Subj : Re: fTelnet To : tassiebob From : Shurato Date : Fri Oct 18 2024 10:22 am ta> Sh> websockify --cert=c:\apache24\conf\bundle.pem 192.168.0.4:8080 ta> Sh> 192.168.0.3:24 ta> Sh> Again, point ftelnet to the hostname and socket port number, and ta> don't ta> Sh> supply proxy information. ta> Thanks for the pointer - I have this working, but still have a couple of ta> things to try and solve... ta> * websockify needs to access the private key for the certificate, but that ta> by default requires root to access the file. Obviously I don't want to ta> run websockify as root :-) I suspect I'll have to drop in a hook in ta> certbot to either copy it somewhere websockify can access, or set the ta> permissions so a group websockify is in has read access. The former is ta> probably safer, in case something else checks the file mode and bails if ta> it's too open. My bundle.pem file includes all certificates and the private key... You can use a --key= as well. You can put it somewhere you have access to (I'm in Windows so I don't have file permission issues, plus my solution is easy and doesn't seem to have any downfalls). ta> * If I read the documentation correctly, websockify won't notice when the ta> certificate is updated, so the certbot hook will probably have to restart ta> wensockify as well, which will break existing sessions. Probably not too ta> much of an issue - not like we're being buried with BBS users these days ta> :-( I think that's correct. I use a yearly renewing cert, so again I don't have that problem. ta> Thanks again for the pointer! No problem! -- Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp, ,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs'). *** THE READER V4.50 [freeware] --- * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148) .