Difference between revisions of "TLS Enable VISTA Service"

From VistApedia
Jump to: navigation, search
(Created page with "= TLS Enable a VISTA Service = If you want to know why, look elsewhere. == Create a inetd style program that works == Not covering that here. Here's my example: <pre> # cat ...")
 
(No difference)

Latest revision as of 16:52, 2 April 2013

TLS Enable a VISTA Service

If you want to know why, look elsewhere.

Create a inetd style program that works

Not covering that here. Here's my example:

# cat ~vista/bin/VPRJ.sh 
#!/bin/bash
cd "$(dirname "$0")"
source ./set_env
$gtm_dist/mumps -r GTMLNX^VPRJREQ

Install stunnel

For Ubuntu, that was apt-get install stunnel4

Create a self-signed certificate

cd /etc/stunnel
openssl req -new -x509 -days 11365 -nodes -out stunnel.pem -keyout stunnel.pem

Create xinetd service

On your favorite port. If it's a web server, you should use 443.

# cat /etc/xinetd.d/VPRJ-9281-TLS 
service VPRJ-9281-TLS
{
        port        = 9281
        socket_type = stream
        protocol    = tcp
        type        = UNLISTED
        user        = vista
        groups      = yes
        server      = /usr/bin/stunnel
        server_args = -p /etc/stunnel/stunnel.pem -l /home/vista/bin/VPRJ.sh
        env         = USER=vista
        env        += HOME=/home/vista
        wait        = no
        disable     = no
        per_source  = UNLIMITED
        instances   = UNLIMITED
}

Testing

I mostly use curl for testing HTTP services. Tell curl to ignore certificate validation by the -k flag.

# curl -ki https://localhost:9281/ping
HTTP/1.1 200 OK
Date: Tue, 02 Apr 2013 16:52:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 20

{"status":"running"}