blob: ae27c14923418ea039ebf65a87a42a570d7866d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
SIP2 authentication howto
=========================
stunnel configuration
---------------------
SIP2 has no encryption built-in. To encrypt traffic, we install stunnel both on
the server (the one with the koha instance) and the client (the vpnweb node):
```
sudo apt-get install stunnel4
```
Set value to ENABLED in the config file:
```
/etc/default/stunnel4
```
Configure the server, see `docs/examples/stunnel.conf-server-sample`:
```
[sip2]
accept = 6443
connect = 6001
cert = /etc/stunnel/ssl/sip2-cert.pem
key = /etc/stunnel/ssl/sip2-key.pem
```
You will need to generate a certificate pair for this service. For a throwaway test deployment,
you can look in the `test/simple-ca` folder.
Now configure the client side (the box where the vpnweb instance is running). Create /etc/stunnel/sip.conf:
```
[sip2]
accept = localhost:6001
connect = koha.example.org:6443
client = yes
```
Now you can start the service:
```
sudo /etc/init.d/stunnel4 start
```
And configure vpnweb to connect to the local port:
```
export VPNWEB_SIP_HOST=localhost
export VPNWEB_SIP_PORT=6001
```
|
