Difference between revisions of "Run a third instance of thttpd as an SSL server, via stunnel"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
 
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
#REDIRECT [[Un a third instance of thttpd as an SSL server, via stunnel]]
+
{{Template:Articles}}
 +
''<font color=red><small>
 +
This article
 +
Based on work by andre.
 +
Originally by andre.
 +
</small></font>''
 +
 
 +
= SSL with thttpd and stunnel4 =
 +
 
 +
* <strong>thttpd</strong> is the web server that comes with the Linkstation; the example configuration will assume you're using a <strong>third</strong> instance of thttpd, as described in [[Articles/GeneralThttpd]] for thttpd<strong>2 not 3</strong>. This <strong>third</strong> thttpd will be running on port <strong>8080</strong>, serving contents from <strong>/mnt/share/www-ssl</strong>. The relevant parts of /etc/thttp3.conf read:
 +
 
 +
port=8080
 +
user=nobody # cgi!
 +
dir=/mnt/share/www-ssl # this is our secure server root
 +
charset=utf-8
 +
 
 +
You might also find [[Articles/GeneralThttpdRedirectSSI]] useful for your web server.
 +
 
 +
* <strong>stunnel</strong> makes non-SSL services accessible via SSL; see http://www.stunnel.org
 +
 
 +
==  Debian configuration of stunnel4 ==
 +
 
 +
apt-get install stunnel4
 +
 +
The relevant parts of /etc/stunnel/stunnel.conf read:
 +
 
 +
cert = /etc/ssl/certs/stunnel.pem
 +
key = /etc/ssl/certs/stunnel.pem
 +
setuid = stunnel4
 +
setgid = stunnel4
 +
pid = /var/run/stunnel4/stunnel.pid
 +
socket = l:TCP_NODELAY=1
 +
socket = r:TCP_NODELAY=1
 +
compression = rle
 +
output = /var/log/stunnel4/stunnel.log
 +
client = no
 +
[https]
 +
accept  = 443
 +
connect = 8080
 +
TIMEOUTclose = 0
 +
# add more services if you want to
 +
 
 +
The relevant parts of /etc/default/stunnel4 read:
 +
 
 +
ENABLED=1
 +
FILES="/etc/stunnel/*.conf"
 +
OPTIONS=""
 +
PPP_RESTART=0
 +
 
 +
Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine):
 +
 
 +
cd /etc/ssl/certs
 +
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
 +
chmod 600 stunnel.pem
 +
dd if=/dev/urandom of=temp_file count=2
 +
openssl dhparam -rand temp_file 512 >> stunnel.pem
 +
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
 +
rm temp_file
 +
/etc/init.d/stunnel4 restart
 +
/etc/init.d/thttpd3 restart
 +
 
 +
You can connect to your secure server using https://your.ip.addre.ss
 +
 
 +
[[Category:General]]
 +
[[Category:Howto]]
 +
[[Category:Debian]]
 +
 
 +
[[Category:Software]]

Latest revision as of 00:54, 23 July 2006

This article Based on work by andre. Originally by andre.

SSL with thttpd and stunnel4

  • thttpd is the web server that comes with the Linkstation; the example configuration will assume you're using a third instance of thttpd, as described in Articles/GeneralThttpd for thttpd2 not 3. This third thttpd will be running on port 8080, serving contents from /mnt/share/www-ssl. The relevant parts of /etc/thttp3.conf read:
port=8080
user=nobody # cgi!
dir=/mnt/share/www-ssl # this is our secure server root
charset=utf-8

You might also find Articles/GeneralThttpdRedirectSSI useful for your web server.

Debian configuration of stunnel4

apt-get install stunnel4

The relevant parts of /etc/stunnel/stunnel.conf read:

cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.pem
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
output = /var/log/stunnel4/stunnel.log
client = no
[https]
accept  = 443
connect = 8080
TIMEOUTclose = 0
# add more services if you want to

The relevant parts of /etc/default/stunnel4 read:

ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0 

Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine):

cd /etc/ssl/certs
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
chmod 600 stunnel.pem
dd if=/dev/urandom of=temp_file count=2
openssl dhparam -rand temp_file 512 >> stunnel.pem
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
rm temp_file
/etc/init.d/stunnel4 restart
/etc/init.d/thttpd3 restart

You can connect to your secure server using https://your.ip.addre.ss