2.1. border.conf --- border program's configuration

2.1.1. Description

border.conf is the configuration file for border(8) --- a network management application.

2.1.2. Configuration grammar

The configuration file consists of configuration statements and comments. Statements end with a semicolon. Statements and comments are the only elements that can appear without enclosing braces. Many statements contain a block of sub-statements, which are also terminated with a semicolon. Clauses in the statements are also semi-colon terminated. See the Comments syntax section for a description of comments, and the Border User Manual for some examples.

border.conf supports the following statements:

border

Specifies global configuration options.

Note

The border statement may occur only once in the configuration file.

2.1.2.1. border statement

border {
        enabled <boolean>;
        jwt-secret <string>;
        jwt-expiry <ttlval>;
        listen-on [ port <port:integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
        pid-file ( <quoted_string> | none );
        user <username:quoted_string> <hashed-passphrase:quoted_string>; // may occur multiple times
};

The border statement sets up global options to be used by Border. If there is no border statement, a border statement with each option set to its default value will be used.

Note

The border statement may occur only once in the configuration file.

enabled <boolean>

Warning

This option is obsolete and will be removed in a future release of Border. Please do not use this option.

jwt-secret <string>

This option specifies a Base64-encoded 64-octet key to be used as the JWT secret. If this option is not specified, a random key is generated in memory by border(8) and used automatically. But the random key is not persistent, and JWT tokens created using such a random key will not be usable after a restart of the border(8) program. For example, after a restart of the border(8) program, this would lead to authentication failures and clients would have to re-authenticate.

jwt-expiry <ttlval>

This option specifies the time in seconds that a JWT token generated by border(8) is valid for. The default value is 1d (1 day).

listen-on [ port <port:integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };

This option configures the socket addresses on which border(8) listens on. <port> can be specified for all sockets or per-socket as shown in the syntax. The default value is address 127.0.0.1 and port 5009.

pid-file ( <quoted_string> | none );

The pathname of the file the border process writes its process ID (PID) to. The default is /var/run/border/border.pid. The PID file can be used by programs that want to send signals to the border process. Specifying none disables the use of a PID file; no file will be written and any existing file will be removed.

Note

none is a keyword, not a filename, and therefore must not be enclosed in double quotes.

user <username> <hashed-passphrase>

This option specifies the username and password for a user, using which a user may login into the web interface of border(8). The <username> should be formatted as an email address. <password> should be generated using the border-crypt(1) program.

2.1.3. Comments syntax

The comment syntax allows for comments to appear anywhere that whitespace may appear in a config file. To appeal to all programmers, they can be written in the C, C++, or shell/Perl style:

  • C-style comments start with the two characters /* (slash, star) and end with */ (star, slash). Because they are completely delimited within these characters, they can be used to comment only a portion of a line or to span multiple lines. For example:

    /*
 * This is a multi-line
 * comment.
 */

    C-style comments cannot be nested. For example, the following syntax is not valid because the entire comment ends with the first */:

    /* This is the start of a comment.
   This is still part of the comment.
/* This is an incorrect attempt at nesting a comment. */
   This is no longer in any comment. */

  • C++-style comments start with the two characters // (slash, slash) and continue to the end of the physical line. They cannot be continued across multiple physical lines; to have one logical comment span multiple lines, each line must use the // pair. For example:

    // This is a comment. It continues to end of line.
// This next line is a new comment, even though it is
// logically part of the previous comment.

  • Shell-style or Perl-style comments start with the character # (number/hash sign) and continue to the end of the physical line. They cannot be continued across multiple physical lines; to have one logical comment span multiple lines, each line must use the # character. For example:

    # This is a comment. It continues to end of line.
# This next line is a new comment, even though it is
# logically part of the previous comment.

Note

You cannot use the ";" (semi-colon) character to start a comment such as you would in a zone file. The semicolon indicates the end of a configuration statement.

2.1.4. Files

/etc/border/border.conf

The configuration file for the border(8) program.

2.1.5. See also

border(8), border-crypt(1)