-   Linux - Server (
-   -   haproxy+stunnel+apache not working as desired ( 08-31-2012 04:42 AM

haproxy+stunnel+apache not working as desired
hi linux experts,
Currently am having a problem on stunnel+haproxy+Apache

my current set-up is when a request is
coming to my webserver (which is on amazon ec2) the requests will be managed by stunnel for rendering or proceccing the
ssl certificates(for testing its self signed), am having 3 web servers on cloud, and one haproxy load balancer, and one stunnel
haproxy and stunnel are loaded on the same linux box, without stunnel haproxy is working fine,
in my linux box having only one network interface
******and pease take look at my requirement******

when a browser requests the stunnel should act by giving that sites certificate
when a browser requests the stuunel shoul give the certificate for that site
this whole things can be done with stunnel
because stunnel is accepting https requests from out side and tunnel or redirect requests to web servers port 80
pls look at my stunnel config file


; Sample stunnel configuration file by Michal Trojnara 2002-2009
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of the chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/certs/server.crt
key = /etc/certs/server.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /var/run/stunnel/
setuid = root
setgid = root
; PID is created inside the chroot jail
pid =/var/run/
; Some performance tunings

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=0

;compression = zlib

; Workaround for Eudora bug

; Authentication stuff
verify = 1
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /etc/certs/
;client = yes
;cert = /etc/stunnel/ssl.crt/test2.crt
;key = /etc/stunnel/ssl.key/test2.key

; It's often easier to use CAfile
; CAfile = /etc/stunnel/pem/test1.pem
;CAfile = /etc/pki/tls/certs/ca-bundle.crt
; Dont forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 5
output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

;accept  = 995
;connect = 110

;accept  = 993
;connect = 143

;accept  = 465
;connect = 25
accept  = 443
connect= 80
key = /etc/certs/test1.key
cert = /etc/certs/test1.crt
TIMEOUTclose = 0

key = /etc/certs/test2.key
cert = /etc/certs/test2.crt
TIMEOUTclose = 0

Thanks In advance pls reply me if any doubts on my configurat

All times are GMT -5. The time now is 06:26 AM.