Edgewall Software

Changes between Version 12 and Version 13 of STunnelTracd


Ignore:
Timestamp:
Mar 10, 2008, 1:47:25 PM (14 years ago)
Author:
dirkx@…
Comment:

tighen up security a bit.

Legend:

Unmodified
Added
Removed
Modified
  • STunnelTracd

    v12 v13  
    1919[tracd]
    2020accept  = 8993
    21 connect = 8992
     21connect = localhost:8992
    2222}}}
    2323
     
    4747{{{
    4848# /usr/sbin/stunnel /etc/stunnel/stunnel-tracd.conf
    49 # tracd -d --port 8992 --auth [your auth options here] [trac_env_directory]
     49# tracd -d --hostname=localhost --port 8992 --auth [your auth options here] [trac_env_directory]
    5050}}}
    5151
    52 Now trac will be accessible at https://url:8993/trac -- the requests will be forwarded internally to port 8992, which tracd is listening on. If you self-signed your certificate your browser will ask you to confirm it.
     52Now trac will be accessible at https://url:8993/trac -- the requests will be forwarded internally to port 8992 on localhost, which tracd is listening on. If you self-signed your certificate your browser will ask you to confirm it.
    5353
    54 This does not prevent people from accessing tracd at the original port over http! To do so using this method you need to block the 8992 port from outside access using iptables or a firewall.
     54Note that the use of 'localhost' is crucial - it prevents people from the outside to bypass your SSL restriction and stops them from conecting to port 8992 directly.
    5555
    56 
    57