Stunnel/Server: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
==Stunnel Server== | |||
Stunnel running as a server will open two ports: one to listen for incoming traffic, and one to forward the (unencrypted) traffic onto. | Stunnel running as a server will open two ports: one to listen for incoming traffic, and one to forward the (unencrypted) traffic onto. | ||
===Ports/Arrangement=== | |||
Typically, stunnel is listening on port 443, open to external traffic, and is listening for SSL traffic. | Typically, stunnel is listening on port 443, open to external traffic, and is listening for SSL traffic. | ||
Typically, stunnel is forwarding that traffic on to a local port, something like 8443. (Useful if you have a service only exposed to LOCAL traffic from localhost or 127.0.0.1 and not bound to an EXTERNAL ip address like 0.0.0.0). | Typically, stunnel is forwarding that traffic on to a local port, something like 8443. (Useful if you have a service only exposed to LOCAL traffic from localhost or 127.0.0.1 and not bound to an EXTERNAL ip address like 0.0.0.0). | ||
===Stunnel Config File=== | |||
To set this up, we use the <code>stunnel.conf</code> configuration file. This is what a simple stunnel config looks like: | To set this up, we use the <code>stunnel.conf</code> configuration file. This is what a simple stunnel config looks like: | ||
| Line 19: | Line 25: | ||
==Flags== | |||
{{StunnelFlag}} | |||
[[Category:Server]] | [[Category:Server]] | ||
Revision as of 17:27, 27 March 2017
Stunnel Server
Stunnel running as a server will open two ports: one to listen for incoming traffic, and one to forward the (unencrypted) traffic onto.
Ports/Arrangement
Typically, stunnel is listening on port 443, open to external traffic, and is listening for SSL traffic.
Typically, stunnel is forwarding that traffic on to a local port, something like 8443. (Useful if you have a service only exposed to LOCAL traffic from localhost or 127.0.0.1 and not bound to an EXTERNAL ip address like 0.0.0.0).
Stunnel Config File
To set this up, we use the stunnel.conf configuration file. This is what a simple stunnel config looks like:
output = /etc/stunnel/stunnel.log cert=/etc/stunnel/stunnel.fullchain.pem key=/etc/stunnel/stunnel.key.pem pid=/var/run/stunnel4/stunnel.pid client=yes [http] accept = 443 connect = 127.0.0.1:8443
Flags
 |
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|