Suggest go.cypherpunks.ru/ucspi/cmd/tlss

diff --git a/INSTALL b/INSTALL
index 348d99c35760d79f6f8045d40fd0c24d31e4a369..53172209417ae4a5629a4eaadfcff492083ac367 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -18,7 +18,7 @@ Create daemontools+ucspi-tcp service:
     #!/bin/sh -e
     cd /path/to/pastes
     umask 027
-    exec setuidgid paster tcpserver -DRH -l 0 ::0 2020 \
+    exec setuidgid paster tcpserver -DHR -l 0 ::0 2020 \
         $GOPATH/bin/paster http://paster.example.com/ 2>&1
     EOF
     # cat > /var/service/.paster/log/run <<EOF
@@ -44,21 +44,14 @@ Optionally prepare X.509 certificate for TLS enabled service:
     # certtool --generate-self-signed \
         --load-privkey paster.example.com.key.pem \
         --template $tmpl --outfile paster.example.com.pem
-    # cat paster.example.com.key.pem >> paster.example.com.pem
-    # rm paster.example.com.key.pem $tmpl
-    # chown paster:paster paster.example.com.pem
-    # chmod 600 paster.example.com.pem
+    # rm $tmpl
+    # chown paster:paster paster.example.com*.pem
+    # chmod 600 paster.example.com.key.pem
 
-prepare stunnel configuration:
+and choose from plenty of UCSPI-friendly TLS wrappers:
+http://www.fehcom.de/ipnet/ucspi-ssl.html, https://github.com/younix/ucspi
+or likely go.cypherpunks.ru/ucspi/cmd/tlss:
 
-    # cat > stunnel.conf <<EOF
-    foreground = yes
-    syslog = no
-    debug = 3
-    cert = paster.example.com.pem
-    exec = $GOPATH/bin/paster
-    execArgs = $GOPATH/bin/paster http://paster.example.com/
-    EOF
-    # chown paster stunnel.conf
-
-and run "stunnel /path/to/stunnel.conf" in service/paster.
+    exec setuidgid paster tcpserver -DHR -l 0 ::0 2021 tlss \
+        -key paster.example.com.key.pem -cert paster.example.com.pem \
+        $GOPATH/bin/paster http://paster.example.com/ 2>&1