Etusivu Tutki Apua
Kirjaudu sisään
mudclient
/
tintin
2
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Haara: master
Haarat Tunnisteet
tintin
/
docs
/
ssl.txt

ssl.txt 4.1 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. SERVER CONFIGURATION
    2. 

  2. --------------------
    3. 

  3. 

  4. No changes are made to tintin or script configuration. The plan is to tunnel
    5. 

  5. an SSL connection to your #port or #chat port.
    6. 

  6. 

  7. One problem is that redirected connections will appear to originate from
    8. 

  8. localhost. Fortunately tintin can handle this if needed.
    9. 

  9. 

  10. You'll need to install the 'stunnel' package or download it from the
    11. 

  11. www.stunnel.org website. There is a Windows version of stunnel with
    12. 

  12. essentially the same interface.
    13. 

  13. 

  14. You'll also need the 'openssl' package.
    15. 

  15. 

  16. If you do this on Ubuntu the package might install the command as stunnel4
    17. 

  17. while stunnel calls stunnel3. Be mindful of that.
    18. 

  18. 

  19. Create a directory to store the certificates, and the stunnel config file.
    20. 

  20. 

  21. Create a self-signed certificate using openssl. For more info see:
    22. 

  22. http://www.stunnel.org/faq/certs.html
    23. 

  23. 

  24. Switch to the directory where you want to store the certs, and then run the
    25. 

  25. command to generate a self-signed cert:
    26. 

  26. 

  27. openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
    28. 

  28. 

  29. It will prompt you for some information. The only thing you really need to
    30. 

  30. change from default, is the Common Name entry, which you should specify the
    31. 

  31. full hostname of your server, for example:  server.domain.com
    32. 

  32. 

  33. Do not enter a passphrase for the cert, otherwise you will be prompted to
    34. 

  34. enter this passphrase every single time you start stunnel.
    35. 

  35. 

  36. Run chmod 660 stunnel.pem
    37. 

  37. 

  38. Stunnel will fail if the permissions are not correct on the file.
    39. 

  39. 

  40. Create the config file for stunnel4, for example tinssl.conf, and use the
    41. 

  41. following contents, adjusting where necessary:
    42. 

  42. 

  43. Code: [Select]
    44. 

  44. foreground = no
    45. 

  45. pid=/home/user/.tintin/ssl/tinssl.pid
    46. 

  46. 

  47. [tinssl]
    48. 

  48. accept=4051
    49. 

  49. cert=/home/user/.tintin/ssl/stunnel.pem
    50. 

  50. key=/home/user/.tintin/ssl/stunnel.pem
    51. 

  51. client=no
    52. 

  52. connect=localhost:4050
    53. 

  53. 

  54. The foreground option - change this to 'yes' to keep stunnel in the foreground
    55. 

  55. initially. Useful to see errors. Specify the pid to a writable path, or set it
    56. 

  56. to "pid=" for no pid file. If you don't know what a pid file is you can leave
    57. 

  57. it blank.
    58. 

  58. 

  59. The segment headed by [tinssl] is the service entry. The name is arbitrary,
    60. 

  60. and there can be multiple entries if you want more tunnels. "accept=4051" is
    61. 

  61. the port for stunnel to listen for connections. "client=no" is software
    62. 

  62. default - this specifies a server connection, so stunnel must listen on 4051
    63. 

  63. for SSL connections. "connect=localhost:4050" This specifies where stunnel
    64. 

  64. will direct the incoming SSL connection. In this case, to tintin's default
    65. 

  65. chat port.
    66. 

  66. 

  67. Now run: stunnel4 tinssl.conf
    68. 

  68. 

  69. It should disappear into the background, or if you set foreground=yes, you
    70. 

  70. will see the basic log.
    71. 

  71. 

  72. Run "ps -aux|grep stunnel" to verify that stunnel is running. There will
    73. 

  73. probably be around 4 processes running (For some odd reason). For
    74. 

  74. Windows, you should have an icon in the system tray.
    75. 

  75. 

  76. With tintin you can now connect to the port using the #ssl command. To
    77. 

  77. connect to a chat port you'd have to run the connection through another
    78. 

  78. stunnel proxy. If there are problems check the logs and verify you opened
    79. 

  79. the port on your firewall, etc.
    80. 

  80. 

  81. CLIENT CONFIGURATION
    82. 

  82. --------------------
    83. 

  83. 

  84. If you want to use an SSL connection over #chat you can set up stunnel in
    85. 

  85. client mode to connect to your new SSL proxy. In this case we'll use 
    86. 

  86. Windows, but it's virtually identical on any supported platform.
    87. 

  87. 

  88. Install stunnel for Windows.
    89. 

  89. 

  90. Edit the stunnel config from the convenient menu entry. Leave everything as
    91. 

  91. is, and add a service entry at the bottom of the file:
    92. 

  92. 

  93. Code: [Select]
    94. 

  94. [tinssl]
    95. 

  95. accept = 12345
    96. 

  96. connect = server.domain.com:4051
    97. 

  97. client = yes
    98. 

  98. 

  99. "accept=12345" is the LOCAL port for stunnel to listen on.
    100. 

  100. "connect=server.domain.com:4051" is the SSL server to connect to, in this
    101. 

  101. case, your newly configured stunnel on your host server.
    102. 

  102. 

  103. "client=yes" This is important, stunnel will NOT work properly if you do not
    104. 

  104. set client=yes here.
    105. 

  105. 

  106. Run stunnel, and you will get a new icon in your systray. You can right-click
    107. 

  107. it and 'View Log' to see what's going on, if you like. Run tintin and create
    108. 

  108. a chat connection to localhost, port 12345 (or whatever you configured).
    109. 

  109. 

  110. You should be momentarily connected to the given ssl server.
    111. 

  111. 

  112. 

  113. Special thanks to Vilentus for the original documentation.
    114.