySQL and PostgreSQL # # Mandatory: no +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -# DBTLSCertFile= +# DBTLSCAFile= -### Option: DBTLSKeyFile -# Full pathname of file containing the private key for -# authenticating to database +### Option: DBTLSCertFile +# Full pathname of file containing Zabbix server certificate for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no # Default: -# DBTLSKeyFile= +# DBTLSCertFile= -### Option: DBTLSCAFile -# The path name of the Certificate Authority (CA) certificate file. -# MySQL: This option, if used, must specify the same certificate used by the server. +### Option: DBTLSKeyFile +# Full pathname of file containing the private key for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no -# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -# DBTLSCAFile= +# DBTLSKeyFile= ### Option: DBTLSCipher -# The list of encryption ciphers the client permits for connections that use TLS protocols up through TLSv1.2 +# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 # Supported only for MySQL # # Mandatory no @@ -775,7 +770,7 @@ StatsAllowedIP=127.0.0.1 # DBTLSCipher= ### Option: DBTLSCipher13 -# The list of encryption ciphersuites the client permits for connections that use TLSv1.3 +# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol # Supported only for MySQL, starting from version 8.0.16 # # Mandatory no |