====== Using HTTPS for Pichat with stunnel ======

  * Download stunnel from http://www.stunnel.org/download/
  * install/copy stunnel to a path like \\ in Windows: %ProgramFiles%\stunnel \\ or in Linux /usr/sbin/stunnel and /etc/stunnel/
  * create or modify the stunnel.conf like in the Example below
  * now you can test your first settings

====== Testing ======

  * start pichat.exe with webserver on port 80 (this are the default settings)
  * start stunnel.exe (open stunnle logfile by right click on the stunnle icon in the taskbar)
  * open a browser (like Firefox) an surf to https://localhost/
  * have a look to the stunnel log for more informations  

====== After testing ======

Create a new (stunnel.pem) or an own (own.pem) certificate (e.g. using XCA from http://xca.hohnstaedt.de/ ) \\
If you are using an own certificate, pls do not forgett to modify the conf-file.

if it works now, you may install stunnel as a service by using the following commands:

  * stunnel -install
  * stunnel -start  

====== SYNOPSIS ======

===== Unix: =====

stunnel [<filename>] | -fd n | -help | -version | -sockets

===== WIN32: ===== 

stunnel [ [-install | -uninstall | -start | -stop] [-quiet] [<filename>] ] | -help | -version | -sockets


===== Stunnel-4.x Man Page =====
For more infos have a look to 
http://www.stunnel.org/faq/stunnel.html

===== Example stunnel.conf ===== 
<code>
; Sample stunnel configuration file for HTTPS by Mark Wolfgruber
; based on the Sample of Michal Trojnara 

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Service-level configuration

[https]
accept  = 443
connect = 80
TIMEOUTclose = 0
</code>

====== Install stunnel ====== 
===== Linux installation =====

install stunnel with your packetmanager (e.g. ''apt-get stunnel'' or from http://mirror.centos.org/centos/5.2/os/i386/CentOS/stunnel-4.15-2.i386.rpm)

or

  - Download the latest source tarball (stunnel-4.25.tar.gz as of 2008-07-22) from http://www.stunnel.org/download/source.html to /tmp.
  - cd /tmp
  - gzip -dc stunnel-#.##.tar.gz | tar -xvf -
  - cd /stunnel-#.##
  - ./configure
  - make
  - make install

create a certification file (recommended) or download on from anywhere

  wget --proxy=off --output-document=/etc/stunnel/stunnel.pem http://www.stunnel.org/download/stunnel/win32/stunnel.pem

create the /etc/stunnel/stunnel.conf 

  touch /etc/stunnel/stunnel.conf

and edit it with an Text editor like above in the **Example stunnel.conf** (e.g. using **vi** :-) )

  vi /etc/stunnel/stunnel.conf

using inside the stunnel.conf

  * cert = /etc/stunnel/stunnel.pem
  * output = /etc/stunnel/stunnel.log


start stunnel

  /usr/sbin/stunnel

more examples at http://www.stunnel.org/examples/ \\
to see how to run Stunnel daemon in an own root => http://www.stunnel.org/examples/chroot.html


<note important>Do not forgett to make the stunnel permanent after rebooting using a rc-script</note>


==== Edit the start script ====

create the init-script

  touch /etc/init.d/stunnel
  chmod 755 /etc/init.d/stunnel

and edit it with an Text editor (e.g. using **vi** :-) )

  vi /etc/init.d/stunnel

<box 90% blue | /etc/init.d/stunnel>

<code bash>

#!/bin/sh
# /etc/init.d/stunnel
#
# init-Script stunnel to start/stop/restart stunnel or show the running state
# please have a look to http://pichat-wiki.de
#
# Version 0.1.0 2010-03-04 Mark Wolfgruber
# modified from http://www.stunnel.org/examples/chroot.html
#
# processname: stunnel
#

case "$1" in
  start)
        echo -n "Starting stunnel services..."
        stunnel
        echo " done"
        ;;
  stop)
        echo -n "Stopping stunnel services..."
        pkill stunnel
        echo " done"
        ;;
  status)
        status stunnel
        ;;
  restart)
        /etc/init.d/stunnel stop
        /etc/init.d/stunnel start
        ;;
  *)
        echo "Usage: stunnel {start|stop|status|restart}"
        exit 1
esac

exit 0

</code>

</box>

==== create a logical link for the default Runlevels ====

  ln -fs /etc/init.d/stunnel /etc/rc0.d/K92stunnel 
  # runlevel 1 only singeluser
  ln -fs /etc/init.d/stunnel /etc/rc2.d/S92stunnel 
  ln -fs /etc/init.d/stunnel /etc/rc3.d/S92stunnel 
  # runlevel 4 normally not defined
  ln -fs /etc/init.d/stunnel /etc/rc5.d/S92stunnel 
  ln -fs /etc/init.d/stunnel /etc/rc6.d/K92stunnel 

  * verify

  runlevel
  ls -l /etc/rc2.d 

or 

  runlevel
  ls -l /etc/rc.d/rc2.d | grep stunnel 

=>  S91stunnel  -> /etc/init.d/stunnel