-
Notifications
You must be signed in to change notification settings - Fork 104
APE Server Configuration SSL Tunnel
The APE Server doesn't support SSL yet, but if you need SSL you can do it with stunnel.
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
Warning you have to use Stunnel prior to 4.30 because version > 4.30 will close connection to ape after succesfull site opening causing close timeout of 60 sec!
Install stunnel on your distribution with your favorite package system.
APE:~# apt-get install stunnel4
Then configure stunnel create the configuration file in /etc/stunnel/ape.conf
cert = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
debug = 7
output = /var/log/stunnel4/stunnel.log
;disable delay DNS lookup for 'connect' option
delay = no
;no time to wait for close_notify!
TIMEOUTclose = 0
[ape]
accept = 443
connect = 87.98.169.115:80
This configuration accept secure connection on port 443 (but you can use any other free port) and forward it to the IP 87.98.169.115 on port 80 (replace it with the IP:Port of your APE Server) In order to make it work you have to put your certificate file in /etc/stunnel/stunnel.pem Finally, run the following command to check for errors:
APE:~# stunnel4 /etc/stunnel/ape.conf
The SSL support was added to APE JSF on github (version 1.0 do not support it), update the APE JSF to the lastest github version. Here is the configuration to make the APE JSF work with SSL :
APE.Config.server = 'ape.ape-project.org:443';
APE.Config.secure = true;
You can proceed to the next step: Configuration DNS