[stunnel-users] Access an arbitrary https website on http://localhost:3000 via stunnel.
Hongyi Zhao
hongyi.zhao at gmail.com
Thu Jan 14 14:34:35 CET 2016
2016-01-14 16:51 GMT+08:00 Michal Trojnara <Michal.Trojnara at stunnel.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Hongyi,
>
> My hint:
>
> $ curl -s http://localhost:3000/
> Cannot GET /
>
> $ curl -s -H 'Host: coolaj86.com' http://localhost:3000/
Thanks a lot, I still have some issues:
1- Why must we use the ''-H 'Host: coolaj86.com' '' in this command
for getting the correct result?
2- If I want to use internet explorer, such as firefox/chrome to open
the corresponding url, i.e., http://localhost:3000/, how should I do?
3- There are 3 certificates given by the owner of the website
https://coolaj86.com/. They are all stored here:
https://gist.github.com/coolaj86/327cee3eee6fc119b389/
Just as you can see, the 3 certificates are named as follows:
cert.pem
chain.pem
root.pem
What's the relationship between the above 3 certificates?
And the first certificate, i.e., the cert.pem, is the one used for the
website https://coolaj86.com/.
So, I just want to know why we must the root.pem in the stunnel's conf file?
Regards
> <!DOCTYPE html>
> <html lang="en">
> <head>
> <meta charset="utf-8">
> <title>AJ ONeal</title>
> ...
>
> Best regards,
> Mike
>
> On 14.01.2016 05:51, Hongyi Zhao wrote:
>> Hi all,
>>
>> Based on the descriptions on the following webpage:
>>
>> http://plug.org/pipermail/plug/2015-August/033939.html
>>
>> I do the following testing:
>>
>> 1- Complile and install the lastest stunnel, i.e., the
>> stunnel-5.29.
>>
>> 2- Obtaining the root cert
>>
>> wget -q
>> https://gist.githubusercontent.com/coolaj86/327cee3eee6fc119b389/raw/r
> oot.pem
>>
>>
> - -O /tmp/root.pem
>>
>> 3- Prepare the following config file for stunnel:
>>
>> pid = /tmp/stunnel-tlsvpn.pid
>>
>> client = yes verify = 1 foreground = yes
>>
>> [tlsvpn] accept = localhost:3000 sni = coolaj86.com connect =
>> coolaj86.com:443 CAfile = /tmp/root.pem
>>
>> 4- Starting the stunnel:
>>
>> $ stunnel ./stunnel-tlsvpn.conf
>>
>> 5- Testing:
>>
>> At this moment, I use the firefox to open the following url:
>>
>> http://localhost:3000
>>
>> But the firefox will only give the following line in its windows:
>>
>> Cannot GET /
>>
>> Any hints on this issue?
>>
>> Regards
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWl2GYAAoJEC78f/DUFuAUwlAP/3w4sq5u4Wp1SV9mbB4Sr7D4
> nP++WO10HLpSFQRnO85BaX2XHwU5aC+AxDI9wztvkEXLE9gup3KfT9Dvk9cfrHHv
> Vb+EmOnspKslsOI1X/pHbSxB7tuc816aqqW9Q2Vmwh9RoVnt0djFIIB/GpKQa/0m
> YhJrfcpT+WmZ3xrKQUcsahVFTzgxWxZCbDO26c/B3n/ORSmCvs4lRuYXtAuqfGlX
> q0+qHt4+gi69lc6PMLeGWEonFhgHCl3Mc2Oa5Y3atb52uWG3KS2b4KF+ZQWfhPFK
> qMggrXNnGgtxrb52rTw8C0/e14v3ZmENB2NX3qZGOvgiS4YujbjE2yGOgjeJzaxo
> x/UEOFY2X879TECrThEWS87e6BiMog5iKYw8VneJ6rAYn40vGPEji5Lg8kTUU3kC
> Du5u2zyIdPmqHhTKqpSoIgFKt1w80VpM7wZ/Z8H12yJJh1MHvh7EFUZTZ987nMpt
> UNf8wCTTDxMEnQI/kMODLBLO9ntGnCHF0PXQ3s24zQ10/BftLyNbTMMTs14bktQG
> hyWV/aGqF7+dtgcTgirLn1cypxKW5wrF8JOt5I/B1c3/fafHny/I4NyuF5MQuEB9
> GDDjYwbcQrU4shSA4Hoe5mWQDpdBJUBb5+8wHkgZg2neU8wcfyzEPucS960eG46Q
> zSbvpAgUjmvP91qZhWyI
> =oyVS
> -----END PGP SIGNATURE-----
--
Hongyi Zhao <hongyi.zhao at gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
More information about the stunnel-users
mailing list