This is my configuration for stunnel and it work fine for me, root@ws1 ~ # cat /etc/stunnel/ape.conf
; Start chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 //server path of CA cert, cert, and key CAfile = /ssl/ca.pem cert = /ssl/ape.pem key = /ssl/ape.key sslVersion = SSLv3 debug = 7 output = /var/log/stunnel4/stunnel.log delay = no TIMEOUTclose = 0 [ape] ;your's public ip, (this is an example with random ip) accept = 151.1.1.1:443 <http://176.9.75.219:443> connect = 151.1.1.1:6969 <http://176.9.75.219:6969> ; EOF I hope that will help you! 2014-09-06 4:03 GMT+02:00 <[email protected]>: > Hi, > > We have APE running on our live site and it's been working great so far. > Recently we want to start offering our users https connections so I found > the recommended solution to APE server with SSL > > https://github.com/APE-Project/APE_Server/wiki/APE-Server-Configuration-SSL-Tunnel#configure-ape-jsf > > So as an experiment I've tried to setup stunnel on our development server. > > We have an APE server on our dev server at port 6969 > > http://mydevsite.com:6969 > > The dev site is setup at > > http://mydevsite.com > > > My attempt is to get https://mydevsite.com:6968 working ( since port > 6969 is being used by APE, I thought I would tie it to 6968 ) > > > I setup stunnel and a self signed certificate > My stunnel config is here: > > cert = /etc/stunnel/stunnel.pem > ;sslVersion = SSLv3 > > debug = 7 > output = /var/log/stunnel.log > > ;disable delay DNS lookup for 'connect' option > delay = no > ;no time to wait for close_notify! > TIMEOUTclose = 0 > > [ape] > accept = 6968 > connect = mydevsiteIP:6969 > > Stunnel started without problems, but > https://mydevsite.com:6968 > > didn't work (I don't see the "APE Server No command given."), although > whenever I visit > https://mydevsite.com:6968, stunnel.log logged something, > > 2014.09.05 18:55:38 LOG7[23976:47210037002448]: ape accepted FD=7 from > MYPERSONALIP:65001 > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: ape started > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: FD 7 in non-blocking mode > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: FD 8 in non-blocking mode > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: FD 9 in non-blocking mode > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: Connection from > MYPERSONALIP:65001 permitted by libwrap > 2014.09.05 18:55:38 LOG5[23976:47209990064448]: ape connected from > MYPERSONALIP:65001 > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): > before/accept initialization > 2014.09.05 18:55:38 LOG7[23976:47210037002448]: Cleaning up the signal pipe > 2014.09.05 18:55:38 LOG6[23976:47210037002448]: Child process 24275 > finished with code 0 > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > read client hello A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > write server hello A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > write certificate A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > write server done A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > flush data > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > read client key exchange A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > read finished A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > write change cipher spec A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > write finished A > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: SSL state (accept): SSLv3 > flush data > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 8 items in the session > cache > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 0 client connects > (SSL_connect()) > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 0 client connects that > finished > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 0 client renegotiations > requested > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 20 server connects > (SSL_accept()) > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 17 server connects that > finished > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 0 server renegotiations > requested > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 7 session cache hits > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 0 session cache misses > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: 2 session cache timeouts > 2014.09.05 18:55:38 LOG6[23976:47209990064448]: SSL accepted: new session > negotiated > 2014.09.05 18:55:38 LOG6[23976:47209990064448]: Negotiated ciphers: > AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: FD 8 in non-blocking mode > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: ape connecting > 127.0.0.1:6969 > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: connect_wait: waiting 10 > seconds > 2014.09.05 18:55:38 LOG3[23976:47209990064448]: connect_wait: getsockopt: > Connection refused (111) > 2014.09.05 18:55:38 LOG5[23976:47209990064448]: Connection reset: 0 bytes > sent to SSL, 0 bytes sent to socket > 2014.09.05 18:55:38 LOG7[23976:47209990064448]: ape finished (0 left) > > > does that mean stunnel is communicating with APE? > > Here's our APE config: > > uid { > # "aped" switch to this user/group if it run as root > user = daemon > group = daemon > } > > > Server { > port = 6969 > daemon = no > ip_listen = SERVERIP > domain = auto > rlimit_nofile = 10000 > pid_file = /var/run/aped.pid > } > > Log { > debug = 1 > use_syslog = 0 > logfile = /var/log/ape.log > } > > JSONP { > eval_func = Ape.transport.read > allowed = 1 > } > > Config { > #relative to ape.conf > modules = /usr/lib/ape/ > modules_conf = /etc/ape/ > } > > > Please let me know if you have any ideas on how to fix this, I would > really appreciate it. > > > Thanks > Wayne > > > > -- > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ > > --- > You received this message because you are subscribed to the Google Groups > "APE Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- ------------------------------ *Michele Vezzoli* *IT Manager* TEL: +39.030.5230600 MOB: +39.328.0555322 FAX: +39.030.5230600 SKYPE: michele.vezzoli.vardump VarDump S.r.l. - www.var-dump.it This e-mail message does not imply or cause any obligation, unless it is provided by a previous written agreement. This message is confidential: if you have received it by mistake, please advise immediately the sender by e-mail and destroy the message and its attachments. You are hereby notified that any unauthorized use of the content of this message could constitute a criminal offence. Thank you. -- -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/ --- You received this message because you are subscribed to the Google Groups "APE Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
