Sounds pretty awesome, but alas, it's not working properly. I didn't know it before, but it's quite nifty! It simply does some port forwarding (like in your router/modem) and adds a secure layer to it. To access the webinterface through SSL (secure connection), a little tool called 'stunnel' is being used.
That way, it won't conflict with the webserver running on port 80. Ok, so what's going on in the background? The webinterface is running from /home/httpd, on port 8080. Requirements: some experience with *nix / SSH / vim, etc. But no worries, it is fixable, but not for the faint of heart. Also, this works for me so far, but your mileage may vary! First off: stunnel is broken, and by extension the SSL login/webinterface as well. So I spent my evening figuring out what the bleep is going wrong. I was hoping that upgrading to 3.8.2 might fix it, but alas. It started out with my logs flooding with the "Re-launch process " messages, so I turned off SSL login a long time ago to prevent this. Like some (or many?) of you, I've been having some problems with getting SSL to work properly on my NAS. However, I'm not removing the solution I wrote down below for educational purposes and whatnot. Please check out the config that shumaku has kindly c/p'ed here. The application communication is thus secured, without having to modify the application or end user workflows.EDIT: Turns out that the problem is simply a corrupted /etc/stunnel/nf so you should fix that. The server then connects to the actual application server - usually on the same machine or in the same data center as the SSH server. The SSH client then forwards the application over its encrypted tunnel to the server. With tunneling enabled, the application contacts to a port on the local host that the SSH client listens on.
The SSH connection is used by the application to connect to the application server. SSH tunneling enables adding network security to legacy applications that do not natively support encryption. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while it is in transit. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. SSH is a standard for secure remote logins and file transfers over untrusted networks. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls. It can be used to add encryption to legacy applications. SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection.
0 kommentar(er)
