Configuring Hitch to terminate SSL requests
Start with an example configuration that's bundled with Hitch distribution. Rename hitch.conf.ex to hitch.conf.
Since Hitch is a fork of Stud, the configuration values are mostly the same. Refer to my earlier blog post on Configuring Stud to know which values to configure.
Get an init.d script for Hitch with the following:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # hitch - this script starts and stops the hitch daemon | |
| # | |
| # chkconfig: - 85 15 | |
| # description: hitch is Scalable TLS Unwrapping Demon | |
| # processname: hitch | |
| # Source function library. | |
| . /etc/rc.d/init.d/functions | |
| # Source networking configuration. | |
| . /etc/sysconfig/network | |
| # Check that networking is up. | |
| [ "$NETWORKING" = "no" ] && exit 0 | |
| hitch=/opt/hitch/sbin/hitch | |
| prog=$(basename $hitch) | |
| STUD_CONF_FILE="/opt/hitch/hitch.conf" | |
| [ -f /etc/sysconfig/hitch ] && . /etc/sysconfig/hitch | |
| lockfile=/opt/hitch/var/run/hitch | |
| start() { | |
| [ -x $hitch ] || exit 5 | |
| [ -f $STUD_CONF_FILE ] || exit 6 | |
| echo -n $"Starting $prog: " | |
| daemon $hitch --quiet --config=$STUD_CONF_FILE | |
| retval=$? | |
| echo | |
| [ $retval -eq 0 ] && touch $lockfile | |
| return $retval | |
| } | |
| stop() { | |
| echo -n $"Stopping $prog: " | |
| killproc $prog -QUIT | |
| retval=$? | |
| echo | |
| [ $retval -eq 0 ] && rm -f $lockfile | |
| return $retval | |
| } | |
| restart() { | |
| configtest || return $? | |
| stop | |
| sleep 1 | |
| start | |
| } | |
| reload() { | |
| configtest || return $? | |
| echo -n $"Reloading $prog: " | |
| killproc $hitch -HUP | |
| RETVAL=$? | |
| echo | |
| } | |
| force_reload() { | |
| restart | |
| } | |
| configtest() { | |
| $hitch -t --config=$STUD_CONF_FILE | |
| } | |
| rh_status() { | |
| status $prog | |
| } | |
| rh_status_q() { | |
| rh_status >/dev/null 2>&1 | |
| } | |
| case "$1" in | |
| start) | |
| rh_status_q && exit 0 | |
| $1 | |
| ;; | |
| stop) | |
| rh_status_q || exit 0 | |
| $1 | |
| ;; | |
| restart|configtest) | |
| $1 | |
| ;; | |
| reload) | |
| rh_status_q || exit 7 | |
| $1 | |
| ;; | |
| force-reload) | |
| force_reload | |
| ;; | |
| status) | |
| rh_status | |
| ;; | |
| condrestart|try-restart) | |
| rh_status_q || exit 0 | |
| ;; | |
| *) | |
| echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" | |
| exit 2 | |
| esac |
Test your configuration with
/opt/hitch/sbin/hitch --config=/opt/hitch/hitch.conf
To get the certificate configured, please follow Installing and configuring Stud to serve SSL requests.
Once you are able to access the server, we can enable the init.d script via chkconfig script.
chmod ugo+x /etc/init.d/hitch
chkconfig hitch --add
chkconfig hitch --level 235 on