Run a third instance of thttpd as an SSL server, via stunnel

From NAS-Central Buffalo - The Linkstation Wiki
Revision as of 00:54, 23 July 2006 by Ramuk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This article Based on work by andre. Originally by andre.

SSL with thttpd and stunnel4

  • thttpd is the web server that comes with the Linkstation; the example configuration will assume you're using a third instance of thttpd, as described in Articles/GeneralThttpd for thttpd2 not 3. This third thttpd will be running on port 8080, serving contents from /mnt/share/www-ssl. The relevant parts of /etc/thttp3.conf read:
user=nobody # cgi!
dir=/mnt/share/www-ssl # this is our secure server root

You might also find Articles/GeneralThttpdRedirectSSI useful for your web server.

Debian configuration of stunnel4

apt-get install stunnel4

The relevant parts of /etc/stunnel/stunnel.conf read:

cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.pem
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
output = /var/log/stunnel4/stunnel.log
client = no
accept  = 443
connect = 8080
TIMEOUTclose = 0
# add more services if you want to

The relevant parts of /etc/default/stunnel4 read:


Create an SSL certificate (digest of /mnt/usr/share/doc/stunnel4/README.Debian by Julien Lemoine):

cd /etc/ssl/certs
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
chmod 600 stunnel.pem
dd if=/dev/urandom of=temp_file count=2
openssl dhparam -rand temp_file 512 >> stunnel.pem
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
rm temp_file
/etc/init.d/stunnel4 restart
/etc/init.d/thttpd3 restart

You can connect to your secure server using