Tweets from pichat
 | Two songs from the year I created my first web sites. http://t.co/8eHrOA9K + http://t.co/AuWb2etI #video #retro About 1 day ago from pichat (Mark Seuffert) |
Tweets from 600infos
 | I HAVE NYANED FOR 888.4 SECONDS! http://t.co/JQYOZebv via @nyannyancat About 1 week, 5 days ago from 600infos (Wolf) |
Trace: » Change your Nickname permanently » Convert all files in a directory to lowercase » Featurerequests (en) » Application-Logos » Pichat as Service » Using HTTPS for Pichat with stunnel
You are here: Pichat Wiki (en) » Manuals » Using HTTPS for Pichat with stunnel
Using HTTPS for Pichat with stunnel
- Download stunnel from http://www.stunnel.org/download/
- install/copy stunnel to a path like
in Windows: %ProgramFiles%\stunnel
or in Linux /usr/sbin/stunnel and /etc/stunnel/ - create or modify the stunnel.conf like in the Example below
- now you can test your first settings
Testing
- start pichat.exe with webserver on port 80 (this are the default settings)
- start stunnel.exe (open stunnle logfile by right click on the stunnle icon in the taskbar)
- open a browser (like Firefox) an surf to https://localhost/
- have a look to the stunnel log for more informations
After testing
Create a new (stunnel.pem) or an own (own.pem) certificate (e.g. using XCA from http://xca.hohnstaedt.de/ )
If you are using an own certificate, pls do not forgett to modify the conf-file.
if it works now, you may install stunnel as a service by using the following commands:
- stunnel -install
- stunnel -start
SYNOPSIS
Unix:
stunnel [<filename>] | -fd n | -help | -version | -sockets
WIN32:
stunnel [-install | -uninstall | -start | -stop] [-quiet] [<filename>] | -help | -version | -sockets
Stunnel-4.x Man Page
For more infos have a look to http://www.stunnel.org/faq/stunnel.html
Example stunnel.conf
; Sample stunnel configuration file for HTTPS by Mark Wolfgruber ; based on the Sample of Michal Trojnara ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log ; Service-level configuration [https] accept = 443 connect = 80 TIMEOUTclose = 0
Install stunnel
Linux installation
install stunnel with your packetmanager
e.g. ''apt-get install stunnel'' or ''apt-get --reinstall install stunnel'' or from http://mirror.centos.org/centos/5.2/os/i386/CentOS/stunnel-4.15-2.i386.rpm)
or
- Download the latest source tarball (stunnel-4.25.tar.gz as of 2008-07-22) from http://www.stunnel.org/download/source.html to /tmp.
- cd /tmp
- gzip -dc stunnel-#.##.tar.gz | tar -xvf -
- cd stunnel-#.##
- ./configure
- make
- make install
- install_stunnel.sh
#!/bin/sh # install_stunnel.sh apt-get update # if you get an error remove it and try it again # apt-get remove openssl # apt-get remove stunnel # installing with apt-get apt-get install openssl apt-get install stunnel mkdir /etc/stunnel/ wget --proxy=off --output-document=/etc/stunnel/stunnel.pem http://www.stunnel.org/download/stunnel/win32/stunnel.pem touch /etc/stunnel/stunnel.conf # inster in conf: # cert = /etc/stunnel/stunnel.pem # output = /etc/stunnel/stunnel.log echo starting stunnel use: /usr/sbin/stunnel &
create a certification file (recommended) or download one from anywhere
wget --proxy=off --output-document=/etc/stunnel/stunnel.pem http://www.stunnel.org/download/stunnel/win32/stunnel.pem
create the /etc/stunnel/stunnel.conf
touch /etc/stunnel/stunnel.conf
and edit it with an Text editor like above in the Example stunnel.conf (e.g. using vi 
)
vi /etc/stunnel/stunnel.conf
using inside the stunnel.conf
- cert = /etc/stunnel/stunnel.pem
- output = /etc/stunnel/stunnel.log
start stunnel
/usr/sbin/stunnel
more examples at http://www.stunnel.org/examples/
to see how to run Stunnel daemon in an own root ⇒ http://www.stunnel.org/examples/chroot.html
Edit the start script
create the init-script
touch /etc/init.d/stunnel chmod 755 /etc/init.d/stunnel
and edit it with an Text editor (e.g. using vi )
vi /etc/init.d/stunnel
/etc/init.d/stunnel
#!/bin/sh # /etc/init.d/stunnel # # init-Script stunnel to start/stop/restart stunnel or show the running state # please have a look to http://pichat-wiki.de # # Version 0.1.0 2010-03-04 Mark Wolfgruber # modified from http://www.stunnel.org/examples/chroot.html # # processname: stunnel # case "$1" in start) echo -n "Starting stunnel services..." stunnel echo " done" ;; stop) echo -n "Stopping stunnel services..." pkill stunnel echo " done" ;; status) status stunnel ;; restart) /etc/init.d/stunnel stop /etc/init.d/stunnel start ;; *) echo "Usage: stunnel {start|stop|status|restart}" exit 1 esac exit 0
create a logical link for the default Runlevels
ln -fs /etc/init.d/stunnel /etc/rc0.d/K92stunnel # runlevel 1 only singeluser ln -fs /etc/init.d/stunnel /etc/rc2.d/S92stunnel ln -fs /etc/init.d/stunnel /etc/rc3.d/S92stunnel # runlevel 4 normally not defined ln -fs /etc/init.d/stunnel /etc/rc5.d/S92stunnel ln -fs /etc/init.d/stunnel /etc/rc6.d/K92stunnel
- verify
runlevel ls -l /etc/rc2.d
or
runlevel ls -l /etc/rc.d/rc2.d | grep stunnel
⇒ S91stunnel → /etc/init.d/stunnel
