TLS Enable VISTA Service

From VistApedia
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

TLS Enable a VISTA Service

If you want to know why, look elsewhere.

Create a inetd style program that works

Not covering that here. Here's my example:

# cat ~vista/bin/VPRJ.sh 
#!/bin/bash
cd "$(dirname "$0")"
source ./set_env
$gtm_dist/mumps -r GTMLNX^VPRJREQ

Install stunnel

For Ubuntu, that was apt-get install stunnel4

Create a self-signed certificate

cd /etc/stunnel
openssl req -new -x509 -days 11365 -nodes -out stunnel.pem -keyout stunnel.pem

Create xinetd service

On your favorite port. If it's a web server, you should use 443.

# cat /etc/xinetd.d/VPRJ-9281-TLS 
service VPRJ-9281-TLS
{
        port        = 9281
        socket_type = stream
        protocol    = tcp
        type        = UNLISTED
        user        = vista
        groups      = yes
        server      = /usr/bin/stunnel
        server_args = -p /etc/stunnel/stunnel.pem -l /home/vista/bin/VPRJ.sh
        env         = USER=vista
        env        += HOME=/home/vista
        wait        = no
        disable     = no
        per_source  = UNLIMITED
        instances   = UNLIMITED
}

Testing

I mostly use curl for testing HTTP services. Tell curl to ignore certificate validation by the -k flag.

# curl -ki https://localhost:9281/ping
HTTP/1.1 200 OK
Date: Tue, 02 Apr 2013 16:52:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 20

{"status":"running"}