Per tenir connexions segures (NET-RPC, eTiny, WebDAV secure). Si tenim compressió també poden ser més ràpides.
$ sudo apt-get install stunnel4
$ sudo vi /etc/default/stunnel4
Aquests certificats expiraran després de 365 dies !!!
$ cd $ openssl genrsa 1024 > server.pkey $ openssl req -new -x509 -days 365 -key server.pkey -out server.cert $ chmod 600 server.pkey $ chmod 600 server.cert $ sudo chown root:root server.* $ sudo mv server.pkey /etc/stunnel $ sudo mv server.cert /etc/stunnel
Be careful using free ports: 8080 (http-alternate) is very often used by other applications and 443 by apache web server.
For eTiny the port is defined in <path_etiny>/dev.cfg or <path_etiny>/tinyerp/config/prod.cfg and defaults to 8080.
For security reasons eTiny should only listen on localhost (o tancar el port 8080 en el firewall)
Afegir a <path_etiny>/tinyerp/config/prod.cfg (crec que no fa falta):
base_url_filter.on = True base_url_filter.base_url = "https://yourdomain.com"
sudo vi /etc/stunnel/stunnel.conf
i afegir:
cert = /etc/stunnel/server.cert key = /etc/stunnel/server.pkey compression = rle [eTiny] ;accept = 8079 (per si el port 443 habitula de https estigues ocupat) accept = 443 connect = 8080 [TinyNetRPC] accept = 8071 connect = 8070
sudo /etc/init.d/stunnel4 start
Modify your init.d start scripts to start stunnel in runlevel 3 and 5 (afegir als directoris /etc/rc3.d i /etc/rc5.d el link S20stunnel4 → ../init.d/stunnel4 o executar la comanda sudo update-rc.d -f stunnel4 start 20 3 5)
This is an alternative and fast solution for those who do not want or need to hide Tiny behind apache.
Works with ssh on linux or putty on windows.
Create a compressed tunnel to your server. Obviously you need an account on the server, which is not necessary for the “apache” solution.
ssh -CX username@server -L 8069:localhost:8069 -L 8070:localhost:8070 -L 8089:localhost:8089
localhost has to be replaced eventually by the server which runs eTiny if different from the login server. I choose 8089, because another service is running on 8080. It is defined in eTiny dev.cfg:
server.socket_port=8089 server.socket_host="server-ip or address"
Connect with your browser to
and enjoy save and fast browsing.
Compressing the http connection improves the performance for internet connections (band width usage) dramatically.
XML-RPC segur però no comprimit (Nota, a jesteve no li va funcionar. Però la solució amb stunnel ja li agrada)
sudo apt-get install python-pyopenssl cd <to_the_directory_where_tinyerp-server.py_is_located> openssl genrsa > server.pkey openssl req -new -x509 -key server.pkey -out server.cert chmod 600 server.pkey chmod 600 server.cert