[stunnel-users] Fw: Using stunnel to add https to a webserver that doesn't have ssl setup

mkanet at yahoo.com mkanet at yahoo.com
Fri Nov 2 18:58:14 CET 2012


Thanks for the reply.  Lots of friendly people on here.  I should have probably posted my solution when I figured it out.  I was already using a server-based method to handle redirection.  However, what I didn't consider is adding a one line exception that distinguishes incoming requests from stunnel on 127.0.0.1 in order to prevent an endless loop.  I did this by modifying my IIS URL Rewrite module rule to look like below.  URL Rewrite module 2.0 is highly optimized; and is ideal for this kind of thing; works perfect under any circumstance; so long as webpages contain relative elements.  Works like a charm.


<rewrite>  
    <rules> 
         <rule
name="HTTP to HTTPS redirect" stopProcessing="true">
              
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
               
      <add input="{HTTPS}"
pattern="off" ignoreCase="true" />
                     
<add input="{REMOTE_ADDR}" pattern="127.0.0.1"
negate="true" />
               
</conditions>
               
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}"
/>
         
</rule>
    
</rules>
</rewrite>

----- Forwarded Message -----


On Tue, 30 Oct 2012 15:05:54 -0700 (PDT)  <mkanet at yahoo.com>
wrote:
 
> Thanks.  I
typically let my webserver handle SSL whenever I can since 
> it's much easier that way; especially since I know
how to handle 
> http->https urlrewrites that way already; and,
plenty of examples on 
> the web for IIS.  The reasons for adding stunnel into the mix in this 
> scenerio completely outweight not having it at
all.  I couldn't find 
> any examples anywhere showing how to handle a simple
http to https URL redirect if stunnel is involved; not even in javascript.
> Hopefully someone here has the expertise to offer a
solution at least in html.
 
 
The easiest way is to use a server side language as PHP
and ASP or CGI/perl (if ISS is capable, that I don't know).
 
If you relay on client (javascript, meta refresh) you
can't control the behavior of the client (javascript disabled by user or meta
redirects).
 
ISS is capable of PHP and, if you are using it, because
you didn't tell, is easy (easy, but I haven't done as I don't know much of PHP
(I just played a couple of times with it following tutorials)). With ASP, I
don't know, but should be possible too.
 
Here you have an example with PHP:
 
http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https
 
or this one:
 
http://stackoverflow.com/questions/5106313/redirecting-from-http-to-https-with-php (second message).
 
As I said, you have to do it transparent to the user
without relying on them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121102/7a84fb65/attachment.html>


More information about the stunnel-users mailing list