Hi,
On Sat, Aug 15, 2020 at 12:21:24AM -0400, Ralph M wrote:
I think direct SSL wrapping is what I need, thanks.
Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon.
That's easy: I use stunnel (Debian package "stunnel4") for that. Also gives you instant IPv6 reachability for the Xymond.
Server setup (relevant snippet from my /etc/stunnel/stunnel.conf):
[bbs6] accept = :::1983 connect = 1984
Since it's encrypted and has better privacy, I use port 1983 for that with the mnemonic "before 1984". :-)
Client (relevant snippets from my /etc/stunnel/stunnel.conf and /etc/default/xymon-client):
[bbs] accept = 127.0.0.1:1984 connect = <your-xymon-server>:1983 client = yes
and
XYMONSERVERS="127.0.0.1"
The client snippets are from a host which has no IPv4 connectivity (besides localhost).
Kind regards, Axel-- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe at noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/