Changes between Version 12 and Version 13 of STunnelTracd

Timestamp:

Mar 10, 2008, 1:47:25 PM (16 years ago)

Author:

dirkx@…

Comment:

tighen up security a bit.

STunnelTracd

@@ -19 +19 @@
 [tracd]
 accept  = 8993
-connect = 8992
+connect = localhost:8992
 }}}
 
@@ -47 +47 @@
 {{{
 # /usr/sbin/stunnel /etc/stunnel/stunnel-tracd.conf
-# tracd -d --port 8992 --auth [your auth options here] [trac_env_directory]
+# tracd -d --hostname=localhost --port 8992 --auth [your auth options here] [trac_env_directory]
 }}}
 
-Now trac will be accessible at https://url:8993/trac -- the requests will be forwarded internally to port 8992, which tracd is listening on. If you self-signed your certificate your browser will ask you to confirm it. 
+Now trac will be accessible at https://url:8993/trac -- the requests will be forwarded internally to port 8992 on localhost, which tracd is listening on. If you self-signed your certificate your browser will ask you to confirm it. 
 
-This does not prevent people from accessing tracd at the original port over http! To do so using this method you need to block the 8992 port from outside access using iptables or a firewall. 
+Note that the use of 'localhost' is crucial - it prevents people from the outside to bypass your SSL restriction and stops them from conecting to port 8992 directly.
 
-
-