| services.thanos.query.grpc-client-tls-secure | Use TLS when talking to the gRPC server
|
| services.nghttpx.frontends.*.params.tls | Enable or disable TLS
|
| services.coturn.alt-tls-listening-port | Alternative listening port for TLS and DTLS protocols.
|
| services.oauth2-proxy.tls.httpsAddress | addr:port to listen on for HTTPS clients
|
| services.wstunnel.servers.<name>.tlsKey | TLS key to use instead of the hardcoded on in case of HTTPS connections
|
| services.thanos.rule.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.wstunnel.clients.<name>.tlsSNI | Use this as the SNI while connecting via TLS
|
| services.soju.tlsCertificate | Path to server TLS certificate.
|
| services.writefreely.database.tls | Whether or not TLS should be used for the database connection.
|
| services.dolibarr.h2o.tls.identity | Key / certificate pairs for the virtual host.
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.thanos.store.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.thanos.query.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| services.soju.tlsCertificateKey | Path to server TLS certificate key.
|
| services.maddy.tls.certificates.*.keyPath | Path to the private key used for TLS.
|
| services.movim.h2o.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.maddy.tls.certificates.*.certPath | Path to the certificate used for TLS.
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.foundationdb.tls.allowedPeers | "Peer verification string"
|
| services.vsftpd.ssl_tlsv1 | Only applies if ssl_enable is activated
|
| services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.dolibarr.h2o.tls.identity.*.key-file | Path to key file
|
| services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.foundationdb.tls.key | Private key file for the certificate.
|
| services.thanos.sidecar.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.thanos.receive.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.outline.smtp.tlsCiphers | Override SMTP cipher configuration.
|
| services.matrix-synapse.settings.listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-sd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| services.oauth2-proxy.tls.certificate | Path to certificate file.
|
| services.matrix-synapse.settings.tls_private_key_path | PEM encoded private key for TLS
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.nghttpx.backends.*.params.redirect-if-not-tls | If true, a backend match requires the frontend connection be
TLS encrypted
|
| services.dolibarr.h2o.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.glusterfs.tlsSettings | Make the server communicate via TLS
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.thanos.query-frontend.grpc-server-tls-client-ca | TLS CA to verify clients against
|
| services.headscale.settings.tls_letsencrypt_hostname | Domain name to request a TLS certificate for.
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.librespeed.tlsCertificate | TLS certificate to use
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| services.glusterfs.tlsSettings.caCert | Path certificate authority used to sign the cluster certificates.
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| services.kubernetes.kubelet.tlsKeyFile | File containing x509 private key matching tlsCertFile.
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|
| services.coturn.no-dtls | Disable DTLS client listener
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.kubernetes.kubelet.tlsCertFile | File containing x509 Certificate for HTTPS.
|
| services.tlsrpt.enable | Whether to enable the TLSRPT services.
|
| services.kanidm.serverSettings.tls_key | TLS key in pem format.
|
| services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| virtualisation.podman.networkSocket.tls.cert | Path to certificate describing the server.
|
| services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| services.nvme-rs.settings.email.use_tls | Use TLS for SMTP connection
|
| services.kanidm.server.settings.tls_key | TLS key in pem format.
|
| services.kanidm.serverSettings.tls_chain | TLS chain in pem format.
|
| services.kanidm.server.settings.tls_chain | TLS chain in pem format.
|
| services.kubernetes.apiserver.tlsKeyFile | Kubernetes apiserver private key file.
|
| virtualisation.podman.networkSocket.tls.key | Path to the private key corresponding to the server certificate
|
| virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| services.tlsrpt.package | The tlsrpt-reporter package to use.
|
| services.kubernetes.apiserver.tlsCertFile | Kubernetes apiserver certificate file.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.resolved.dnsovertls | If set to
"true":
all DNS lookups will be encrypted
|
| services.headscale.settings.tls_letsencrypt_listen | When HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.postfix.tlsTrustedAuthorities | File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.postfix-tlspol.enable | Whether to enable postfix-tlspol.
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.listmonk.database.settings.smtp.*.tls_type | Type of TLS authentication with the SMTP server
|
| services.prometheus.alertmanagerGotify.gotifyEndpoint.tls | If your gotify endpoint uses https, leave this option set to default
|
| services.kubernetes.controllerManager.tlsKeyFile | Kubernetes controller-manager private key file.
|
| services.kubernetes.controllerManager.tlsCertFile | Kubernetes controller-manager certificate file.
|
| services.prometheus.scrapeConfigs.*.tls_config | Configures the scrape request's TLS settings.
|
| services.postfix-tlspol.package | The postfix-tlspol package to use.
|
| services.postfix.settings.main.smtp_tls_security_level | The client TLS security level.
Use dane with a local DNSSEC validating DNS resolver enabled.
https://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
| services.tlsrpt.reportd.extraFlags | List of extra flags to pass to the tlsrpt-reportd executable
|
| users.ldap.useTLS | If enabled, use TLS (encryption) over an LDAP (port 389)
connection
|
| services.tlsrpt.fetcher.settings | Flags from tlsrpt-fetcher(1) as key-value pairs.
|
| services.tlsrpt.reportd.settings | Flags from tlsrpt-reportd(1) as key-value pairs.
|