Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
APE Server Configuration SSL Tunnel
Clone this wiki locally
The APE Server doesn't support SSL yet, but if you need SSL you can do it with stunnel.
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
Warning you have to use Stunnel prior to 4.30 because version > 4.30 will close connection to ape after succesfull site opening causing close timeout of 60 sec!
Install stunnel on your distribution with your favorite package system.
On debian :
APE:~# apt-get install stunnel4
Then configure stunnel create the configuration file in /etc/stunnel/ape.conf
cert = /etc/stunnel/stunnel.pem sslVersion = SSLv3 debug = 7 output = /var/log/stunnel4/stunnel.log ;disable delay DNS lookup for 'connect' option delay = no ;no time to wait for close_notify! TIMEOUTclose = 0 [ape] accept = 443 connect = 18.104.22.168:80
This configuration accept secure connection on port 443 (but you can use any other free port) and forward it to the IP 22.214.171.124 on port 80 (replace it with the IP:Port of your APE Server) In order to make it work you have to put your certificate file in /etc/stunnel/stunnel.pem Finally, run the following command to check for errors:
APE:~# stunnel4 /etc/stunnel/ape.conf
Configure APE JSF
The SSL support was added to APE JSF on github (version 1.0 do not support it), update the APE JSF to the lastest github version. Here is the configuration to make the APE JSF work with SSL :
APE.Config.server = 'ape.ape-project.org:443'; APE.Config.secure = true;
You can proceed to the next step: Configuration DNS