Connexions remotes segures

Per tenir connexions segures (NET-RPC, eTiny, WebDAV secure). Si tenim compressió també poden ser més ràpides.

Extret de http://openerp.com/wiki/index.php/InstallationManual/WebClientInstallLinux

Altres fonts: http://openobject.com/wiki/index.php/Manual_Installation:Installation_Manual/WebClientHTTPS

$ sudo apt-get install stunnel4

Revisar si en l'arranc del servidor el stunnel està operatiu:

Modify your init.d start scripts to start stunnel in runlevel 3 and 5 (afegir als directoris /etc/rc3.d i /etc/rc5.d el link S20stunnel4 -> ../init.d/stunnel4 o executar la comanda sudo update-rc.d -f stunnel4 start 20 3 5)

1. Editar el fitxer /etc/default/stunnel4:

   $ sudo vi /etc/default/stunnel4
   

2. Canviar ENABLED=0 per ENABLED=1

1. Generem el certificat sense validesa. Aquests certificats expiraran després de 365 dies!!!

$ openssl genrsa 1024 > server.pkey
$ openssl req -new -x509 -days 365 -key server.pkey -out server.cert
$ chmod 600 server.pkey
$ chmod 600 server.cert
$ sudo chown root:root server.*
$ sudo mv server.pkey /etc/stunnel
$ sudo mv server.cert /etc/stunnel

Afegim a la configuració de stunnel:

sudo vi /etc/stunnel/stunnel.conf

;cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem
cert = /etc/stunnel/server.cert
key = /etc/stunnel/server.pkey

[https]
accept  = 443
connect = 8080
;TIMEOUTclose = 0

sudo /etc/init.d/stunnel4 restart

El fitxer de configuració del client web podem deixar aquesta configuració

server.socket_host = "127.0.0.1"
server.socket_port = 8070

tools.proxy.on = True
tools.proxy.base = 'https://demo.zzsaas.com'

This is an alternative and fast solution for those who do not want or need to hide Tiny behind apache.

Works with ssh on linux or putty on windows.

Create a compressed tunnel to your server. Obviously you need an account on the server, which is not necessary for the “apache” solution.

ssh -CX username@server -L 8069:localhost:8069 -L 8070:localhost:8070 -L 8089:localhost:8089

localhost has to be replaced eventually by the server which runs eTiny if different from the login server. I choose 8089, because another service is running on 8080. It is defined in eTiny dev.cfg:

server.socket_port=8089
server.socket_host="server-ip or address"

Connect with your browser to

• http://localhost:8089
• or with the GTK-client to either 8069 or 8070

and enjoy save and fast browsing.

Compressing the http connection improves the performance for internet connections (band width usage) dramatically.

XML-RPC segur però no comprimit (Nota, a jesteve no li va funcionar. Però la solució amb stunnel ja li agrada)

sudo apt-get install python-pyopenssl
cd <to_the_directory_where_tinyerp-server.py_is_located>
openssl genrsa > server.pkey
openssl req -new -x509 -key server.pkey -out server.cert
chmod 600 server.pkey
chmod 600 server.cert