![]() Imho, the way config files are being managed on the NAS in general is pretty crazy when you try to customize things, but I know I'm not the average user. It doesn't help that the /etc/init.d/stunnel.sh keeps overwriting the config file in pretty arcane ways. ![]() I tried to fix the integrated stunnel solution for hours, but nothing worked. If you could c/p your config file (as requested), that might illuminate things a bit more. Just tested my Qmanager app on Android with SSL as well, without problems! Hope some of you find this useful Pretty easy in hindsight! SSL all working, and no more logs flooding with "Re-launch process ". at_Startup An alternative would be to add the S68stunnel to your crontab, but I'm not sure that's a good solution. And for those of you whom are a bit more experienced, I'm pretty sure you already have a nifty autorun script installed. Luckily, changes aren't often made, so this should be a reasonable workaround. And in my case, my nf was mostly filled with mysql configurations! (Maybe something went horribly wrong with my config at some point, but if y'all have the same issue, QNAP really needs to clean up its act!) So what's next? To keep this somewhat short and simple, I'll just go through the all steps to set up SSL for web interface and web server: - Enable SSL in General Settings with the port you would like to use (must be different than the web server's, in this example I'm using 444) - Enable SSL in Web Server with the port you would like to use (must be different than the web interface's) - Paste and upload your certificate and key in Security -> SSL Secure Certificate & Private Key - Log in to your NAS with SSH or Telnet - Install stunnel through ipkg:Ĭode: Select all /opt/etc/init.d/S68stunnel And it should work! There's a catch tho! Any time you reboot your NAS, or alter something in the webinterface that is linked to stunnel (like General Settings -> System Administration, or the Web Server, and possibly many others!), it'll restart the integrated stunnel, and everything breaks down again until you run the stunnel from the ipkg. I'm not quite sure why, but there is a lot of crazy stuff going on in the /etc/init.d/stunnel.sh script, which doesn't match up with the nf. Sounds pretty awesome, but alas, it's not working properly. I didn't know it before, but it's quite nifty! It simply does some port forwarding (like in your router/modem) and adds a secure layer to it. To access the webinterface through SSL (secure connection), a little tool called 'stunnel' is being used. That way, it won't conflict with the webserver running on port 80. Ok, so what's going on in the background? The webinterface is running from /home/httpd, on port 8080. Requirements: some experience with *nix / SSH / vim, etc. But no worries, it is fixable, but not for the faint of heart. Also, this works for me so far, but your mileage may vary! First off: stunnel is broken, and by extension the SSL login/webinterface as well. ![]() So I spent my evening figuring out what the bleep is going wrong. I was hoping that upgrading to 3.8.2 might fix it, but alas. It started out with my logs flooding with the "Re-launch process " messages, so I turned off SSL login a long time ago to prevent this. Like some (or many?) of you, I've been having some problems with getting SSL to work properly on my NAS. However, I'm not removing the solution I wrote down below for educational purposes and whatnot. Please check out the config that shumaku has kindly c/p'ed here. EDIT: Turns out that the problem is simply a corrupted /etc/stunnel/nf so you should fix that.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |