2012-12-09 15:12:14 -07:00
|
|
|
SSL with eris
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
Eris does not care what transport is in use: that job is left to the invoking
|
|
|
|
|
program (eg. tcpserver).
|
|
|
|
|
|
2014-11-19 16:49:48 -07:00
|
|
|
In the past you could use `sslio` with `tcpsvd`,
|
|
|
|
|
but `sslio` has not been updated in a long time,
|
|
|
|
|
and won't work with (at least) Chrome 39.
|
2012-12-09 15:12:14 -07:00
|
|
|
|
2014-11-19 16:49:48 -07:00
|
|
|
I recommend using stunnel,
|
|
|
|
|
which also works with IPv6.
|
|
|
|
|
You can invoke it like so:
|
2012-12-09 15:12:14 -07:00
|
|
|
|
2014-11-19 16:49:48 -07:00
|
|
|
#! /bin/sh
|
2014-11-19 16:50:26 -07:00
|
|
|
cd /srv/www
|
|
|
|
|
HTTPS=enabled; export HTTPS
|
2012-12-09 15:12:14 -07:00
|
|
|
|
2014-11-19 16:50:26 -07:00
|
|
|
exec stunnel -fd 3 3<<EOD
|
2014-11-19 16:49:48 -07:00
|
|
|
foreground = yes
|
|
|
|
|
setuid = http
|
|
|
|
|
setgid = http
|
|
|
|
|
debug = 4
|
2012-12-09 15:12:14 -07:00
|
|
|
|
2014-11-19 16:49:48 -07:00
|
|
|
[https]
|
|
|
|
|
accept = ::443
|
|
|
|
|
cert = /path/to/yourserver.crt
|
|
|
|
|
key = /path/to/yourserver.key
|
|
|
|
|
exec = /path/to/eris
|
|
|
|
|
execargs = eris -c
|
|
|
|
|
EOD
|
|
|
|
|
|
|
|
|
|
I set the `HTTPS` environment variable,
|
|
|
|
|
so CGI can tell whether or not its connection is secure.
|
