Setup SSL with inn
Kenichi Okada
okada at opaopa.org
Wed Aug 29 16:16:58 UTC 2001
In the message <Pine.LNX.4.33.0108291144520.17124-100000 at marduk.litech.org>
"Jeffrey M. Vinocur" <jeff at litech.org> wrote:
> > Do I
> > need make modification on inn.conf in order to make innd run nnrpd -S ?
> If you want to only allow SSL connections I think you have to put innd on
> a different port (433 is usual) and spawn nnrpd -S out of xinetd (or using
> nnrpd daemon mode). Alternatively you can use the nntps port (563) for
> SSL nntp connections, similarly with xinetd or daemon mode.
I wrote a little patch for daemontools (http://cr.yp.to/daemontools.html).
When nnrpd starts with '-f', nnrpd does not fork.
For example.
/service/nnrpd/run:
#!/bin/sh
exec 2>&1
exec /usr/news/bin/nnrpd -D -f -S -p 563
--
Kenichi Okada
mailto:okada at opaopa.org
*** nnrpd/nnrpd.c-orig Thu Aug 30 01:08:42 2001
--- nnrpd/nnrpd.c Thu Aug 30 00:58:27 2001
***************
*** 84,89 ****
--- 84,90 ----
#endif /* !defined(_HPUX_SOURCE) */
STATIC sig_atomic_t ChangeTrace;
BOOL DaemonMode = FALSE;
+ BOOL ForeGroundMode = FALSE;
#if HAVE_GETSPNAM
STATIC char *ShadowGroup;
#endif
***************
*** 780,788 ****
if (ReadInnConf() < 0) exit(1);
#ifdef HAVE_SSL
! while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:tS")) != EOF)
#else
! while ((i = getopt(argc, argv, "b:Di:g:op:Rr:s:t")) != EOF)
#endif /* HAVE_SSL */
switch (i) {
default:
--- 781,789 ----
if (ReadInnConf() < 0) exit(1);
#ifdef HAVE_SSL
! while ((i = getopt(argc, argv, "b:Dfi:g:op:Rr:s:tS")) != EOF)
#else
! while ((i = getopt(argc, argv, "b:Dfi:g:op:Rr:s:t")) != EOF)
#endif /* HAVE_SSL */
switch (i) {
default:
***************
*** 797,802 ****
--- 798,806 ----
case 'D': /* standalone daemon mode */
DaemonMode = TRUE;
break;
+ case 'f': /* Don't fork on daemon mode */
+ ForeGroundMode = TRUE;
+ break;
#if HAVE_GETSPNAM
case 'g':
ShadowGroup = optarg;
***************
*** 928,939 ****
}
/* Detach */
! if ((pid = fork()) < 0) {
fprintf(stderr, "%s: can't fork: %s\n", argv[0], strerror(errno));
syslog(L_FATAL, "cant fork: %m");
exit(1);
! } else if (pid != 0)
exit(0);
setsid();
--- 932,945 ----
}
/* Detach */
! if (!ForeGroundMode) {
! if ((pid = fork()) < 0) {
fprintf(stderr, "%s: can't fork: %s\n", argv[0], strerror(errno));
syslog(L_FATAL, "cant fork: %m");
exit(1);
! } else if (pid != 0)
exit(0);
+ }
setsid();
*** doc/man/nnrpd.8-orig Thu Aug 30 01:02:34 2001
--- doc/man/nnrpd.8 Thu Aug 30 01:08:05 2001
***************
*** 11,16 ****
--- 11,19 ----
.B \-D
]
[
+ .B \-f
+ ]
+ [
.BI \-g " shadowgroup"
]
[
***************
*** 101,106 ****
--- 104,115 ----
once on startup and never again until restarted.
.I nnrpd
should therefore be restarted if inn.conf is changed.
+ .TP
+ .B \-f
+ If specified,
+ .I nnrpd
+ does not detache itself and runs in the foreground
+ when started as a standalone daemon using the ``\-D'' flag.
.TP
.B \-g
On systems that have a shadow password file,
More information about the inn-workers
mailing list