Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 08-31-2012, 03:42 AM   #1
Registered: Aug 2009
Location: India,Kerala,Cochin
Distribution: Fedora 11 ,Centos, ubuntu, Redhat
Posts: 42

Rep: Reputation: 1
Smile haproxy+stunnel+apache not working as desired

hi linux experts,
Currently am having a problem on stunnel+haproxy+Apache

my current set-up is when a request is
coming to my webserver (which is on amazon ec2) the requests will be managed by stunnel for rendering or proceccing the
ssl certificates(for testing its self signed), am having 3 web servers on cloud, and one haproxy load balancer, and one stunnel
haproxy and stunnel are loaded on the same linux box, without stunnel haproxy is working fine,
in my linux box having only one network interface
******and pease take look at my requirement******

when a browser requests the stunnel should act by giving that sites certificate
when a browser requests the stuunel shoul give the certificate for that site
this whole things can be done with stunnel
because stunnel is accepting https requests from out side and tunnel or redirect requests to web servers port 80
pls look at my stunnel config file

; Sample stunnel configuration file by Michal Trojnara 2002-2009 
; Some options used here may not be adequate for your particular configuration 
; Please make sure you understand them (especially the effect of the chroot jail) 

; Certificate/key is needed in server mode and optional in client mode 
cert = /etc/certs/server.crt 
key = /etc/certs/server.key 

; Protocol version (all, SSLv2, SSLv3, TLSv1) 
sslVersion = all 

; Some security enhancements for UNIX systems - comment them out on Win32 
;chroot = /var/run/stunnel/ 
setuid = root 
setgid = root 
; PID is created inside the chroot jail 
pid =/var/run/ 
; Some performance tunings 

socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=0 

;compression = zlib 

; Workaround for Eudora bug 

; Authentication stuff 
verify = 1 
; Don't forget to c_rehash CApath 
; CApath is located inside chroot jail 
;CApath = /etc/certs/ 
;client = yes 
;cert = /etc/stunnel/ssl.crt/test2.crt 
;key = /etc/stunnel/ssl.key/test2.key 

; It's often easier to use CAfile 
; CAfile = /etc/stunnel/pem/test1.pem 
;CAfile = /etc/pki/tls/certs/ca-bundle.crt 
; Dont forget to c_rehash CRLpath 
; CRLpath is located inside chroot jail 
;CRLpath = /crls 
; Alternatively you can use CRLfile 
;CRLfile = /etc/stunnel/crls.pem 

; Some debugging stuff useful for troubleshooting 
debug = 5 
output = stunnel.log 

; Use it for client mode 
;client = yes 

; Service-level configuration 

;accept  = 995 
;connect = 110 

;accept  = 993 
;connect = 143 

;accept  = 465 
;connect = 25 
accept  = 443 
connect= 80 
key = /etc/certs/test1.key 
cert = /etc/certs/test1.crt 
TIMEOUTclose = 0 

key = /etc/certs/test2.key 
cert = /etc/certs/test2.crt 
TIMEOUTclose = 0

Thanks In advance pls reply me if any doubts on my configurat


apache, certificate, haproxy, tunneling, webserver

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Stunnel+haproxy+apache not working as desired Linux - Security 1 09-01-2012 12:12 PM
[SOLVED] less than condition in if statement not working as desired samasat Linux - Newbie 11 06-09-2012 05:33 PM
haproxy question cbtshare Linux - Server 1 11-07-2010 02:44 PM
stunnel with haproxy 1.4.6 cbtshare Linux - Software 6 08-09-2010 01:35 PM
haproxy agarwalpranay Linux - Newbie 4 06-19-2010 01:31 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration