Subj : Re: 21:1/100
To   : Oli
From : Avon
Date : Fri Oct 15 2021 07:24 pm


On 14 Oct 2021 at 11:41a, Oli pondered and said...

Ol>  A> now to try and get the secure stuff working on 24553 .. not yet sure h
Ol>  A> ;-)
Ol>
Ol> # apt-get install nginx

done this bit.

Ol> then add the following to /etc/nginx.conf
Ol>
Ol> stream {
Ol>   server {
Ol>     listen 24553 ssl;
Ol>     listen [::]:24553 ssl;
Ol>     ssl_protocols TLSv1.2 TLSv1.3;
Ol>     ssl_certificate     /srv/certs/fidonet-rsa.key;
Ol>     ssl_certificate_key /srv/certs/fidonet-rsa.crt;
Ol>     ssl_certificate     /srv/certs/fidonet-ed25519.key;
Ol>     ssl_certificate_key /srv/certs/fidonet-ed25519.crt;
Ol>     proxy_pass 127.0.0.1:24554;
Ol>   }
Ol> }

OK done, but commented out for now while I sort the certs.

Question, what is /srv dir for? This sort of stuff?

Ol> You also need to create a cert (can be self-signed). Of course you can
Ol> put the certs in any path you like.

OK, so not /srv necessarily?

Ol> ecdsa cert:
Ol> $ openssl genpkey -algorithm ed25519 > fidonet-ed25519.key
Ol> $ openssl req -new -x509 -nodes -days 1200 -key fidonet-ed25519.key -out
Ol> fidonet-ed25519.crt -text -subj "/CN=localhost"
Ol>
Ol> rsa cert:
Ol> openssl req -new -newkey rsa -days 1200 -nodes -x509 -keyout
Ol> fidonet-rsa.key -out fidonet-rsa.crt -text -subj "/CN=localhost"

I know little about this (yet) but am I correct to assume a Lets Encrypt cert would be better / more well known? Not sure I am stating this correctly.

Why for the self signed stuff 1200 days? If I created self signed stuff how could anyone trust it compared to something like Lets Encrypt that is third party?

Ol> Alternatively use a letsencrypt cert.

Something I'm thinking (will wait until I hear from you) may be the better way to go? Also something I have not ever done but would like to learn how etc. :)

Ol> restart nginx:
Ol>
Ol> $ systemctl restart nginx
Ol>

OK will hold off that until I sort the certs.

Will I also need to have something configured in BinkD to talk to nginx?

I'd better read the nginx man.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.