Subj : Re: 21:1/100 To : Oli From : Avon Date : Fri Oct 15 2021 07:24 pm On 14 Oct 2021 at 11:41a, Oli pondered and said... Ol> A> now to try and get the secure stuff working on 24553 .. not yet sure h Ol> A> ;-) Ol> Ol> # apt-get install nginx done this bit. Ol> then add the following to /etc/nginx.conf Ol> Ol> stream { Ol> server { Ol> listen 24553 ssl; Ol> listen [::]:24553 ssl; Ol> ssl_protocols TLSv1.2 TLSv1.3; Ol> ssl_certificate /srv/certs/fidonet-rsa.key; Ol> ssl_certificate_key /srv/certs/fidonet-rsa.crt; Ol> ssl_certificate /srv/certs/fidonet-ed25519.key; Ol> ssl_certificate_key /srv/certs/fidonet-ed25519.crt; Ol> proxy_pass 127.0.0.1:24554; Ol> } Ol> } OK done, but commented out for now while I sort the certs. Question, what is /srv dir for? This sort of stuff? Ol> You also need to create a cert (can be self-signed). Of course you can Ol> put the certs in any path you like. OK, so not /srv necessarily? Ol> ecdsa cert: Ol> $ openssl genpkey -algorithm ed25519 > fidonet-ed25519.key Ol> $ openssl req -new -x509 -nodes -days 1200 -key fidonet-ed25519.key -out Ol> fidonet-ed25519.crt -text -subj "/CN=localhost" Ol> Ol> rsa cert: Ol> openssl req -new -newkey rsa -days 1200 -nodes -x509 -keyout Ol> fidonet-rsa.key -out fidonet-rsa.crt -text -subj "/CN=localhost" I know little about this (yet) but am I correct to assume a Lets Encrypt cert would be better / more well known? Not sure I am stating this correctly. Why for the self signed stuff 1200 days? If I created self signed stuff how could anyone trust it compared to something like Lets Encrypt that is third party? Ol> Alternatively use a letsencrypt cert. Something I'm thinking (will wait until I hear from you) may be the better way to go? Also something I have not ever done but would like to learn how etc. :) Ol> restart nginx: Ol> Ol> $ systemctl restart nginx Ol> OK will hold off that until I sort the certs. Will I also need to have something configured in BinkD to talk to nginx? I'd better read the nginx man. --- Mystic BBS v1.12 A47 2021/09/29 (Linux/64) * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101) .