Provided by: nut-server_2.8.1-3.1ubuntu2_amd64 bug

NAME

       upsd.conf - Configuration for Network UPS Tools upsd

DESCRIPTION

       upsd uses this file to control access to the server and set some other miscellaneous
       configuration values. This file contains details on access controls, so keep it secure.
       Ideally, only the upsd process should be able to read it.

CONFIGURATION DIRECTIVES

       "MAXAGE seconds"
           upsd usually allows a driver to stop responding for up to 15 seconds before declaring
           the data "stale". If your driver takes a very long time to process updates but is
           otherwise operational, you can use MAXAGE to make upsd wait longer.

           Most users should leave this at the default value.

       "TRACKINGDELAY seconds"
           When instant commands and variables setting status tracking is enabled, status
           execution information are kept during this amount of time, and then cleaned up. This
           defaults to 3600 (1 hour).

       "ALLOW_NO_DEVICE Boolean"
           Normally upsd requires that at least one device section is defined in ups.conf when
           the daemon starts, to serve its data. For automatically managed services it may be
           preferred to have upsd always running, and reload the configuration when power devices
           become defined.

           Boolean values true, yes, on and 1 mean that the server would not refuse to start with
           zero device sections found in ups.conf.

           Boolean values false, no, off and 0 mean that the server should refuse to start if
           zero device sections were found in ups.conf. This is the default, unless the calling
           environment sets a same-named variable to enforce a value for the current run. One way
           this can happen is somebody un-commenting it in the nut.conf file used by init-scripts
           and service unit method scripts.

       "STATEPATH path"
           Tell upsd to look for the driver state sockets in path rather than the default that
           was compiled into the program.

       "LISTEN interface port"
           Bind a listening port to the interface specified by its Internet address or name. This
           may be useful on hosts with multiple interfaces. You should not rely exclusively on
           this for security, as it can be subverted on many systems.

           Optionally listen on TCP port port instead of the default value which was compiled
           into the code. This overrides any value you may have set with configure --with-port.
           If you don’t change it with configure or this value, upsd will listen on port 3493 for
           this interface.

           Multiple LISTEN addresses may be specified. The default is to bind to 127.0.0.1 if no
           LISTEN addresses are specified (and also ::1 if IPv6 support is compiled in).

           To listen on all available interfaces and configured IP addresses of your system, you
           may also use :: for IPv6 and 0.0.0.0 for IPv4, respectively. As a special case, a
           single LISTEN * <port> directive (with an asterisk) will try to listen on both IPv6
           (::0) and IPv4 (0.0.0.0) wild-card IP addresses, subject to upsd command-line
           arguments or system configuration. Note that if the system supports IPv4-mapped IPv6
           addressing per RFC-3493, and does not allow to disable this mode, then there may be
           one listening socket to handle both address families.

               LISTEN 127.0.0.1
               LISTEN 192.168.50.1
               LISTEN myhostname.mydomain
               LISTEN ::1
               LISTEN 2001:0db8:1234:08d3:1319:8a2e:0370:7344

           This parameter will only be read at startup. You’ll need to restart (rather than
           reload) upsd to apply any changes made here.

           Please note that older NUT releases could have been using the IPv4-mapped IPv6
           addressing (sometimes also known as "dual-stack") mode, if provided by the system.
           Current versions (since NUT v2.8.1 release) explicitly try to restrict their listening
           sockets to only support one address family on each socket, and so avoid IPv4-mapped
           mode where possible.

       "MAXCONN connections"
           This defaults to maximum number allowed on your system. Each UPS, each LISTEN address
           and each client count as one connection. If the server runs out of connections, it
           will no longer accept new incoming client connections. Only set this if you know
           exactly what you’re doing.

       "CERTFILE certificate file"
           When compiled with SSL support with OpenSSL backend, you can enter the certificate
           file here. The certificates must be in PEM format and must be sorted starting with the
           subject’s certificate (server certificate), followed by intermediate CA certificates
           (if applicable_ and the highest level (root) CA. It should end with the server key.
           See docs/security.txt or the Security chapter of NUT user manual for more information
           on the SSL support in NUT.

       "CERTPATH certificate database"
           When compiled with SSL support with NSS backend, you can enter the certificate path
           here. Certificates are stored in a dedicated database (data split in 3 files). Specify
           the path of the database directory.

       "CERTIDENT certificate name database password"
           When compiled with SSL support with NSS backend, you can specify the certificate name
           to retrieve from database to authenticate itself and the password required to access
           certificate related private key.

       "CERTREQUEST certificate request level"
           When compiled with SSL support with NSS backend and client certificate validation
           (disabled by default, see docs/security.txt), you can specify if upsd requests or
           requires client’s' certificates. Possible values are :

           •   0 to not request to clients to provide any certificate

           •   1 to require to all clients a certificate

           •   2 to require to all clients a valid certificate

       "DISABLE_WEAK_SSL BOOLEAN"
           Tell upsd to disable older/weak SSL/TLS protocols and ciphers. With relatively recent
           versions of OpenSSL or NSS it will be restricted to TLSv1.2 or better. Unless you have
           really ancient clients, you probably want to enable this. Currently disabled by
           default to ensure compatibility with existing setups.

       "DEBUG_MIN INTEGER"
           Optionally specify a minimum debug level for upsd data daemon, e.g. for
           troubleshooting a deployment, without impacting foreground or background running mode
           directly. Command-line option -D can only increase this verbosity level.

               Note
               if the running daemon receives a reload command, presence of the DEBUG_MIN NUMBER
               value in the configuration file can be used to tune debugging verbosity in the
               running service daemon (it is recommended to comment it away or set the minimum to
               explicit zero when done, to avoid huge journals and I/O system abuse). Keep in
               mind that for this run-time tuning, the DEBUG_MIN value present in reloaded
               configuration files is applied instantly and overrides any previously set value,
               from file or CLI options, regardless of older logging level being higher or lower
               than the newly found number; a missing (or commented away) value however does not
               change the previously active logging verbosity.

SEE ALSO

       upsd(8), nutupsdrv(8), upsd.users(5)

   Internet resources:
       The NUT (Network UPS Tools) home page: https://www.networkupstools.org/