added etc directories

etc-zntrl/kopano/kwebd.cfg

@@ -0,0 +1,137 @@
+##############################################################
+# Kopano Web SETTINGS
+
+# Site's host name.
+# Full qualified host name. If set, kweb provides HTTP/HTTPS for this host
+# including automatic ACME CA TLS and Content Security Policy generation. If not
+# set (the default), kweb is available under all names and does not try to
+# obtain a certificate via ACME.
+#hostname=
+
+# ACME CA email.
+# To allow automatic TLS via ACME, the CA needs an email address. Provide your
+# email address here to enable automatic TLS via ACME. If tls_acme_email and
+# hostname are set, kweb will automatically manage TLS certificates unless
+# explictly disabled by other settings.
+#tls_acme_email =
+
+# ACME CA subscriber agreement.
+# Set to `yes` to accept the CA's subscriber agreement. If this is `no` or
+# not set and kweb is otherwise configured to use ACME, kweb will log the link
+# to the CA's subscriber agreement and then exit. You have to change this
+# setting to `yes` to use automatic TLS via ACME.
+#tls_acme_agree = no
+
+# ACME CA server directory.
+# URL to the certificate authority's ACME server directory. Default is to use
+# Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory).
+#tls_acme_ca = https://acme-v02.api.letsencrypt.org/directory
+
+# HTTP Strict Transport Security.
+# Value for HTTP Strict Transport Security response header. Default to
+# `max-age=31536000;` and is only used if hostname is set. Set explicitly to
+# empty to disable.
+#hsts=max-age=31536000;
+
+# Bind address to bind the listeners.
+# This setting defines where to bind kweb http listeners. By default kweb binds
+# to all interfaces/ips since it needs to be available from external.
+#bind=0.0.0.0
+
+# Web root folder.
+# Full path to the web root. All files below that folder are served by kweb and
+# the path is used as base for otherwise relative paths.
+# Default: `/usr/share/kopano-kweb/www`
+#web_root = /usr/share/kopano-kweb/www
+
+# Port for HTTPS listener.
+# When TLS is enabled, kweb will serve the TLS listener on this port. Defaults
+# to 9443 if `hostname` is not set and `443` otherwise.
+https_port = 7443
+
+# Port for HTTP listener.
+# When TLS is disabled, kweb will serve the listener on this port. Defaults to
+# 9080 if `hostname` is not set and `80` otherwise.
+http_port = 7080
+
+# HTTP/2 support.
+# Set to `yes` to enable HTTP/2 support on all TLS listeners. HTTP/2 is enabled
+# by default. Set to `no` to disable.
+#http2 = yes
+
+# QUIC support.
+# Experimental support for QUIC. Set to `true` to enable. Default is `no`.
+#quic = no
+
+###############################################################
+# Log settings
+
+# HTTP request log file (access log in combined format).
+# Full path to log file where to log HTTP requests. Not set by default which
+# means requests are not logged.
+#request_log_file = /var/log/kopano-kweb/access.log
+
+###############################################################
+# TLS settings
+
+# TLS support.
+# Support encrypted listeners and automatic TLS certificate creation when set
+# to `yes`. Set to `no` to disable all TLS and listen on plain HTTP.
+#tls = yes
+
+# TLS certificate bundle.
+# Path to a TLS certificate bundle (concatenation of the server's  certificate
+# followed by the CA's certificate chain). If set, the TLS listener will use
+# that certificate instead of trying automatic TLS.
+#tls_cert =
+
+# TLS private key.
+# Path to the server's private key file which matches the certificate bundle. It
+# must match the certificate in tls_cert.
+#tls_key =
+
+# TLS protocols.
+# Minimal and maximal TLS protocol versions to be offered. Defaults to TLS 1.2
+# and TLS 1.3 (`tls1.2 tls1.3`).
+#tls_protocols = tls1.2 tls1.3
+
+# TLS self sign.
+# By default kweb creates self signed TLS certificates on startup on if ACME is
+# not possible due to missing settings. If set to `yes`, ACME is disabled and a
+# self signed certificate will always be created. Default: `no`.
+#tls_always_self_sign = no
+
+# TLS must stable.
+# Enables must stable for certificates managed by kweb. If this is set to `yes`
+# and kweb requests certificates via ACME, those certificates will require that
+# the OSCP information is stapled with the response. Defaults to `no`.
+#tls_must_staple = no
+
+###############################################################
+# App settings
+
+# Default top level redirect.
+# When set, top level requests `/` will redirect to the configured value.
+# Not set by default.
+#default_redirect =
+
+# Legacy support.
+# To make integration into existing environments easier kwebd can act as a
+# reverse proxy to allow serving requests Kopano WebApp and Z-Push running e.g.
+# in Apache or Nginx. Set the address to the legacy web server here. Not set by
+# default.
+#legacy_reverse_proxy = 127.0.0.1:8000
+
+###############################################################
+# Limiting settings
+
+# Rate limit tate.
+# Limits Excessive access to services. Requests will be terminated with an error
+# 429 (Too Many Requests) and X-RateLimit-RetryAfter is added.
+# Format "rate burst unit", Defaults to "100 200 minute".
+#ratelimit_rate = "100 200 minute"
+
+# Rate limit whitelist.
+# Your trusted IPs (comma separated). Defines the CIDR IP range you don't want
+# to  perform rate limit. Defaults to `127.0.0.1/8`.
+#ratelimit_whitelist = 127.0.0.1/8