source: code/trunk/doc/suika-config.adoc@ 825

= suika-config(5)
Simon Ser and contributors / Izuru Yakumo
v0.4.3

:doctype: manpage
:manmanual: Suika IRC Bouncer
:mansource: SUIKA-CONFIG

== Name
suika-config - Configuration file for suika(1)

== Description
The config file has one directive per line

Example:

listen ircs://
tls cert.pem key.pem
hostname example.org

The following directives are supported:

* listen <uri>
Listening URI (default ":6697")

The following URIs are supported:

* ircs://host:port
Listens with TLS over TCP
* irc+insecure://host:port
Listens with plain-text over TCP
* unix:///<path>
Listens on a Unix domain socket
* wss://host:port
Listens for WebSocket connections over TLS
* ws+insecure://host:port
Listens for plain-text WebSocket connections
* ident://host:port
Listens for plain-text ident connections
* http+prometheus://host:port
Listens for plain-text HTTP connections and serves Prometheus metrics (host must be "localhost")
* http+pprof://host:port
Listens for plain-text HTTP connections and serves pprof runtime profiling data (host must be "localhost")
For more information, see: https://pkg.go.dev/net/http/pprof.

--

* hostname <name>
Server hostname
* title <title>
Server title. This will be sent as the ISUPPORT NETWORK value when clients don't select a specific network.
* tls <cert> <key>
Enable TLS support. The certificate and key files must be PEM-encoded.
* db <driver> <source>
Set the database location for user, network and channel storage.
By default, a sqlite3 database is opened in ./suika.db.

Supported drivers:
* sqlite3: expects source to be a path to the SQLite file
* postgres: expects source to be a space- separated list of key=value parameters, e.g. db postgres host=/run/postgresql dbname=suika.
Note that sslmode defaults to require.
For more information on connection strings, see: https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters

--

* log fs <path>
Path to the bouncer logs directory, or empty to disable logging.
By default, logging is disabled.

* http-origin <patterns>
List of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see glob(3)
By default, only the request host is authorized. Use this directive to enable cross-origin WebSockets.

* accept-proxy-ip <cidr..>
Allow the specified IPs to act as a proxy.
Proxies have the ability to overwrite the remote and local connection addresses (via the PROXY protocol, the Forwarded HTTP header field defined in RFC 7239 or the X-Forwarded- HTTP header fields).
The special name "localhost" accepts the loopback addresses 127.0.0.0/8 and ::1/128.
By default, all IPs are rejected.

* max-user-networks <limit>
Maximum number of networks per user. By default, there is no limit.

* motd <path>
Path to the MOTD file.
The bouncer MOTD is sent to clients which aren't bound to a specific network.
By default, no MOTD is sent.

* multi-upstream-mode <true|false>
Globally enable or disable multi-upstream mode.
By default, multi-upstream mode is enabled.

* upstream-user-ip <cidr...>
Enable per-user IP addresses.
One IPv4 range and/or one IPv6 range can be specified in CIDR notation.
One IP address per range will be assigned to each user and will be used as the source address when connecting to an upstream network.
This can be useful to avoid having the whole bouncer banned from an upstream network because of one malicious user.

== See Also
suika(1)
suikadb(1)
suika-znc-import(1)
suika-bouncerserv(7)