Yes, however it is a bit complicated. The data itself is not encrypted.
The reason I was trying to do this was to get around having to constantly
update a firewall rule and the ldmd.conf ALLOWs for a site that was on a
dynamic IP address (cable modem).
The solution I used was setting up a SSH tunnel. So because of that the
traffic is encrypted by SSH. You will need to configure your tunnel though
properly. I really can't remember all the details, but I had the server
already with SSH, but had to create the tunnel receiver to redirect for
that tunnel session to port 388, then the client needed to not only have
ssh as a client to connect, but also have persistence (say the ssh tunnel
drops due to a network failure, need to set up your public key on the
receiving server). There was a script to verify it and re-establish it.
then had to make sure to connect to another port instead of 388 because LDM
uses 388 for the server end. Your SSH tunnel would have to be something
like 3888 (non-privileged port is easier to work with >1024 and can be run
as a mere-mortal account). Then the other thing to worry about. So the
answer is, it is possible, but it is a pain in configuring. I was mostly
doing it to see if it would work and it does.
Another method, I have not yet tested, but it's very doable, if you have
the ability is to set up a site-to-site or even client-to-site VPN.
OpenVPN works very well and there are scripts that are on github that make
setting up the VPN service a breeze. I haven't played with this other than
client-to-site VPN on my pfSense router at home, but have set up the VPN on
a cloud site to learn it more on the non-network equipment end. But this
will also encrypt your data and also get around a lot of issues and you can
even set it up to LISTEN on ports like 443 and such. Again, just like
SSH/VPN does use network and system resources (IP/ports/memory/CPU time).
Hope those get an idea of how to get the data encrypted.
On Thu, Feb 16, 2023 at 9:16 AM Frost, Mr. Michael via ldm-users <
ldm-users@xxxxxxxxxxxxxxxx> wrote:
> Hello,
>
>
>
> Is there a way to run LDM over secure port like an https ?
>
>
>
> Thanks,
>
> Mike
>
>
>
> Michael Frost
>
> Computer Programmer, Code 7542
>
> Marine Meteorology Division
>
> Naval Research Laboratory
>
> 7 Grace Hopper Ave., Mail Stop 2
>
> Monterey CA 93943
>
> Ph (831) 656 - 4723
>
>
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web. Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> ldm-users mailing list
> ldm-users@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe, visit:
> https://www.unidata.ucar.edu/mailing_lists/
>
