System: Settings: Administration - add Deployment settings, for https://github.com/opnsense/docs/issues/745

2026-04-21 14:18:00 -04:00 · 2025-10-09 11:23:35 +02:00 · 2025-10-09 11:23:35 +02:00 · 3ecaef8844
commit 3ecaef8844
parent c50cd50eb1
1 changed files with 34 additions and 12 deletions
--- a/source/manual/settingsmenu.rst
+++ b/source/manual/settingsmenu.rst
@ -56,6 +56,8 @@ that don't support binding for these services.
 Web GUI
 ...............................

+============================================== ========================================================================
+**Option**                                     **Description**
 ============================================== ========================================================================
 Protocol                                       It is strongly recommended to leave this on “HTTPS”
 SSL Certificate                                By default, a self-signed certificate is used. Certificates can be
@ -89,6 +91,20 @@ HTTP_REFERER enforcement check                 The origins of requests are check
                                               external scripts that interact with the Web GUI.
 ============================================== ========================================================================

+...............................
+Deployment settings
+...............................
+
+============================================== ========================================================================
+**Option**                                     **Description**
+============================================== ========================================================================
+Deployment type                                Influences error feedback to the user
+Strict security                                Prevent the webgui from running as root, some legacy components may
+                                               not be compatible with this feature. Disabling the feature again
+                                               requires console access.
+============================================== ========================================================================
+
+
 ...............................
 Secure Shell
 ...............................
@ -99,6 +115,8 @@ serial or SSH). The latter will only work if the user shell is not set to ``/sbi
 In order to access OPNsense via SSH, SSH access will need to be configured via :menuselection:`System --> Settings --> Administration`.
 Under the "Secure Shell" heading, the following options are available:

+============================================== ========================================================================
+**Option**                                     **Description**
 ============================================== ========================================================================
 Secure Shell Server                            Enable a secure shell service
 Login Group                                    Select the allowed groups for remote login. The "wheel" group is
@ -146,15 +164,17 @@ when network connectivity is not possible.
    is not functional when you need it can be very unpractical.


+============================================== ========================================================================
+**Option**                                     **Description**
 ============================================== ========================================================================
 Use the virtual terminal driver (vt)           When unchecked, OPNsense will use the older sc driver.
-Primary Console                                The primary console will show boot script output. All consoles display 
+Primary Console                                The primary console will show boot script output. All consoles display
                                               OS boot messages, console messages, and the console menu.
 Secondary Console                              See above.
 Serial Speed                                   Allows adjusting the baud rate. 115200 is the most common.
 Use USB-based serial ports                     Listen on ``/dev/ttyU0``, ``/dev/ttyU1``, … instead of ``/dev/ttyu0``.
-Password protect the console menu              Can be unchecked to allow physical console access without password. 
-                                               This can avoid lock-out, but at the cost of attackers being able to 
+Password protect the console menu              Can be unchecked to allow physical console access without password.
+                                               This can avoid lock-out, but at the cost of attackers being able to
                                               do anything if they gain physical access to your system.
 ============================================== ========================================================================

@ -167,12 +187,14 @@ The authentication section of the Administrationm settings offers general securi
 firewall.

 ============================================== ========================================================================
-Server                                         Select one or more authentication servers to validate user 
-                                               credentials against. Multiple servers can make sense with remote 
-                                               authentication methods to provide a fallback during connectivity 
-                                               issues. When nothing is specified the default of "Local Database" 
+**Option**                                     **Description**
+============================================== ========================================================================
+Server                                         Select one or more authentication servers to validate user
+                                               credentials against. Multiple servers can make sense with remote
+                                               authentication methods to provide a fallback during connectivity
+                                               issues. When nothing is specified the default of "Local Database"
                                               is used.
-Disable integrated authentication              When set, console login, SSH, and other system services can only use 
+Disable integrated authentication              When set, console login, SSH, and other system services can only use
                                               standard UNIX account authentication.
 Sudo                                           Permit sudo usage for administrators with shell access.
 User OTP seed                                  Select groups which are allowed to generate their own OTP seed on the
@ -278,7 +300,7 @@ The general settings mainly concern network-related settings like the hostname.
 going to :menuselection:`System --> Settings --> General`. The following settings are available:

 +---------------------------------+------------------------------------------------------------------------------------+
-| Setting                         | Explanation                                                                        |
+| **Option**                      | **Description**                                                                    |
 +=================================+====================================================================================+
 | **System**                                                                                                           |
 +---------------------------------+------------------------------------------------------------------------------------+
@ -334,7 +356,7 @@ Miscellaneous
 As the name implies, this section contains the settings that do not fit anywhere else.

 ================================= ======================================================================================================================================================================================================
-Setting                           Explanation
+**Option**                        **Description**
 ================================= ======================================================================================================================================================================================================
 **Cryptography settings**
 Hardware acceleration             Select your method of hardware acceleration, if present. Check the full help for hardware-specific advice.
@ -375,7 +397,7 @@ They mostly log to /var/log/ in text format, so you can view or follow them with
 An overview of the local settings:

 ============================================ ====================================================================================================================
-Setting                                      Explanation
+**Option**                                   **Description**
 ============================================ ====================================================================================================================
 Enable local logging                         Disable to avoid wearing out flash memory when applicable and set up remote logging instead.
 Maximum preserved files                      Configures the number of days to keep logs or the number of files if "maximum file size" option is used.
@ -393,7 +415,7 @@ Remote log settings can be found at :menuselection:`System --> Settings --> Logg
 *Add* a new *Destination* to set up a remote target destination.

 ============== ================================================================================
-Setting                 Explanation
+**Option**     **Description**
 ============== ================================================================================
 Enabled        Master on/off switch.
 Transport      Protocol to use for syslog.