Wiki Navigation

SSL

AxKit2 doesn't have built-in SSL support. Two easy ways to retrofit a solid SSL engine are Squid aund Stunnel. Squid has been explained in ReverseProxy, and that configuration could be extended to serve as an SSL-enabled forwarder, but since not all operating systems ship an SSL-enabled Squid, Stunnel should also be considered.

Squid

This part needs elaboration. No example configuration is yet present.

Stunnel

This example uses DaemonTools just as explained there. You only need to replace the "run" script with this one:

#!/bin/sh
# CONFIGURATION SECTION

USER=syntax-k
MEM=32

# Do not change anything below
export HOME="`eval echo ~"$USER"`"
cd "$HOME"
exec softlimit -m $(($MEM*1024*1024)) stunnel -d ssl.example.com:443 -r 8000 -s $USER -p data/certs/ssl.pem -f

This script expects the SSL certificate and private key in $HOME/data/certs/ssl.pem, listens on ssl.example.com (SSL servers can't do name-based virtual hosting!) and forwards SSL requests to port 8000, where your regular AxKit2 server should be running.

You can reuse the "log/run" script from the DaemonTools page.

Download in other formats:

Plain Text