LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   haproxy+stunnel+apache not working as desired (http://www.linuxquestions.org/questions/linux-server-73/haproxy-stunnel-apache-not-working-as-desired-4175424919/)

hamzar.pm 08-31-2012 04:42 AM

haproxy+stunnel+apache not working as desired
 
hi linux experts,
Currently am having a problem on stunnel+haproxy+Apache

my current set-up is when a request is
coming to my webserver (which is on amazon ec2) the requests will be managed by stunnel for rendering or proceccing the
ssl certificates(for testing its self signed), am having 3 web servers on cloud, and one haproxy load balancer, and one stunnel
haproxy and stunnel are loaded on the same linux box, without stunnel haproxy is working fine,
in my linux box having only one network interface
******and pease take look at my requirement******

when a browser requests foo.example.com the stunnel should act by giving that sites certificate
when a browser requests foo1.example.com the stuunel shoul give the certificate for that site
this whole things can be done with stunnel
because stunnel is accepting https requests from out side and tunnel or redirect requests to web servers port 80
pls look at my stunnel config file


Code:

; Sample stunnel configuration file by Michal Trojnara 2002-2009
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of the chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/certs/server.crt
key = /etc/certs/server.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /var/run/stunnel/
setuid = root
setgid = root
; PID is created inside the chroot jail
pid =/var/run/stunnel.pid
ciphers = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL
; Some performance tunings

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=0
           


;compression = zlib

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 1
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /etc/certs/
;client = yes
;cert = /etc/stunnel/ssl.crt/test2.crt
;key = /etc/stunnel/ssl.key/test2.key

; It's often easier to use CAfile
; CAfile = /etc/stunnel/pem/test1.pem
;CAfile = /etc/pki/tls/certs/ca-bundle.crt
; Dont forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 5
output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25
       
accept  = 443
connect= 80
[https-test1]
key = /etc/certs/test1.key
cert = /etc/certs/test1.crt
TIMEOUTclose = 0

[https-test2]
key = /etc/certs/test2.key
cert = /etc/certs/test2.crt
TIMEOUTclose = 0



Thanks In advance pls reply me if any doubts on my configurat


All times are GMT -5. The time now is 12:21 AM.