At 22.49 09/05/2003 +0200, you wrote: >Am 09.05.2003 20:22:34, schrieb Erendil at aol.com: > >> Mmm, yeah. Question. Someone explain to me how to set it up for SSL, because >> I run a public gateway... (gentoo linux) > >AFAIK Marco was talking about an SSL-Gateway to FProxy:
Exactly >User points browser to https://....., this SSL-server redirects access to >FProxy (port 8888). This way the connection browser-FProxy is SSL- >encrypted (normal case: only local connection, no encryption, standard >HTTP) > >Google founds this document: >http://www.firenze.linux.it/~giannibi/fn_chroot_2.1.txt > >It's written in Italian and it describes the handling with >Freenet0.4 . IMHO it should also work for Freenet0.5. >(-> like https://freenet.homelinux.net/servlet/nodeinfo/ ) > >Marco: Do you know a newer version of this document? A newer version of this document (still in Italian) is on the freesite of Winston Smith Project; you find it on TFE or SSK at Dgg5lJQu-WO905TrlZ0LjQHXDdIPAgM/pws/8// in the Documenti section. WSP still search Italian -> English translators, the only page translated is the home. You can find a web mirror www.winstonsmith.info Installing a tunneled GW is easy - Install openssl & stunnel sw - create a certificate for the user that runs fred (fnet in this example) ----- CUT HERE ----- #!/bin/sh -e echo If you want your certificate to expire after x days call this program echo with "-days x" export RANDFILE=/dev/random openssl req $@ \ -new -x509 -nodes -out /etc/ssl/certs/fnet.pem \ -keyout /etc/ssl/certs/fnet.pem chown root.nogroup /etc/ssl/certs/fnet.pem chmod 640 /etc/ssl/certs/fnet.pem ----- CUT HERE ----- adjust paths to match your openssl installation, if necessary The document you refer use a more sophisticated approach using xinetd to launch stunnel on demand. You can simply run this as root, maybe adding is line at the end of rc.local /usr/local/sbin/stunnel -s fnrun -d 0.0.0.0:443 -r \ localhost:8888 -p /usr/lib/ssl/certs/stunnel.pem - you need to block the 8888 port via a firewall, or at least putting mainport.allowedHosts=127.0.0.1 in freenet.conf, to block it at the application level. Your SSL gateway can now be reached using https://host.domain.tld only if you use the 443 port; if not you need to specify the port https://host.domain.tld:portnumber HTH. Marco -- + il Progetto Freenet - segui il coniglio bianco + * the Freenet Project - follow the white rabbit * * Marco A. Calamari marcoc at dada.it www.marcoc.it * * PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 * + DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B + _______________________________________________ devl mailing list devl at freenetproject.org http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
