...
The AP Bridge installs its supervisor configuration under APC_HOME/etc/supervisor.conf.d. In order for the system-level supervisor to pick it up, the following lines supervisor configuration must be added to the supervisor configuration updated in /etc/supervisor/supervisord.conf. These changes make it possible for the AP Bridge processes to be managed by supervisor and for the dust user to control the processes without using sudo. After making the configuration changes, the supervisor daemon must be restarted.
In the unix_http_server section, update to:
| No Format |
|---|
[unix_http_server]
file=/var/run/supervisor_server.sock
chmod=0660
chown=dust:dust |
In the include section, add:
| No Format |
|---|
[include]
files=/opt/dust-apc/etc/supervisor.conf.d/*.conf |
To restart supervisor:
| No Format |
|---|
$ sudo service supervisor restart |
When started in the default configuration, the AP Bridge launches a script that waits for NTP to synchronize time before launching the main AP Bridge process, named apc. The NTP service should be started before the AP Bridge is started.
Secure communication
The AP Bridge software does not implement the TLS security layer itself. Instead, to implement secure communication with the VManager, the AP Bridge uses stunnel running on the same device. To secure the AP Bridge connection, stunnel is configured to listen to local TCP port 9100 and connect to TCP port 9101 on the VManager host. From the AP Bridge, stunnel establishes a connection to the remote VManager and negotiates the cipher suite with stunnel on the VManager. Stunnel uses the host's openssl library, so both the stunnel and openssl packages should be kept up to date on the VManager and AP Bridge systems. If you do not specify a specific set of security suites to use, stunnel will revert to openssl defaults. Configuring openssl for a particular security suite, or operation in FIPS mode, is left to the system operator.
...