X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=Documentation%2Fpublic-inbox-nntpd.pod;h=4757b6910e18fbc647457683ba38340334a5c7e3;hb=a65ebdc3a1f064bab0cddf64b34caad49f1c4c9c;hp=2f9dbabf5caed9a6dd65cd6dce9766d1edca620d;hpb=66c6699142d95cce9e5c9d49e0498161a776cc22;p=public-inbox.git

diff --git a/Documentation/public-inbox-nntpd.pod b/Documentation/public-inbox-nntpd.pod
index 2f9dbabf..4757b691 100644
--- a/Documentation/public-inbox-nntpd.pod
+++ b/Documentation/public-inbox-nntpd.pod
@@ -13,11 +13,49 @@ public-inbox.  It uses options and environment variables common
 to all L<public-inbox-daemon(8)> implementations.
 
 The default configuration will never require write access
-tto the directory where the public-inbox is stored, so it
+to the directory where the public-inbox is stored, so it
 may be run as a different user than the user running
 L<public-inbox-watch(1)>, L<public-inbox-mda(1)>, or
 L<git-fetch(1)>.
 
+=head1 OPTIONS
+
+See common options in L<public-inbox-daemon(8)/OPTIONS>.
+Additionally, NNTP-specific behavior for certain options
+are supported and documented below.
+
+=over
+
+=item -l, --listen PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+
+In addition to the normal C<-l>/C<--listen> switch described in
+L<public-inbox-daemon(8)>, the protocol prefix (e.g. C<nntp://> or
+C<nntps://>) may be specified to force a given protocol.
+
+For STARTTLS and NNTPS support, the C<cert> and C<key> may be specified
+on a per-listener basis after a C<?> character and separated by C<,>.
+These directives are per-directive, and it's possible to use a different
+cert for every listener.
+
+=item --cert /path/to/cert
+
+The default TLS certificate for optional STARTTLS and NNTPS support
+if the C<cert> option is not given with C<--listen>.
+
+If using systemd-compatible socket activation and a TCP listener on port
+563 is inherited, it is automatically NNTPS when this option is given.
+When a listener on port 119 is inherited and this option is given, it
+automatically gets STARTTLS support.
+
+=item --key /path/to/key
+
+The default private TLS certificate key for optional STARTTLS and NNTPS
+support if the C<key> option is not given with C<--listen>.  The private
+key may concatenated into the path used by C<--cert>, in which case this
+option is not needed.
+
+=back
+
 =head1 CONFIGURATION
 
 These configuration knobs should be used in the
@@ -43,7 +81,7 @@ L<nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta>
 
 =head1 COPYRIGHT
 
-Copyright 2013-2016 all contributors L<mailto:meta@public-inbox.org>
+Copyright 2013-2019 all contributors L<mailto:meta@public-inbox.org>
 
 License: AGPL-3.0+ L<https://www.gnu.org/licenses/agpl-3.0.txt>