After running APE 1.0 with SSL via stunnel 4 sucsessfuly for a half year, i want finally to share my expierience about the live with ape running with SSL.
last week i have installed new server Debian 6 LAMP with latest patches, and had big trouble starting ape to run with SSL again (last time on Debian 5). Trouble was Stunnel from version 4.30> closing connection to ape after succesfull site opening causing close timeout of 60 sec! if i set CLOSEtimeout=0 where was no more timeout waiting but connection to ape was lost, so i have downgraded my STUNNEL4 version to 4.29 and all was fine again. ------------------------------------------------------------------------------------------------------------------------------------------ Here comes my quick stepp by stepp guide for adwanced Linux users. Things you need to run APE with SSL on Jour LAMP Mashine: *2nd IP for APE (virtual one -without separate MAC is ok) *STUNNEL == v4.29 !!! (verry important other versions dont work for a time being) *APE Server Package http://nocache.ape-project.org/files.php?f=APE-Project_1.0.tar.gz&v=1.0 important for 1st instaliation to take a package not a git revision because of big chance off forgotten dependecies and other trouble depending of your system. *an "WILDCARD SSL Certificate" wildcard means "*" and looks like -> " *.ape.yourdomain.com " *google skill to find stunnel and other missing packages :D ------------------------------------------------------------------------------------------------------------------------------------------- after you installed APE Package WITH ALL dependencies register an subdomain for your seccond ip example: 1st IP 192.168.0.10 <- mydomain.com 2nd IP 192.168.0.11 <- ape.mydomain.com Download Ape-jsf (ape java script framework) copy it to your webfolder and register in apache "activated" folder so now you can do some testing with java script to ensure ape is working good.(be sure to configure ape-jsf/Demos/config.js to your domain) If all goes well you can start messing up with Stunnel and getting Certificates copied into stunnel.pem and ca.pem, be sure to get /RSA/ root/andCA certificates in a right order into your stunnel.pem file. here comes my config : (/etc/stunnel/ape.conf) CAfile = /etc/stunnel/ca.pem cert = /etc/stunnel/stunnel.pem ###### be sure to set sslversion on server to "all" if not, ape will not work. sslVersion = all debug = 7 output = /var/log/stunnel4/stunnel.log ###### here some connection tunning can skipp this or yust test it. socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ###### here comes ape SSL connector [ape] accept = myapeip:443 connect = myapeip:6969 #### about the seccond IP, i have done an redirection rule302 (THX ManuelAC) into apache to redirect all http calls from my ape ip to https-> /etc/apache2/sites-enabled/000.default ----------------------------------------------------------- ########APE 302 Directive :80 -> :443 ######## <VirtualHost YOURAPEIP:80> RewriteEngine on RewriteCond %{SERVER_PORT} ^80$ ##---- RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R] RewriteLog "/var/log/apache2/rewrite.log" RewriteLogLevel 2 </VirtualHost> ----------------------------------------------------------- #########dont forget VirtualHost /etc/apache2/port.conf NameVirtualHost "yourapeIP":80 ############################################## ####and at last /ape-jsf/Demos/config.js <.... APE.Config.baseUrl = 'https://www.yourdomain.com/ape-jsf'; //APE JSF APE.Config.domain = 'yourdomain.com'; APE.Config.server = 'ape.yourdomain.com'; //APE server URL APE.Config.secure = true; //very important for SSL ############################################## and i wish you happy log Hunt. Mantas Misinis. :D greeetz ManuelAC - without your tipps i had been lost :D -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
