Browsing articles tagged with "stunnel - Admins Goodies"
Aug 25, 2012
tom

nginx: 502 bad gateway while using node.js varnish and stunnel

ive been following this tutorial: http://www.exratione.com/2012/08/websockets-over-ssl-stunnel-varnish-nginx-nodejs/ everything seems to run ok, except for my nginx setup. my node.js application runs on port 1337, varnish runs on port 80, stunnel on 443 and nginx on 8080. I can reach my app correctly when i specify the port (https://example.com:1337) but all I get when visiting https://example.com is a “502 Bad Gateway”. This is the output of my nginx log: 2012/08/25 14:13:59 [error] 6049#0: *1 no live upstreams […]

Continue Reading »
Feb 3, 2012
tom

Does stunnel support multiple forwardings over the same connection?

A lot of the tutorials on stunnel show only single forwardings. It stunnel limited to only fowarding and listening to one port on both ends, or can it handle both local and remote forwarding in the way putty, my favorite does? Eg in putty or ssh you can do something like ssh -L xxxx:localhost:yyyyy -L aaa:localhost:bbbbb -R yyyyy:somehost:zzzz user@host.com. Does stunnel do the same over a single connection, or is it limited by SSL from […]

Continue Reading »
Jan 20, 2012
tom

Stunnel Error binding pop3s to 0.0.0.0:110

I’m setting up stunnel so a non SSL enabled app can access a Gmail / Google Apps account. Here’s the config I’m using: CLIENT=YES[pop3s] accept = 110 connect = pop.gmail.com:995[imaps] accept = 143 connect = imap.gmail.com:993[ssmtp] accept = 25 connect = smtp.gmail.com:465 I’ve generated the .pem file, ok. But it fails and logs the following error: Clients allowed=125 stunnel 4.50 on x86_64-apple-darwin11.2.0 platform Compiled/running with OpenSSL 0.9.8r 8 Feb 2011 Threading:PTHREAD SSL:ENGINE Auth:none Sockets:SELECT,IPv6 Reading […]

Continue Reading »
Aug 23, 2011
tom

Stunnel won’t work with SSLv3 from some hosts

I’m trying to set up Stunnel to server as SSL cache. Everything was smooth, and mostly it works as designed. Then I encountered errors in log files: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Not all clients trigger that, for some strange reason. Connecting from CentOS using links – error shows up (tried multiple machines). Connecting from Ubuntu using links – no error. Tried using wget, and all is smooth with TLSv1, but error shows up […]

Continue Reading »
Aug 17, 2011
tom

Stunnel too many clients

I’m trying to hook up stunnel and haproxy to forward https connections through to some backend servers. I’ve got haproxy setup right, and I seem to have stunnel set up right. Trouble is that when I hit the setup with a load test after a while I start to see these log entries (I’ve included the last few entries from proper connections before I started to get the connection rejected error): 2010.05.05 11:23:29 LOG7[3498:3086792368]: https […]

Continue Reading »
Aug 15, 2011
tom

haproxy + stunnel + keep-alive?

I’d like to put stunnel in front of haproxy 1.4 to handle HTTPS traffic. I also need stunnel to add the X-Forwarded-For header. This can be achieved by the “stunnel-4.xx-xforwarded-for.diff” patches from the haproxy website. However, the description mentions: Note that this patch does not work with keep-alive, … My question is: What will this mean in practice for me? I’m unsure, if this is about the keep-alive between client and stunnel stunnel and haproxy […]

Continue Reading »
Aug 14, 2011
tom

stunnel in client mode as proxy for sendmail

I’m configuring an internal mail network that is supposed to do all the transmission using ssl and I want to have all the encryption done by stunnel. So far I have pop3s, imaps and sendmail in server mode all using ssl encryption provided by stunnel. Is it possible to use stunnel to wrap outgoing connections with ssl ecnryption? I so – how do I do this, I’m having difficulties finding a decent tutorial… As I […]

Continue Reading »
Aug 14, 2011
tom

haproxy session stats change suddenly

We have a load balancer where if we refresh the stats page over and over, we will notice that the Current sessions value will stay stable for a time, say 45-50 sessions per server more or less, then suddenly we will refresh the page and one server will have 0 and the other server will have 2. Then, on the next reload of the stats page, we’re right back to 45-50. We will be refreshing […]

Continue Reading »
Aug 13, 2011
tom

How do I create certificates for both ends of an stunnel connection?

I am using stunnel to authenticate RDP (Remote Desktop) and I need to verify that a client possesses the proper credentials. So people cannot brute force into the machine. I am also using a bad (outdated) version of RDP that has security vulnerabilities, so stunnel is a must. I will preshare the necessary .pem‘s between machines. What are the openssl commands I need to create the right .pem files on both the client and on […]

Continue Reading »
Aug 13, 2011
tom

Securing stunnel.pem on Windows

How can I prevent reading of the stunnel.pem file by any user other than the service user running Stunnel? How can I permit access to this directory (C:Program Filesstunnel) in Windows XP to only the Stunnel service? The safest way to do this is to create a user account specifically for the stunnel service, and then apply the permissions appropriately Start > Run > lusrmgr.msc Right-click users and choose New user… Enter in the user […]

Continue Reading »
Pages:12»