For the experienced - stunnel and port 80
wash at wananchi.com
Thu May 22 08:15:05 PDT 2003
* Jan Grant <Jan.Grant at bristol.ac.uk> [20030522 17:46]: wrote:
> On Thu, 22 May 2003, ODHIAMBO Washington wrote:
> > For those who have lived in the world of paranoia long enough, please welcome
> > me to that side of life ;)
> > I am running apache+modssl on port 443. I want stunnel to listen on port 80,
> > and then connect to port 443 instead, so that the users can just type
> > www.domain.tld and not https://www.domain.tld.
> > I have put this in stunnel.conf
> > [https]
> > accept = 80
> > connect = localhost:443
> > sockstat -l shows stunnel listening on port 80, but in the life of me, I
> > cannot just connect to that box if I do not use https://....
> > Can someone bail me out here with advise??
> Your browser is trying to talk HTTP because it thinks it's connecting to
> an SSL-less socket.
> If you want this to behave properly you ought to configure your apache
> to redirect non-SSL (ie, port 80) requests to your SSL site.
> There are a number of ways you can do this (preserving any path passed
> as part of the request or redirecting to the root of
> https://www.blah.../) - the httpd documentation for mod_alias and the
> "Redirect" directive are what you're after.
I have achieved that already - with the redirect. Without stunnel and with
apache listening to ports 80 and 443, I get to connect to the SSL-socket
when I use HTTP and HTTPS.See below.
www# httpd -S
wildcard NameVirtualHosts and _default_ servers:
*:80 gw.kensi.org (/usr/local/etc/apache/httpd.conf:376)
*:443 is a NameVirtualHost
default server www.kensi.org (/usr/local/etc/apache/httpd.conf:450)
port 443 namevhost www.kensi.org (/usr/local/etc/apache/httpd.conf:450)
www# telnet 0 80
Connected to 0.
Escape character is '^]'.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
The document has moved <A HREF="https://www.kensi.org">here</A>.<P>
<ADDRESS>Apache/1.3.27 Server at gw.kensi.org Port 80</ADDRESS>
Connection closed by foreign host.
Now what I want is apache should _not_ listen on port 80, but leave this to
stunnel. That is where I get lost, because once I hash out the "Listen 80"
I try to connect and get the error that the "document contains no data"
And of course when I telnet 0 80 and do a GET /, I get nothing!!
Thanks in advance.
Odhiambo Washington <wash at wananchi.com> "The box said 'Requires
Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,'
Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD."
GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-)
The average woman would rather have beauty than brains, because the
average man can see better than he can think.
More information about the freebsd-questions