[stunnel-users] FW: FW: Stunnel with IIS8 on server 2012 64 bit

J. Michael Drew jmichaeldrew at hotmail.com
Mon Jun 20 20:28:19 CEST 2016


 

 

From: J. Michael Drew [mailto:jmichaeldrew at hotmail.com] 
Sent: Monday, June 20, 2016 2:01 PM
To: 'Jose Alf.'
Subject: RE: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit

 

Hi Jose,

 

I made the changes you suggested, but I am still getting the same behavior.

 

My external address is: https://website.company.com/website

 

I am not adding any ports to the address.

 

Thanks so much for your help!

 

Michael

 

From: Jose Alf. [mailto:josealf at rocketmail.com] 
Sent: Monday, June 20, 2016 12:10 PM
To: J. Michael Drew; stunnel-users at stunnel.org
Subject: Re: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit

 

Michael,

 

I guess what you want to do is to be able to connect to your internal Webserver via your Win2012 stunnel proxy using a URL like:

 

https://yourwin2012dnsname:9001/ <https://yourwin2012dnsname:9009/> 

 

if that is correct, I suggest to adjust your configuration as follows:

 

1. Your stunnel mode must be server, not client. So adjust your service stanza as follows:

 

[CLI9F529A0A]

accept=9001

connect=10.xxx.xxx.xxx:9009

client=no

 

2. In your current configuration stunnel is listening only in the localhost ipv4 address (127.0.0.1). Therefore, you can only connect when you are logged on the server, you can't connect from a remote client. 

 

Hope this helps you clarify what's going on.

 

 

Regards,

Jose

 

From: J. Michael Drew [mailto:jmichaeldrew at hotmail.com] 
Sent: Monday, June 20, 2016 9:54 AM
To: 'Josealf.rm'
Subject: RE: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit

 

Jose,

 

Once logged in to the server I can open a browser on the server and connect through https://localhost/website and I can log in to the site externally as expected.

 

Here are the log files from IIS and stunnel where stunnel is running as a service on the Windows 2012 server:

 

When I am not logged in to the server it fails:

 

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-06-20 00:30:21

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-06-20 00:30:21 159.xxx.xxx.xxx HEAD / - 443 - 190.xxx.xxx.xxx - - 200 0 0 1218

#Software: Microsoft Internet Information Services 8.5

#Version: 1.0

#Date: 2016-06-20 05:41:01

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-06-20 05:41:01 10.xxx.xxx.xxx OPTIONS /C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 200 0 0 500

2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 46

2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32 - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 218

2016-06-20 05:41:16 10.xxx.xxx.xxx PROPFIND /patch-{682810b5-36dc-4e5d-81dd-6c02cd8f445b}-patchtoolsd.exe - 80 - 159.82.156.241 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 64 62

2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /N$cl64.exe - 80 - 159.xxx.xxx.xxx 1 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 62

2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /C$rome.dll - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 296

 

Stunell.conf:

 

cert = extwebsvr_ver.pem

 

; Some performance tuning

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

 

; Peer Authentication

verify = 2

CAfile = extwebsvr_root.pem

 

; Debug mode - useful for troubleshooting

debug = 7

output = stunnel.log

 

 

; Client mode

client = yes

 

; Setup tunnels to each EMS node

 

[CLIxxxxxxxx)]

accept=127.0.0.1:9001

connect=10.xxx.xxx.xxx:9009

 

Stunnel.log:

 

2016.06.20 09:17:39 LOG7[main]: No limit detected for the number of clients

2016.06.20 09:17:39 LOG5[main]: stunnel 5.27 on x86-pc-msvc-1500 platform

2016.06.20 09:17:39 LOG5[main]: Compiled/running with OpenSSL 1.0.2e-fips 3 Dec 2015

2016.06.20 09:17:39 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

2016.06.20 09:17:39 LOG7[main]: errno: (*_errno())

2016.06.20 09:17:39 LOG5[main]: Reading configuration from file stunnel.conf

2016.06.20 09:17:39 LOG7[ui]: GUI message loop initialized

2016.06.20 09:17:39 LOG7[cron]: Cron thread initialized

2016.06.20 09:17:39 LOG5[main]: UTF-8 byte order mark detected

2016.06.20 09:17:39 LOG6[main]: Initializing service [CLI9F529A0A]

2016.06.20 09:17:39 LOG6[main]: Loading certificate from file: extwebsvr_ver.pem

2016.06.20 09:17:39 LOG6[main]: Certificate loaded from file: extwebsvr_ver.pem

2016.06.20 09:17:39 LOG6[main]: Loading private key from file: extwebsvr_ver.pem

2016.06.20 09:17:39 LOG6[main]: Private key loaded from file: extwebsvr_ver.pem

2016.06.20 09:17:39 LOG7[main]: Private key check succeeded

2016.06.20 09:17:39 LOG4[main]: Service [CLIxxxxxxxx] uses "verify = 2" without subject checks

2016.06.20 09:17:39 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates

2016.06.20 09:17:39 LOG7[main]: SSL options: 0x03000004 (+0x03000000, -0x00000000)

2016.06.20 09:17:39 LOG5[main]: Configuration successful

 

Thanks for your help,

 

Michael

 

 

 

 

From: Josealf.rm [mailto:josealf at rocketmail.com] 
Sent: Monday, June 20, 2016 8:01 AM
To: J. Michael Drew
Cc: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit

 

Michael,

 

Is your stunnel running as a service?

Please post sanitized logs and configuration for a better diagnostic ...

Regards 

Jose


El 20 jun 2016, a las 6:39, J. Michael Drew <jmichaeldrew at hotmail.com> escribió:

Hi,

 

I have a website on IIS8 and am using stunnel to forward requests over 9009 inside to my application server.  When I log in to the IIS server and stay logged in everything works as expected. When I log off the IIS 8 web server my site is unreachable with a “service is unavailable”.

 

Can someone help me?

 

Sincere thanks,

 

Michael

_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160620/6be9f24a/attachment.html>


More information about the stunnel-users mailing list