mirror of https://github.com/nealey/eris.git
Update to reflect ancient sslio
This commit is contained in:
parent
6121939bf0
commit
aab1b7496b
2
README
2
README
|
@ -49,7 +49,7 @@ Start with:
|
||||||
tcpserver -v -RHl localhost -u 1234 -g 1234 0 80 ./eris
|
tcpserver -v -RHl localhost -u 1234 -g 1234 0 80 ./eris
|
||||||
|
|
||||||
There are many other ways to start eris.
|
There are many other ways to start eris.
|
||||||
For example, you can run an HTTPS server using tcpsvd and sslio.
|
For example, you can run an HTTPS server with stunnel.
|
||||||
|
|
||||||
You just need something that launches eris with stdin and stdout connected to the client.
|
You just need something that launches eris with stdin and stdout connected to the client.
|
||||||
|
|
||||||
|
|
36
README.SSL
36
README.SSL
|
@ -4,23 +4,31 @@ SSL with eris
|
||||||
Eris does not care what transport is in use: that job is left to the invoking
|
Eris does not care what transport is in use: that job is left to the invoking
|
||||||
program (eg. tcpserver).
|
program (eg. tcpserver).
|
||||||
|
|
||||||
Gerrit Pape's `ipsvd` package comes with two programs for running SSL daemons:
|
In the past you could use `sslio` with `tcpsvd`,
|
||||||
`sslsvd` and `sslio`. At the time of this writing, however, Gerrit's `ipsvd`
|
but `sslio` has not been updated in a long time,
|
||||||
has no support for IPv6. Busybox `ipsvd`, and `ucspi-tcp-ipv6`, both do
|
and won't work with (at least) Chrome 39.
|
||||||
support IPv6.
|
|
||||||
|
|
||||||
Here is how you can support SSL *and* IPv6:
|
I recommend using stunnel,
|
||||||
|
which also works with IPv6.
|
||||||
|
You can invoke it like so:
|
||||||
|
|
||||||
|
#! /bin/sh
|
||||||
cd /srv/www
|
cd /srv/www
|
||||||
HTTPS=enabled; export HTTPS
|
HTTPS=enabled; export HTTPS
|
||||||
exec tcpserver -H -R 0 443 \
|
|
||||||
/usr/bin/sslio -u nobody:ssl-cert -U www-data \
|
|
||||||
-C /path/to/mydomain.crt -K /path/to/mydomain.key \
|
|
||||||
/service/httpd/eris -c
|
|
||||||
|
|
||||||
This uses `tcpserver` to listen for and accept TCP4 and TCP6 connections.
|
exec stunnel -fd 3 3<<EOD
|
||||||
These connections are then handed to `sslio`, which drops permissions to
|
foreground = yes
|
||||||
`nobody:ssl-cert` and starts speaking SSL to `eris` running as `www-data`.
|
setuid = http
|
||||||
|
setgid = http
|
||||||
|
debug = 4
|
||||||
|
|
||||||
I like to set the `HTTPS` environment variable also, so CGI can tell whether or
|
[https]
|
||||||
not its connection is secure.
|
accept = ::443
|
||||||
|
cert = /path/to/yourserver.crt
|
||||||
|
key = /path/to/yourserver.key
|
||||||
|
exec = /path/to/eris
|
||||||
|
execargs = eris -c
|
||||||
|
EOD
|
||||||
|
|
||||||
|
I set the `HTTPS` environment variable,
|
||||||
|
so CGI can tell whether or not its connection is secure.
|
||||||
|
|
Loading…
Reference in New Issue