一般來說,要在web server 支援ssl,有兩種方法
1) use model-
ssl to enable https with Apache server
2) Use https proxy server: such as stunnel
這邊介紹的是使用Stunnel 這種https proxy的使用方法
1. Download stunnel package
http://www.stunnel.org/download/source.html
2. unzip and install stunnel
// this need c compile, if your environment has no gcc compile, please install it first
//if you encountered some error that claimed no openssl.h, please upgrade your openssl
//module to the latest
#tar zxvf stunnel-#.##.tar.gz
#cd /stunnel-#.##
#./configure
#./make & make install
3. set up stunnelconfig
#cd /usr/local/etc/stunnel
// duplicate stunnel.conf from sample configuration file
#cpstunnel.conf-sample stunnel.conf
//modify the stunnel configuration
//The minimal setting should include 2 parts: cert and [https] section
//please unmark the below settings
#######################
;cert=/usr/local/etc/stunnel/stunnel.pem
;[https]
;accept = x.x.x.x:443
;connect =x.x.x.x:80
######################
4.generate self-sign certificate
//if it claims that error, you can try to give absolutely path of openssl.cnf
#opensslreq -new -x509 -days 365 -nodes -configopenssl.cnf -out stunnel.pem -keyoutstunnel.pem
5.start stunnel with configuration
#stunnelstunnel.conf
沒有留言:
張貼留言