[stunnel-users] Multiple Domains for https

Thomas Manson dev.mansonthomas at gmail.com
Sat Feb 11 00:48:48 CET 2012


Accept does takes the ip :


*accept = address*

accept connections on specified address

*If no host specified, defaults to all IPv4 addresses for the local host.*

To listen on all IPv6 addresses use:

    connect = :::port


And having a port different than 443 is not acceptable.
(lot of accept word :D)

Thomas.

On Fri, Feb 10, 2012 at 22:17, Kevin Decherf <kevin at kdecherf.com> wrote:

> On Fri, Feb 10, 2012 at 10:09 PM, Thomas Manson <
> dev.mansonthomas at gmail.com> wrote:
>
>> Hi,
>>
>>   I want to setup the following architecture :
>>
>> stunnel ---> haproxy --> 2 webserver.
>>
>> I run severa virtual host on the 2 webservers, and a subset of them needs
>> https.
>>
>> I can allocate several IP address for the host that run stunnel.
>>
>> How do I configure a single stunnel process to have a certificate per IP
>> for the port https?
>>
>> I tryed to add several section like the following :
>>
>> [mansonthomas.com]
>> cert          = /etc/stunnel/sites/mansonthomas.com/mansonthomas.com.crt
>> accept        = 88.190.17.222:443
>> connect       = 127.0.0.1:82
>>
>> xforwardedfor = yes
>> TIMEOUTclose  = 0
>>
>>
>> So the question is : Is it possible ?
>> do you have a sample configuration file to share for this use case?
>>
>
> Hi,
>
> I don't know if 'accept' supports IP but you can use several ports on the
> same IP and redirect these ports with iptables to the dedicated IP
>
> ----
> Kevin Decherf - M: +33 681194547 - T: @Kdecherf
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120211/11e5024f/attachment.html>


More information about the stunnel-users mailing list