upsd.conf \- Configuration for Network UPS Tools upsd
.SH"DESCRIPTION"
.sp
upsd uses this file to control access to the server and set some other miscellaneous configuration values\&. This file contains details on access controls, so keep it secure\&. Ideally, only the upsd process should be able to read it\&.
.SH"CONFIGURATION DIRECTIVES"
.PP
"MAXAGE \fIseconds\fR"
.RS4
upsd usually allows a driver to stop responding for up to 15 seconds before declaring the data "stale"\&. If your driver takes a very long time to process updates but is otherwise operational, you can use MAXAGE to make upsd wait longer\&.
.sp
Most users should leave this at the default value\&.
When instant commands and variables setting status tracking is enabled, status execution information are kept during this amount of time, and then cleaned up\&. This defaults to 3600 (1 hour)\&.
.RE
.PP
"ALLOW_NO_DEVICE \fIBoolean\fR"
.RS4
Normally upsd requires that at least one device section is defined in ups\&.conf when the daemon starts, to serve its data\&. For automatically managed services it may be preferred to have upsd always running, and reload the configuration when power devices become defined\&.
.sp
Boolean values
\fItrue\fR,
\fIyes\fR,
\fIon\fR
and
\fI1\fR
mean that the server would not refuse to start with zero device sections found in ups\&.conf\&.
.sp
Boolean values
\fIfalse\fR,
\fIno\fR,
\fIoff\fR
and
\fI0\fR
mean that the server should refuse to start if zero device sections were found in ups\&.conf\&. This is the default, unless the calling environment sets a same\-named variable to enforce a value for the current run\&. One way this can happen is somebody un\-commenting it in the
\fInut\&.conf\fR
file used by init\-scripts and service unit method scripts\&.
Bind a listening port to the interface specified by its Internet address or name\&. This may be useful on hosts with multiple interfaces\&. You should not rely exclusively on this for security, as it can be subverted on many systems\&.
instead of the default value which was compiled into the code\&. This overrides any value you may have set with
\fIconfigure \-\-with\-port\fR\&. If you don\(cqt change it with configure or this value, upsd will listen on port 3493 for this interface\&.
.sp
Multiple LISTEN addresses may be specified\&. The default is to bind to 127\&.0\&.0\&.1 if no LISTEN addresses are specified (and ::1 if IPv6 support is compiled in)\&.
This parameter will only be read at startup\&. You\(cqll need to restart (rather than reload) upsd to apply any changes made here\&.
.RE
.PP
"MAXCONN \fIconnections\fR"
.RS4
This defaults to maximum number allowed on your system\&. Each UPS, each LISTEN address and each client count as one connection\&. If the server runs out of connections, it will no longer accept new incoming client connections\&. Only set this if you know exactly what you\(cqre doing\&.
When compiled with SSL support with OpenSSL backend, you can enter the certificate file here\&. The certificates must be in PEM format and must be sorted starting with the subject\(cqs certificate (server certificate), followed by intermediate CA certificates (if applicable_ and the highest level (root) CA\&. It should end with the server key\&. See
When compiled with SSL support with NSS backend, you can enter the certificate path here\&. Certificates are stored in a dedicated database (data split in 3 files)\&. Specify the path of the database directory\&.
When compiled with SSL support with NSS backend, you can specify the certificate name to retrieve from database to authenticate itself and the password required to access certificate related private key\&.
.RE
.PP
"CERTREQUEST \fIcertificate request level\fR"
.RS4
When compiled with SSL support with NSS backend and client certificate validation (disabled by default, see
\fIdocs/security\&.txt\fR), you can specify if upsd requests or requires client\(cqs\*(Aq certificates\&. Possible values are :
.sp
.RS4
.ien\{\
\h'-04'\(bu\h'+03'\c
.\}
.el\{\
.sp-1
.IP\(bu2.3
.\}
\fI0\fR
to not request to clients to provide any certificate
Tell upsd to disable older/weak SSL/TLS protocols and ciphers\&. With relatively recent versions of OpenSSL or NSS it will be restricted to TLSv1\&.2 or better\&. Unless you have really ancient clients, you probably want to enable this\&. Currently disabled by default to ensure compatibility with existing setups\&.
.RE
.PP
"DEBUG_MIN \fIINTEGER\fR"
.RS4
Optionally specify a minimum debug level for
upsd
data daemon, e\&.g\&. for troubleshooting a deployment, without impacting foreground or background running mode directly\&. Command\-line option
\-D
can only increase this verbosity level\&.
.ifn\{\
.sp
.\}
.RS4
.it1an-trap
.nran-no-space-flag1
.nran-break-flag1
.br
.ps+1
\fBNote\fR
.ps-1
.br
if the running daemon receives a
reload
command, presence of the
DEBUG_MIN NUMBER
value in the configuration file can be used to tune debugging verbosity in the running service daemon (it is recommended to comment it away or set the minimum to explicit zero when done, to avoid huge journals and I/O system abuse)\&. Keep in mind that for this run\-time tuning, the
DEBUG_MIN
value
\fBpresent\fR
in
\fBreloaded\fR
configuration files is applied instantly and overrides any previously set value, from file or CLI options, regardless of older logging level being higher or lower than the newly found number; a missing (or commented away) value however does not change the previously active logging verbosity\&.
