THTTPD下网站托管的SSL连接
THTTPD下网站托管的SSL连接
提问于 2014-02-11 03:17:36
全,
我有一个网站,可以通过HTTP访问好端口86。现在需要添加SSL来保护连接。本网站使用的是thttpd web服务器,是的,它没有SSL支持。那时我通过谷歌搜索了很多东西。建议是通过Stunnel向thttpd添加SSL。
更新:
这是我的stunnel.conf
; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2013
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **************************************************************************
; * Global options *
; **************************************************************************
; A copy of some devices and system files is needed within the chroot jail
; Chroot conflicts with configuration file reload and many other features
chroot = /usr/local/var/lib/stunnel/
; Chroot jail can be escaped if setuid option is not used
setuid = nobody
setgid = nogroup
fips = no
; PID is created inside the chroot jail
pid = /stunnel.pid
; Debugging stuff (may useful for troubleshooting)
;debug = 7
;output = stunnel.log
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
; Certificate/key is needed in server mode and optional in client mode
cert = /usr/local/etc/stunnel/stunnel.pem
;key = /usr/local/etc/stunnel/mail.pem
; Authentication stuff needs to be configured to prevent MITM attacks
; It is not enabled by default!
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /usr/local/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively CRLfile can be used
;CRLfile = /usr/local/etc/stunnel/crls.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **************************************************************************
; * Service definitions (remove all services for inetd mode) *
; **************************************************************************
; Example SSL server mode services
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
; Example SSL client mode services
;[gmail-pop3]
;client = yes
;accept = 127.0.0.1:110
;connect = pop.gmail.com:995
;[gmail-imap]
;client = yes
;accept = 127.0.0.1:143
;connect = imap.gmail.com:993
;[gmail-smtp]
;client = yes
;accept = 127.0.0.1:25
;connect = smtp.gmail.com:465
; Example SSL front-end to a web server
[https]
accept = 443
connect = 86
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
; Microsoft implementations do not use SSL close-notify alert and thus
; they are vulnerable to truncation attacks
;TIMEOUTclose = 0
; vim:ft=dosini 这是我得到的结果:
linux-1ryy:/usr/local/etc/stunnel # /usr/local/bin/stunnel
Clients allowed=500
stunnel 4.56 on i686-pc-linux-gnu platform
Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
FIPS mode is disabled
Compression not enabled
Snagged 64 random bytes from /root/.rnd
Wrote 1024 new random bytes to /root/.rnd
PRNG seeded successfully
Initializing service [https]
Certificate: /usr/local/etc/stunnel/stunnel.pem
Certificate loaded
Key file: /usr/local/etc/stunnel/stunnel.pem
Private key loaded
Using DH parameters from /usr/local/etc/stunnel/stunnel.pem
DH initialized with 1024-bit key
ECDH initialized with curve prime256v1
SSL options set: 0x01000004
Configuration successful
Error binding service [https] to 0.0.0.0:443
bind: Address already in use (98)
Closing service [https]
Service [https] closed (FD=7)
Sessions cached before flush: 0
Sessions cached after flush: 0
Service [https] closed
str_stats: 10 block(s), 883 data byte(s), 420 control byte(s)以下是运行/usr/local/bin/stunnel之前的端口侦听信息
linux-1ryy:/usr/local/etc/stunnel # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5484/mysqld
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 336/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1558/sshd
tcp 0 0 :::86 :::* LISTEN 5536/thttpd
tcp 0 0 :::22 :::* LISTEN 1558/sshd下面是运行后的端口侦听信息:
linux-1ryy:/usr/local/etc/stunnel # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5484/mysqld
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 336/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1558/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 23145/stunnel
tcp 0 0 :::86 :::* LISTEN 5536/thttpd
tcp 0 0 :::22 :::* LISTEN 1558/sshd我现在不知道出了什么问题。如有任何建议,将不胜感激。
添加:
如果关闭防火墙,我可以通过https://<my-ip-address>访问成功。但是,我仍然收到以下错误消息:
Error binding service [https] to 0.0.0.0:443
bind: Address already in use (98)不知道为什么..。
回答 1
Stack Overflow用户
发布于 2014-02-11 06:31:30
从netstat可以看出,端口443 (pid=10833)上已经有一个阻止进程(pid=11191端口8443上也有另一个进程),这就是为什么在端口443上启动另一个阻止进程的原因。
Error binding service [https] to 0.0.0.0:443
bind: Address already in use (98)页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/21692357
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号