Thanks for quick reply, Scott! I didn't manage to explain my problem, sorry...
The problem I have is: the assp process: perl assp.pl listens on some port (55555 by default). If this traffic is not encrypted, even if it is only local traffic (127.0.0.1:55555), I have a problem. I didn't find a way to configure (in assp.cfg) encryption of this traffic. All the solutions (stunnel, or apache reverse ssl proxy as you suggested) are the following: DIFFERENT process on the same machine is used for encryption of traffic. These solutions are suitable if one is worried about encryption of traffic between the machine hosting assp and external machines. I'm worried about traffic INTERNAL for the machine hosting assp. In my case different process used for encryption does not help, as this process has to talk to the port on local machine used by assp (127.0.0.1:55555 in default configuration), and this traffic in not encrypted, and can be sniffed by local user. Is there some way to configure assp to use SSL encryption for the web admin interface? Any other ideas how to avoid unencrypted web admin interface traffic even on localhost? Of course, I can just edit assp.cfg with text editor on the production server, but as we have nice web interface it will be a shame not to use that. Thanks. Valeri On Sun, January 3, 2010 8:00 pm, Scott Haneda wrote: > Maybe set up Apache to do an SSL proxy from the ASSP port to some other > port. A reverse SSL proxy is very easy to set up: > http://www.google.com/search?hl=en&source=hp&q=apache+ssl+reverse+proxy&aq=0&oq=apache+ssl+rev&aqi=g1 > -- > Scott * If you contact me off list replace talklists@ with scott@ * > > On Jan 3, 2010, at 5:21 PM, Valeri Galtsev wrote: > >> Hello, >> >> Could someone point me to the way I can encrypt traffic on the web admin >> interface. >> >> The best I found on the Wiki is stunnel: >> >> http://sourceforge.net/apps/mediawiki/assp/index.php?title=Debian#ASSP_web_interface_over_SSL >> >> which allows to encrypt traffic to the machine from network, but still >> the >> same traffic on the machine is sniffable by local users. >> >> I don't want to spare dedicated machine (or virtual machine) with no >> user >> logins for hosting assp only (and I don't want to sophisticate my DNS >> records); and I do have to allow shell logins to my e-mail servers >> (which >> will host assp once all is sorted out), and although users on mail >> servers >> are only able to execute binaries installed by sysadmin, I still prefer >> to >> keep local traffic encrypted (except for what travels on the Internet >> unencrypted anyway...) >> >> Thanks for all your help, > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
