NANOWEB, the aEGiS PHP web server

SSL with nanoweb HOWTO

First, nanoweb has no official support for HTTP over Secure Sockets Layer (also known as HTTPS).

There is however a mean to make it work, with some help from the popular "stunnel" application.

Starting from version 1.8.0, nanoweb supports running as an inetd service, and this is necessary for wrapping nanoweb with stunnel.



  1. If you already have setup nanoweb in inetd mode, you may want to backup your non-SSL config files as you probably want to host different virtual hosts for http and https.
  2. Generate a certificate for nanoweb:
    root@www:~# cd /etc/ssl/certs
    root@www:/etc/ssl/certs# openssl req -new -x509 -nodes -out nanoweb.pem -keyout nanoweb.pem -days 9999
    root@www:/etc/ssl/certs# ln -s nanoweb.pem `openssl x509 -noout -hash < nanoweb.pem`.0
  3. Copy the wrapper script /usr/sbin/in.nanoweb to in.nanoweb-ssl; comment the line for normal operation and uncomment the ones for SSL (stunnel).
    You want these two files to keep nanoweb operating as plain http server on port 80, but also over SSL via stunnel.
  4. uncomment the https line in your /etc/inetd.conf (this line was already written to there by the nanoweb install-sh)
    # nanoweb inetd support
    www   stream tcp nowait root /usr/sbin/in.nanoweb nanoweb
    https stream tcp nowait root /usr/sbin/in.nanoweb nanoweb -ssl


Once all this is done, open your favorite SSL enabled web browser, and try to open "https://localhost". If it works, you should see the default web page, and your browser should tell you some things about the cert not being signed by a trusted authority (this is not a bug, just send your CSR for signing to a trusted CA if you want).

If it does not, stunnel log files are quite informative :)

See also the text versions of this HOWTO about SSL support for nanoweb.

NANOWEB, the aEGiS PHP web server