APE Server Configuration SSL Tunnel

Louis Charette edited this page Apr 19, 2014 · 1 revision

The APE Server doesn't support SSL yet, but if you need SSL you can do it with stunnel.

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Setup stunnel

Warning you have to use Stunnel prior to 4.30 because version > 4.30 will close connection to ape after succesfull site opening causing close timeout of 60 sec!

Install stunnel on your distribution with your favorite package system.

On debian :

APE:~# apt-get install stunnel4

Then configure stunnel create the configuration file in /etc/stunnel/ape.conf

cert = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
 
debug = 7
output = /var/log/stunnel4/stunnel.log
 
;disable delay DNS lookup for 'connect' option
delay = no
;no time to wait for close_notify!
TIMEOUTclose = 0
 
[ape]
accept = 443
connect = 87.98.169.115:80

This configuration accept secure connection on port 443 (but you can use any other free port) and forward it to the IP 87.98.169.115 on port 80 (replace it with the IP:Port of your APE Server) In order to make it work you have to put your certificate file in /etc/stunnel/stunnel.pem Finally, run the following command to check for errors:

APE:~# stunnel4 /etc/stunnel/ape.conf

Configure APE JSF

The SSL support was added to APE JSF on github (version 1.0 do not support it), update the APE JSF to the lastest github version. Here is the configuration to make the APE JSF work with SSL :

APE.Config.server = 'ape.ape-project.org:443';
APE.Config.secure = true;

Now what?

You can proceed to the next step: Configuration DNS