Subj : Re: fTelnet
To : tassiebob
From : Shurato
Date : Fri Oct 18 2024 10:22 am
ta> Sh> websockify --cert=c:\apache24\conf\bundle.pem 192.168.0.4:8080
ta> Sh> 192.168.0.3:24
ta> Sh> Again, point ftelnet to the hostname and socket port number, and
ta> don't
ta> Sh> supply proxy information.
ta> Thanks for the pointer - I have this working, but still have a couple of
ta> things to try and solve...
ta> * websockify needs to access the private key for the certificate, but that
ta> by default requires root to access the file. Obviously I don't want to
ta> run websockify as root :-) I suspect I'll have to drop in a hook in
ta> certbot to either copy it somewhere websockify can access, or set the
ta> permissions so a group websockify is in has read access. The former is
ta> probably safer, in case something else checks the file mode and bails if
ta> it's too open.
My bundle.pem file includes all certificates and the private key... You can
use a --key=<pathtoprivatekeyfile> as well. You can put it somewhere you
have access to (I'm in Windows so I don't have file permission issues, plus
my solution is easy and doesn't seem to have any downfalls).
ta> * If I read the documentation correctly, websockify won't notice when the
ta> certificate is updated, so the certbot hook will probably have to restart
ta> wensockify as well, which will break existing sessions. Probably not too
ta> much of an issue - not like we're being buried with BBS users these days
ta> :-(
I think that's correct. I use a yearly renewing cert, so again I don't have
that problem.
ta> Thanks again for the pointer!
No problem!
--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').
*** THE READER V4.50 [freeware]
---
* Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)
