#!/bin/sh -e
cd /path/to/pastes
umask 027
- exec setuidgid paster tcpserver -DRH -l 0 ::0 2020 \
+ exec setuidgid paster tcpserver -DHR -l 0 ::0 2020 \
$GOPATH/bin/paster http://paster.example.com/ 2>&1
EOF
# cat > /var/service/.paster/log/run <<EOF
EOF
# certtool --generate-self-signed \
--load-privkey paster.example.com.key.pem \
- --template $tmpl --output paster.example.com.pem
- # cat paster.example.com.key.pem >> paster.example.com.pem
- # rm paster.example.com.key.pem $tmpl
- # chown paster:paster paster.example.com.pem
- # chmod 600 paster.example.com.pem
+ --template $tmpl --outfile paster.example.com.pem
+ # rm $tmpl
+ # chown paster:paster paster.example.com*.pem
+ # chmod 600 paster.example.com.key.pem
-prepare stunnel configuration:
+and choose from plenty of UCSPI-friendly TLS wrappers:
+http://www.fehcom.de/ipnet/ucspi-ssl.html, https://github.com/younix/ucspi
+or likely go.cypherpunks.ru/ucspi/cmd/tlss:
- # cat > stunnel.conf <<EOF
- foreground = yes
- syslog = no
- debug = 3
- cert = paster.example.com.pem
- exec = $GOPATH/bin/paster
- execArgs = $GOPATH/bin/paster http://paster.example.com/
- EOF
- # chown paster stunnel.conf
-
-and run "stunnel /path/to/stunnel.conf" in service/paster.
+ exec setuidgid paster tcpserver -DHR -l 0 ::0 2021 tlss \
+ -key paster.example.com.key.pem -cert paster.example.com.pem \
+ $GOPATH/bin/paster http://paster.example.com/ 2>&1