[Xymon] Xymon 4.3.30 Released

Axel Beckert abe at deuxchevaux.org
Tue Aug 18 17:15:55 CEST 2020


Hi,

On Sat, Aug 15, 2020 at 12:21:24AM -0400, Ralph M wrote:
> I think direct SSL wrapping is what I need, thanks.
> 
> Would it be unreasonable to suggest that the SSL setup, decryption, etc be
> offloaded to a standalone program that then delivers the message to the
> core daemon in the same manner as cgimsg?  I'd like to get Apache out of
> the loop, and just have an SSL-enabled message receiver funneling status
> messages to the core daemon.

That's easy: I use stunnel (Debian package "stunnel4") for that. Also
gives you instant IPv6 reachability for the Xymond.

Server setup (relevant snippet from my /etc/stunnel/stunnel.conf):

[bbs6]
accept = :::1983
connect = 1984

Since it's encrypted and has better privacy, I use port 1983 for that
with the mnemonic "before 1984". :-)

Client (relevant snippets from my /etc/stunnel/stunnel.conf and
/etc/default/xymon-client):

[bbs]
accept  = 127.0.0.1:1984
connect = <your-xymon-server>:1983
client = yes

and

XYMONSERVERS="127.0.0.1"

The client snippets are from a host which has no IPv4 connectivity
(besides localhost).

		Kind regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/


More information about the Xymon mailing list