web analytics

APE over SSL using stunnel in cpanel server

Refer To APE installation in cpanel server here

1) In order for APE to work with stunnel, make sure that the stunnel version in the server should be less than 4.3. Centos and RHEL 5 will most probably have stunnel installed already. If not, install stunnel.

2) Now we need to create a conf for ape.
vi /etc/stunnel/ape.conf and add the following to it.


cert = /etc/stunnel/stunnel.pem
debug = 7
output = /etc/stunnel/stunnel.log
;disable delay DNS lookup for ‘connect’ option
delay = no
;no time to wait for close_notify!
TIMEOUTclose = 0
[ape]
accept = 1.2.3.4:443
connect = 1.2.3.4:80

Create a file for stunnel log.


# touch /etc/stunnel/stunnel.log

3) Now generate a CSR and key for *.ape.divya.com


# cd /etc/stunnel
# openssl req -nodes -newkey rsa:2048 -out csr.pem -keyout stunnel.pem

The above command will generate a CSR in csr.pem and key in stunnel.pem. Get the cert signed with this CSR.

4) Once the cert is signed, append the cert and ca bundle to stunnel.pem. (Add it one after the other down the line without spaces)

5) Now start stunnel as follows.


# cd /etc/stunnel/
# chmod 600 stunnel.pem
# stunnel ape.conf

6) Make sure stunnel is running
root@divz [/etc/stunnel]# ps aux | grep stunnel
root 19439 0.0 0.0 108224 2132 ? Ss 01:37 0:00 stunnel ape.conf

7) Now you can verify working of APE with SSL, by accessing any wildcard link as follows.
https://5.ape.divya.com

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>