Subj : 21:1/100
To   : Avon
From : Oli
Date : Thu Oct 14 2021 11:41 am

Avon wrote (2021-10-14):

 A> On 14 Oct 2021 at 10:00a, Oli pondered and said...

 Ol>> it's emojiish for exciting / very good / time to celebrate / party
 Ol>> on

 A> thanks sir.. indeed!

 A> now to try and get the secure stuff working on 24553 .. not yet sure how
 A> ;-)

# apt-get install nginx

then add the following to /etc/nginx.conf

stream {
  server {
    listen 24553 ssl;
    listen [::]:24553 ssl;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_certificate     /srv/certs/fidonet-rsa.key;
    ssl_certificate_key /srv/certs/fidonet-rsa.crt;
    ssl_certificate     /srv/certs/fidonet-ed25519.key;
    ssl_certificate_key /srv/certs/fidonet-ed25519.crt;
    proxy_pass 127.0.0.1:24554;
  }
}

You also need to create a cert (can be self-signed). Of course you can put the certs in any path you like.

ecdsa cert:
$ openssl genpkey -algorithm ed25519 > fidonet-ed25519.key
$ openssl req -new -x509 -nodes -days 1200 -key fidonet-ed25519.key -out fidonet-ed25519.crt -text -subj "/CN=localhost"

rsa cert:
openssl req -new -newkey rsa -days 1200 -nodes -x509 -keyout fidonet-rsa.key -out fidonet-rsa.crt -text -subj "/CN=localhost"

Alternatively use a letsencrypt cert.

restart nginx:

$ systemctl restart nginx

---
 * Origin: 1995| Invention of the Cookie. The End. (21:3/102)

.