"MAXAGE seconds"
upsd usually allows a driver to stop responding for up to
15 seconds before declaring the data "stale". If your driver takes a
very long time to process updates but is otherwise operational, you can use
MAXAGE to make upsd wait longer.
Most users should leave this at the default value.
"TRACKINGDELAY seconds"
When instant commands and variables setting status
tracking is enabled, status execution information are kept during this amount
of time, and then cleaned up. This defaults to 3600 (1 hour).
"ALLOW_NO_DEVICE Boolean"
Normally upsd requires that at least one device section
is defined in ups.conf when the daemon starts, to serve its data. For
automatically managed services it may be preferred to have upsd always
running, and reload the configuration when power devices become defined.
Boolean values true, yes, on and 1
mean that the server would not refuse to start with zero device sections
found in ups.conf.
Boolean values false, no, off and 0
mean that the server should refuse to start if zero device sections were
found in ups.conf. This is the default, unless the calling environment sets
a same-named variable to enforce a value for the current run. One way this
can happen is somebody un-commenting it in the nut.conf file used by
init-scripts and service unit method scripts.
"STATEPATH path"
Tell upsd to look for the driver state sockets in
path rather than the default that was compiled into the program.
"LISTEN interface port"
Bind a listening port to the interface specified by its
Internet address or name. This may be useful on hosts with multiple
interfaces. You should not rely exclusively on this for security, as it can be
subverted on many systems.
Optionally listen on TCP port port instead of the default
value which was compiled into the code. This overrides any value you may
have set with configure --with-port. If you don’t change it
with configure or this value, upsd will listen on port 3493 for this
interface.
Multiple LISTEN addresses may be specified. The default is to bind
to 127.0.0.1 if no LISTEN addresses are specified (and also ::1 if IPv6
support is compiled in).
To listen on all available interfaces and configured IP addresses
of your system, you may also use :: for IPv6 and 0.0.0.0 for IPv4,
respectively. As a special case, a single LISTEN * <port> directive
(with an asterisk) will try to listen on both IPv6 (::0) and IPv4 (0.0.0.0)
wild-card IP addresses, subject to upsd command-line arguments or system
configuration. Note that if the system supports IPv4-mapped IPv6 addressing
per RFC-3493, and does not allow to disable this mode, then there may be one
listening socket to handle both address families.
LISTEN 127.0.0.1
LISTEN 192.168.50.1
LISTEN myhostname.mydomain
LISTEN ::1
LISTEN 2001:0db8:1234:08d3:1319:8a2e:0370:7344
This parameter will only be read at startup. You’ll need to
restart (rather than reload) upsd to apply any changes made here.
Please note that older NUT releases could have been using the
IPv4-mapped IPv6 addressing (sometimes also known as "dual-stack")
mode, if provided by the system. Current versions (since NUT v2.8.1 release)
explicitly try to restrict their listening sockets to only support one
address family on each socket, and so avoid IPv4-mapped mode where
possible.
"MAXCONN connections"
This defaults to maximum number allowed on your system.
Each UPS, each LISTEN address and each client count as one connection. If the
server runs out of connections, it will no longer accept new incoming client
connections. Only set this if you know exactly what you’re doing.
"CERTFILE certificate file"
When compiled with SSL support with OpenSSL backend, you
can enter the certificate file here. The certificates must be in PEM format
and must be sorted starting with the subject’s certificate (server
certificate), followed by intermediate CA certificates (if applicable_ and the
highest level (root) CA. It should end with the server key. See
docs/security.txt or the Security chapter of NUT user manual for more
information on the SSL support in NUT.
"CERTPATH certificate database"
When compiled with SSL support with NSS backend, you can
enter the certificate path here. Certificates are stored in a dedicated
database (data split in 3 files). Specify the path of the database
directory.
"CERTIDENT certificate name database
password"
When compiled with SSL support with NSS backend, you can
specify the certificate name to retrieve from database to authenticate itself
and the password required to access certificate related private key.
"CERTREQUEST certificate request level"
When compiled with SSL support with NSS backend and
client certificate validation (disabled by default, see
docs/security.txt), you can specify if upsd requests or requires
client’s' certificates. Possible values are :
•0 to not request to clients to provide any
certificate
•1 to require to all clients a
certificate
•2 to require to all clients a valid
certificate
"DISABLE_WEAK_SSL BOOLEAN"
Tell upsd to disable older/weak SSL/TLS protocols and
ciphers. With relatively recent versions of OpenSSL or NSS it will be
restricted to TLSv1.2 or better. Unless you have really ancient clients, you
probably want to enable this. Currently disabled by default to ensure
compatibility with existing setups.
"DEBUG_MIN INTEGER"
Optionally specify a minimum debug level for upsd data
daemon, e.g. for troubleshooting a deployment, without impacting foreground or
background running mode directly. Command-line option -D can only increase
this verbosity level.
Note
if the running daemon receives a reload command, presence of the DEBUG_MIN
NUMBER value in the configuration file can be used to tune debugging verbosity
in the running service daemon (it is recommended to comment it away or set the
minimum to explicit zero when done, to avoid huge journals and I/O system
abuse). Keep in mind that for this run-time tuning, the DEBUG_MIN value
present in
reloaded configuration files is applied instantly and
overrides any previously set value, from file or CLI options, regardless of
older logging level being higher or lower than the newly found number; a
missing (or commented away) value however does not change the previously
active logging verbosity.