Using HTTPS for Pichat with stunnel
Testing
After testing
SYNOPSIS
Install stunnel
- Linux installation
  - Edit the start script
  - create a logical link for the default Runlevels

Using HTTPS for Pichat with stunnel

Download stunnel from http://www.stunnel.org/download/
install/copy stunnel to a path like
in Windows: %ProgramFiles%\stunnel
or in Linux /usr/sbin/stunnel and /etc/stunnel/
create or modify the stunnel.conf like in the Example below
now you can test your first settings

Testing

start pichat.exe with webserver on port 80 (this are the default settings)
start stunnel.exe (open stunnle logfile by right click on the stunnle icon in the taskbar)
open a browser (like Firefox) an surf to https://localhost/
have a look to the stunnel log for more informations

After testing

Create a new (stunnel.pem) or an own (own.pem) certificate (e.g. using XCA from http://xca.hohnstaedt.de/ )
If you are using an own certificate, pls do not forgett to modify the conf-file.

if it works now, you may install stunnel as a service by using the following commands:

stunnel -install
stunnel -start

SYNOPSIS

Unix:

stunnel [<filename>] | -fd n | -help | -version | -sockets

WIN32:

stunnel  [-install | -uninstall | -start | -stop] [-quiet] [<filename>]  | -help | -version | -sockets

Stunnel-4.x Man Page

For more infos have a look to http://www.stunnel.org/faq/stunnel.html

Example stunnel.conf

; Sample stunnel configuration file for HTTPS by Mark Wolfgruber
; based on the Sample of Michal Trojnara 

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Service-level configuration

[https]
accept  = 443
connect = 80
TIMEOUTclose = 0

Install stunnel

Linux installation

install stunnel with your packetmanager

e.g. ''apt-get install stunnel'' or ''apt-get --reinstall install stunnel''
or from http://mirror.centos.org/centos/5.2/os/i386/CentOS/stunnel-4.15-2.i386.rpm)

Download the latest source tarball (stunnel-4.25.tar.gz as of 2008-07-22) from http://www.stunnel.org/download/source.html to /tmp.
cd /tmp
gzip -dc stunnel-#.##.tar.gz | tar -xvf -
cd stunnel-#.##
./configure
make
make install

install_stunnel.sh

#!/bin/sh
# install_stunnel.sh
 
apt-get update
 
# if you get an error remove it and try it again
# apt-get remove openssl
# apt-get remove stunnel
 
# installing with apt-get
apt-get install openssl
apt-get install stunnel
 
mkdir /etc/stunnel/
wget --proxy=off --output-document=/etc/stunnel/stunnel.pem http://www.stunnel.org/download/stunnel/win32/stunnel.pem
touch /etc/stunnel/stunnel.conf
 
# inster in conf:
# cert = /etc/stunnel/stunnel.pem
# output = /etc/stunnel/stunnel.log
 
echo starting stunnel use: /usr/sbin/stunnel &

create a certification file (recommended) or download one from anywhere

wget --proxy=off --output-document=/etc/stunnel/stunnel.pem http://www.stunnel.org/download/stunnel/win32/stunnel.pem

create the /etc/stunnel/stunnel.conf

touch /etc/stunnel/stunnel.conf

and edit it with an Text editor like above in the Example stunnel.conf (e.g. using vi :-) )

vi /etc/stunnel/stunnel.conf

using inside the stunnel.conf

cert = /etc/stunnel/stunnel.pem
output = /etc/stunnel/stunnel.log

start stunnel

/usr/sbin/stunnel

more examples at http://www.stunnel.org/examples/
to see how to run Stunnel daemon in an own root ⇒ http://www.stunnel.org/examples/chroot.html

Do not forgett to make the stunnel permanent after rebooting using a rc-script

Edit the start script

create the init-script

touch /etc/init.d/stunnel
chmod 755 /etc/init.d/stunnel

and edit it with an Text editor (e.g. using vi :-) )

vi /etc/init.d/stunnel

/etc/init.d/stunnel

 
#!/bin/sh
# /etc/init.d/stunnel
#
# init-Script stunnel to start/stop/restart stunnel or show the running state
# please have a look to http://pichat-wiki.de
#
# Version 0.1.0 2010-03-04 Mark Wolfgruber
# modified from http://www.stunnel.org/examples/chroot.html
#
# processname: stunnel
#
 
case "$1" in
  start)
        echo -n "Starting stunnel services..."
        stunnel
        echo " done"
        ;;
  stop)
        echo -n "Stopping stunnel services..."
        pkill stunnel
        echo " done"
        ;;
  status)
        status stunnel
        ;;
  restart)
        /etc/init.d/stunnel stop
        /etc/init.d/stunnel start
        ;;
  *)
        echo "Usage: stunnel {start|stop|status|restart}"
        exit 1
esac
 
exit 0

create a logical link for the default Runlevels

ln -fs /etc/init.d/stunnel /etc/rc0.d/K92stunnel 
# runlevel 1 only singeluser
ln -fs /etc/init.d/stunnel /etc/rc2.d/S92stunnel 
ln -fs /etc/init.d/stunnel /etc/rc3.d/S92stunnel 
# runlevel 4 normally not defined
ln -fs /etc/init.d/stunnel /etc/rc5.d/S92stunnel 
ln -fs /etc/init.d/stunnel /etc/rc6.d/K92stunnel

verify

runlevel
ls -l /etc/rc2.d

runlevel
ls -l /etc/rc.d/rc2.d | grep stunnel

⇒ S91stunnel → /etc/init.d/stunnel