Run a third instance of thttpd as an SSL server, via stunnel
From NAS-Central Buffalo - The Linkstation Wiki
(Difference between revisions)
| (One intermediate revision not shown) | |||
| Line 1: | Line 1: | ||
| - | + | {{Template:Articles}} | |
| + | ''<font color=red><small> | ||
| + | This article | ||
| + | Based on work by andre. | ||
| + | Originally by andre. | ||
| + | </small></font>'' | ||
| + | |||
| + | = SSL with thttpd and stunnel4 = | ||
| + | |||
| + | * <strong>thttpd</strong> is the web server that comes with the Linkstation; the example configuration will assume you're using a <strong>third</strong> instance of thttpd, as described in [[Articles/GeneralThttpd]] for thttpd<strong>2 not 3</strong>. This <strong>third</strong> thttpd will be running on port <strong>8080</strong>, serving contents from <strong>/mnt/share/www-ssl</strong>. The relevant parts of /etc/thttp3.conf read: | ||
| + | |||
| + | port=8080 | ||
| + | user=nobody # cgi! | ||
| + | dir=/mnt/share/www-ssl # this is our secure server root | ||
| + | charset=utf-8 | ||
| + | |||
| + | You might also find [[Articles/GeneralThttpdRedirectSSI]] useful for your web server. | ||
| + | |||
| + | * <strong>stunnel</strong> makes non-SSL services accessible via SSL; see http://www.stunnel.org | ||
| + | |||
| + | == Debian configuration of stunnel4 == | ||
| + | |||
| + | apt-get install stunnel4 | ||
| + | |||
| + | The relevant parts of /etc/stunnel/stunnel.conf read: | ||
| + | |||
| + | cert = /etc/ssl/certs/stunnel.pem | ||
| + | key = /etc/ssl/certs/stunnel.pem | ||
| + | setuid = stunnel4 | ||
| + | setgid = stunnel4 | ||
| + | pid = /var/run/stunnel4/stunnel.pid | ||
| + | socket = l:TCP_NODELAY=1 | ||
| + | socket = r:TCP_NODELAY=1 | ||
| + | compression = rle | ||
| + | output = /var/log/stunnel4/stunnel.log | ||
| + | client = no | ||
| + | [https] | ||
| + | accept = 443 | ||
| + | connect = 8080 | ||
| + | TIMEOUTclose = 0 | ||
| + | # add more services if you want to | ||
| + | |||
| + | The relevant parts of /etc/default/stunnel4 read: | ||
| + | |||
| + | ENABLED=1 | ||
| + | FILES="/etc/stunnel/*.conf" | ||
| + | OPTIONS="" | ||
| + | PPP_RESTART=0 | ||
| + | |||
| + | Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine): | ||
| + | |||
| + | cd /etc/ssl/certs | ||
| + | openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem | ||
| + | chmod 600 stunnel.pem | ||
| + | dd if=/dev/urandom of=temp_file count=2 | ||
| + | openssl dhparam -rand temp_file 512 >> stunnel.pem | ||
| + | ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0 | ||
| + | rm temp_file | ||
| + | /etc/init.d/stunnel4 restart | ||
| + | /etc/init.d/thttpd3 restart | ||
| + | |||
| + | You can connect to your secure server using https://your.ip.addre.ss | ||
| + | |||
| + | [[Category:General]] | ||
| + | [[Category:Howto]] | ||
| + | [[Category:Debian]] | ||
| + | |||
| + | [[Category:Software]] | ||
Latest revision as of 00:54, 23 July 2006
This article Based on work by andre. Originally by andre.
SSL with thttpd and stunnel4
- thttpd is the web server that comes with the Linkstation; the example configuration will assume you're using a third instance of thttpd, as described in Articles/GeneralThttpd for thttpd2 not 3. This third thttpd will be running on port 8080, serving contents from /mnt/share/www-ssl. The relevant parts of /etc/thttp3.conf read:
port=8080 user=nobody # cgi! dir=/mnt/share/www-ssl # this is our secure server root charset=utf-8
You might also find Articles/GeneralThttpdRedirectSSI useful for your web server.
- stunnel makes non-SSL services accessible via SSL; see http://www.stunnel.org
Debian configuration of stunnel4
apt-get install stunnel4
The relevant parts of /etc/stunnel/stunnel.conf read:
cert = /etc/ssl/certs/stunnel.pem key = /etc/ssl/certs/stunnel.pem setuid = stunnel4 setgid = stunnel4 pid = /var/run/stunnel4/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 compression = rle output = /var/log/stunnel4/stunnel.log client = no [https] accept = 443 connect = 8080 TIMEOUTclose = 0 # add more services if you want to
The relevant parts of /etc/default/stunnel4 read:
ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" PPP_RESTART=0
Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine):
cd /etc/ssl/certs openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem chmod 600 stunnel.pem dd if=/dev/urandom of=temp_file count=2 openssl dhparam -rand temp_file 512 >> stunnel.pem ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0 rm temp_file /etc/init.d/stunnel4 restart /etc/init.d/thttpd3 restart
You can connect to your secure server using https://your.ip.addre.ss
