10.3 Configuring poundctl

Upon startup, the program checks if the file .poundctl exists in the user’s home directory. If so, it reads its configuration from it. The location of the configuration file can be changed using the environment variable POUNDCTL_CONF. If it is defined and has a non-empty value, its value is taken as the alternative file name to use. It can be either absolute file name, or a file name relative to the home directory. Setting POUNDCTL_CONF to an empty value disables reading the configuration.

If the program cannot determine the socket URL from .poundctl, it will attempt to scan pound configuration file, on the assumption that it runs on the same machine as the daemon and that its pound.cfg file contains a Control statement (see Control statement). If so, the socket name is determined from it.

Otherwise, the control URL has to be given explicitly using the -s command line option.

The .poundctl file has the same syntax as pound.cfg: it is a sequence of statements and sections, separated by arbitrary amount of empty lines and comments. A simple statement occupies a single line and consists of a keyword (directive) and one or more values separated by whitespace. A section is a compound statement that encloses other statements and sections. Sections begin with a keyword, optionally followed by arguments, and end with a word End on a line by itself. All keywords are case-insensitive.

The following keywords are available in the global scope:

poundctl config: URL "url"

Sets the URL of the pound management socket. The value is either the file name of the UNIX socket file, or a remote URL, as described in poundctl remote.

poundctl config: CAFile "file"

Name of the certificate authority file. See also the -C option, below.

poundctl config: CAPath "dir"

Read certificate authority files from the directory dir.

poundctl config: ClientCert "file"

Supplies the name of the file with client certificate and private key, for client authentication. See also the -K option, below.

poundctl config: Verify bool

Enables or disables peer certificate verification. The default is on. See also the -k command line option.

poundctl config: TemplateFile "file"

Name of the template file (see poundctl template).

poundctl config: TemplatePath "file"

Search path for template files (see poundctl template).

poundctl config: TemplateName "name"

Name of the template to use (see poundctl template).