Geneweb is an genealogy application, which is ported either to Linux and to Microsoft Windows. The application typically runs in daemon mode, so that it binds itself to a normal TCP port. That enables to server to be used using a web browser, such as Mozilla Firefox.
The standard configuration uses a normal HTTP connection, which is not encrypted. Using STunnel, the software can be made available in a rather secure fashion.
Setting up Geneweb on Debian GNU/Linux
In a standard configuration, the software can be installed using
apt-get install geneweb
Then, a database needs to be set up. For that, the following commands will do the trick:
cd /var/lib/geneweb
gwc –o <DBNAME>
The parameter <DBNAME> is the name of the database to be created.
After that, if the server would be started, it would bind itself to all interfaces, thus enabling access from everywhere. To disable this, the following needs to be done:
cd /usr/lib/geneweb
vi gwd.wrapper
In the editor, the parameter “-p$PORT” needs to be changed to “-a127.0.0.1 -p$PORT”. This binds the server to localhost only, so that the server can not be accessed, besides the machine itself.
SSL for Geneweb
After the installation and setup of Geneweb itself, it’s time to add SSL encryption for connections to this. For that we add an encryption layer by means of a port forwarding. The setup is that the stunnel application opens a SSL port to the network. Each connection on that port is forwarded then to the localhost port of geneweb. By that, the geneweb server needs not to be altered (which is a good thing) and all transfer to the system is encrypted, which was the condition.
To add stunnel, the following starts the installation (if it’s not already installed):
apt-get install stunnel
After the installation succeeded (or apt-get explains that the application is already installed), a SSL certificate needs to be created (this step is obsolete, if stunnel is already correctly set up). To create the certificate, the following must be done:
cd /etc/stunnel
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
chmod 0600 stunnel.pem
After the certificate is created and the access rights are adjusted, the stunnel daemon needs to be configured. In the file /etc/stunnel/stunnel.conf the following section needs to be added to be bottom:
[geneweb]
accept = 22317
connect = 2317
In the file /etc/default/stunnel, the switch ENABLED should be altered to 1, so that stunnel configurations are created upon start.
And that’s all! The daemons can now be (re-)started:
/etc/init.d/stunnel restart
/etc/init.d/geneweb start
Stay tuned with geneweb and stunnel!