[stunnel-users] How to use stunnel as a HTTPS to HTTPS reverse proxy

Claudio Beretta claudio.beretta at helloinnovation.com
Fri Feb 26 17:42:49 CET 2016


yeah, now it's obvious why it works :)
I got part of the (wrong) solution from another place, and later I guess I
didn't understand the explanation for the "client" option in the manual.
Thanks again

On Thu, Feb 25, 2016 at 12:03 PM, Jose Alf. <josealf at rocketmail.com> wrote:

>
> Claudio,
>
> Sure, it works. Is it clear for you why? :)
>
>
> On Thursday, February 25, 2016 11:18 AM, Claudio Beretta <
> claudio.beretta at helloinnovation.com> wrote:
>
>
> José, that did the trick!
> Thank you
>
> On Thu, Feb 25, 2016 at 12:07 AM, Josealf.rm <josealf at rocketmail.com>
> wrote:
>
> Hi Claudio,
>
> What happens if you Try client = no for proxy1 and client = yes for proxy2?
>
> Regards,
> José
>
> El 23 feb 2016, a las 12:13, Claudio Beretta <
> claudio.beretta at helloinnovation.com> escribió:
>
> I'd like Stunnel to act as a reverse proxy that accepts TLS 1.0 and TLS
> 1.2 for https://example.com and then forwards the traffic to
> https://example.net, another web server that only accepts TLS 1.2
> browser --TLS 1.0 or 1.2--> Stunnel --TLS 1.2--> Web App
>
> The browser should have no idea that example.net even exists (only
> example.com certificate will be presented to the browser).
> Is this something Stunnel can do?
>
>
> This is what I got so far:
>
> cert = example.com.pem
> ;stunnel.pem
>
> [proxy1]
> client = yes
> accept = 10.100.4.179:443
> connect = localhost:54323
> CAfile = sca.server1.crt.pem
> ;verify = 2
>
> [proxy2]
> client = no
> accept = localhost:54323
> connect = example.net:443
> ;CAfile = SymantecClass3EVSSLCA-G3.pem
>
> example.com.pem contains the public and decrypted private key for
> example.com
> sca.server1.crt.pem contains the intermediate and root certificates of the
> CA that issues the example.com.pem certificate
>
> It partially works: the browser shows example.com in the address bad and
> the content of example.net, but the certificate that is returned is from
> example.net
>
> What am I doing wrong?
> Or do you have other recommendations to get something like this working on
> Windows Server 2008 R2? (IIS + Application Request Routing + URL Rewrite
> won't work: TLS1.2 is not properly supported)
>
> Thank you
> Claudio
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160226/59f778f9/attachment.html>


More information about the stunnel-users mailing list