Stunnel/Server: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
[[Category: | [[Category:Server]] | ||
[[Category:Unix]] | [[Category:Unix]] | ||
[[Category:Linux]] | [[Category:Linux]] | ||
[[Category:Stunnel]] | [[Category:Stunnel]] | ||
[[Category:SSL]] | [[Category:SSL]] | ||
Revision as of 17:25, 27 March 2017
Stunnel running as a server will open two ports: one to listen for incoming traffic, and one to forward the (unencrypted) traffic onto.
Typically, stunnel is listening on port 443, open to external traffic, and is listening for SSL traffic.
Typically, stunnel is forwarding that traffic on to a local port, something like 8443. (Useful if you have a service only exposed to LOCAL traffic from localhost or 127.0.0.1 and not bound to an EXTERNAL ip address like 0.0.0.0).
To set this up, we use the stunnel.conf configuration file. This is what a simple stunnel config looks like:
output = /etc/stunnel/stunnel.log cert=/etc/stunnel/stunnel.fullchain.pem key=/etc/stunnel/stunnel.key.pem pid=/var/run/stunnel4/stunnel.pid client=yes [http] accept = 443 connect = 127.0.0.1:8443