diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-02-25 18:05:00 +0100 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-02-25 18:05:00 +0100 |
commit | a50ffe62c340f5384828a49a18eefc56c3227790 (patch) | |
tree | 3ae98eb2fe53967ef98f838732e448a33efcc875 /docs | |
parent | df71e42ec9337020874486ac9ad94e931781a1be (diff) |
[docs] document how to setup stunnel
Diffstat (limited to 'docs')
-rw-r--r-- | docs/examples/sip-client.conf-sample | 4 | ||||
-rw-r--r-- | docs/examples/stunnel.conf-server-sample | 6 | ||||
-rw-r--r-- | docs/sip-howto.md | 41 |
3 files changed, 51 insertions, 0 deletions
diff --git a/docs/examples/sip-client.conf-sample b/docs/examples/sip-client.conf-sample new file mode 100644 index 0000000..75d45fd --- /dev/null +++ b/docs/examples/sip-client.conf-sample @@ -0,0 +1,4 @@ +[sip2] +accept = localhost:6001 +connect = koha.example.org:6443 +client = yes diff --git a/docs/examples/stunnel.conf-server-sample b/docs/examples/stunnel.conf-server-sample new file mode 100644 index 0000000..71fd8cd --- /dev/null +++ b/docs/examples/stunnel.conf-server-sample @@ -0,0 +1,6 @@ +[sip2] + +accept = 6443 +connect = 6001 +cert = /etc/stunnel/ssl/sip2-cert.pem +key = /etc/stunnel/ssl/sip2-key.pem diff --git a/docs/sip-howto.md b/docs/sip-howto.md new file mode 100644 index 0000000..4022e2d --- /dev/null +++ b/docs/sip-howto.md @@ -0,0 +1,41 @@ +SIP2 authentication howto +========================= + +stunnel configuration +--------------------- + +SIP2 has no encryption built-in. To encrypt traffic, we install stunnel both on +the server (the one with the koha instance) and the client (the vpnweb node): + + sudo apt-get install stunnel4 + +Set value to ENABLED in the config file: + + /etc/default/stunnel4 + +Configure the server, see `docs/examples/stunnel.conf-server-sample`: + + [sip2] + accept = 6443 + connect = 6001 + cert = /etc/stunnel/ssl/sip2-cert.pem + key = /etc/stunnel/ssl/sip2-key.pem + +You will need to generate a certificate pair for this service. For a throwaway test deployment, +you can look in the `test/simple-ca` folder. + +Now configure the client side (the box where the vpnweb instance is running). Create /etc/stunnel/sip.conf: + + [sip2] + accept = localhost:6001 + connect = koha.example.org:6443 + client = yes + +Now you can start the service: + + sudo /etc/init.d/stunnel4 start + +And configure vpnweb to connect to the local port: + + export VPNWEB_SIP_HOST=localhost + export VPNWEB_SIP_PORT=6001 |