Hi,
On Sat, Aug 15, 2020 at 12:21:24AM -0400, Ralph M wrote:
I think direct SSL wrapping is what I need, thanks.
Would it be unreasonable to suggest that the SSL setup, decryption, etc be
offloaded to a standalone program that then delivers the message to the
core daemon in the same manner as cgimsg? I'd like to get Apache out of
the loop, and just have an SSL-enabled message receiver funneling status
messages to the core daemon.
That's easy: I use stunnel (Debian package "stunnel4") for that. Also
gives you instant IPv6 reachability for the Xymond.
Server setup (relevant snippet from my /etc/stunnel/stunnel.conf):
[bbs6]
accept = :::1983
connect = 1984
Since it's encrypted and has better privacy, I use port 1983 for that
with the mnemonic "before 1984". :-)
Client (relevant snippets from my /etc/stunnel/stunnel.conf and
/etc/default/xymon-client):
[bbs]
accept = 127.0.0.1:1984
connect = <your-xymon-server>:1983
client = yes
and
XYMONSERVERS="127.0.0.1"
The client snippets are from a host which has no IPv4 connectivity
(besides localhost).
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: user-0064bde8d49d@xymon.invalid X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/