Stunnel/HTTP: Difference between revisions
From charlesreid1
| Line 35: | Line 35: | ||
===Client Procedure=== | ===Client Procedure=== | ||
Stop any running instances of stunnel, then start stunnel: | |||
<pre> | |||
$ killall stunnel && stunnel | |||
</pre> | |||
==Server Setup== | ==Server Setup== | ||
Revision as of 08:23, 29 March 2017
Covers how to forward HTTP traffic over stunnel.
Overview of Setup
Our goal here is to have traffic between a client and a server pass through an encrypted tunnel, with each service happening on different ports.
In particular, we want to have HTTP traffic on the stunnel client on port 9999 (e.g., the browser opening localhost:9999) pass through the encrypted tunnel and be forwarded to an HTTP server listening on the stunnel server machine.
In summary:
On the client, traffic from port 9999 (http, from the browser) will be forwarded to port 8000 (stunnel). We will forward that traffic on to the remote stunnel server listening on port 8000.
The server will receive traffic on port 8000. It will decrypt the traffic and forward the traffic on to a local HTTP server running on port 9998: python -m SimpleHTTPServer 9998
Client Setup
Client Port Configuration
On the client machine, we will forward local traffic from port 9999 to port 8000, where stunnel will receive the traffic and encrypt it before sending it to the stunnel server.
We want to configure stunnel to listen for traffic on port 9999, and make connections with another stunnel instance on port 8000.
Client Stunnel Config File
output = /var/log/stunnel4/stunnel.log cert = /usr/local/etc/stunnel/stunnel.fullchain.pem key = /usr/local/etc/stunnel/stunnel.key.pem client = yes [ssh] accept = 9999 connect = A.B.C.D:8000
Client Procedure
Stop any running instances of stunnel, then start stunnel:
$ killall stunnel && stunnel
Server Setup
Server Port Configuration
...
Server Stunnel Config File
...
Server Procedure
...