-<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<?xml version='1.0'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
-
-<!--
- SPDX-License-Identifier: LGPL-2.1+
-
- This file is part of systemd.
-
- Copyright 2014 Zbigniew Jędrzejewski-Szmek
--->
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-journal-upload.service</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Zbigniew</firstname>
- <surname>Jędrzejewski-Szmek</surname>
- <email>zbyszek@in.waw.pl</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
<term><option>--key=</option></term>
<listitem><para>
- Takes a path to a SSL key file in PEM format.
+ Takes a path to a SSL key file in PEM format, or <option>-</option>.
+ If <option>-</option> is set, then client certificate authentication checking
+ will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
</para></listitem>
</varlistentry>
<term><option>--cert=</option></term>
<listitem><para>
- Takes a path to a SSL certificate file in PEM format.
+ Takes a path to a SSL certificate file in PEM format, or <option>-</option>.
+ If <option>-</option> is set, then client certificate authentication checking
+ will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
</para></listitem>
</varlistentry>
<term><option>--trust=</option></term>
<listitem><para>
- Takes a path to a SSL CA certificate file in PEM format,
- or <option>all</option>. If <option>all</option> is set,
- then certificate checking will be disabled.
+ Takes a path to a SSL CA certificate file in PEM format, or <option>-</option>/<option>all</option>.
+ If <option>-</option>/<option>all</option> is set, then certificate checking will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
</para></listitem>
</varlistentry>
legitimate, and vice versa, that the client is trusted.</para>
<para>A suitable set of certificates can be generated with
- <command>openssl</command>. Note, 2048 bits of key length
+ <command>openssl</command>. Note, 2048 bits of key length
is minimally recommended to use for security reasons:</para>
<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
those files can be specified using
<varname>TrustedCertificateFile=</varname>,
<varname>ServerCertificateFile=</varname>,
- <varname>ServerKeyFile=</varname>, in
+ and <varname>ServerKeyFile=</varname> in
<filename>/etc/systemd/journal-remote.conf</filename> and
<filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using
projects / thirdparty / systemd.git / blobdiff