Run a third instance of thttpd as an SSL server, via stunnel

'' This article Based on work by andre. Originally by andre. ''

= SSL with thttpd and stunnel4 =


 * thttpd is the web server that comes with the Linkstation; the example configuration will assume you're using a third instance of thttpd, as described in Articles/GeneralThttpd for thttpd 2 not 3 . This third thttpd will be running on port 8080, serving contents from /mnt/share/www-ssl . The relevant parts of /etc/thttp3.conf read:

port=8080 user=nobody # cgi! dir=/mnt/share/www-ssl # this is our secure server root charset=utf-8

You might also find Articles/GeneralThttpdRedirectSSI useful for your web server.


 * stunnel makes non-SSL services accessible via SSL; see http://www.stunnel.org

Debian configuration of stunnel4
apt-get install stunnel4 The relevant parts of /etc/stunnel/stunnel.conf read:

cert = /etc/ssl/certs/stunnel.pem key = /etc/ssl/certs/stunnel.pem setuid = stunnel4 setgid = stunnel4 pid = /var/run/stunnel4/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 compression = rle output = /var/log/stunnel4/stunnel.log client = no [https] accept = 443 connect = 8080 TIMEOUTclose = 0
 * 1) add more services if you want to

The relevant parts of /etc/default/stunnel4 read:

ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" PPP_RESTART=0

Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine):

cd /etc/ssl/certs openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem chmod 600 stunnel.pem dd if=/dev/urandom of=temp_file count=2 openssl dhparam -rand temp_file 512 >> stunnel.pem ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0 rm temp_file /etc/init.d/stunnel4 restart /etc/init.d/thttpd3 restart

You can connect to your secure server using https://your.ip.addre.ss