Date: Thu, 22 May 2003 18:14:38 +0300 From: ODHIAMBO Washington <wash@wananchi.com> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: For the experienced - stunnel and port 80 Message-ID: <20030522151438.GM96496@ns2.wananchi.com> In-Reply-To: <Pine.GSO.4.44.0305221540580.9794-100000@mail.ilrt.bris.ac.uk> References: <20030522134300.GH96496@ns2.wananchi.com> <Pine.GSO.4.44.0305221540580.9794-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
* Jan Grant <Jan.Grant@bristol.ac.uk> [20030522 17:46]: wrote: > On Thu, 22 May 2003, ODHIAMBO Washington wrote: > > > For those who have lived in the world of paranoia long enough, please welcome > > me to that side of life ;) > > > > I am running apache+modssl on port 443. I want stunnel to listen on port 80, > > and then connect to port 443 instead, so that the users can just type > > www.domain.tld and not https://www.domain.tld. > > > > I have put this in stunnel.conf > > > > [https] > > accept = 80 > > connect = localhost:443 > > > > > > sockstat -l shows stunnel listening on port 80, but in the life of me, I > > cannot just connect to that box if I do not use https://.... > > > > Can someone bail me out here with advise?? > > Your browser is trying to talk HTTP because it thinks it's connecting to > an SSL-less socket. > > If you want this to behave properly you ought to configure your apache > to redirect non-SSL (ie, port 80) requests to your SSL site. > > There are a number of ways you can do this (preserving any path passed > as part of the request or redirecting to the root of > https://www.blah.../) - the httpd documentation for mod_alias and the > "Redirect" directive are what you're after. I have achieved that already - with the redirect. Without stunnel and with apache listening to ports 80 and 443, I get to connect to the SSL-socket when I use HTTP and HTTPS.See below. www# httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 gw.kensi.org (/usr/local/etc/apache/httpd.conf:376) *:443 is a NameVirtualHost default server www.kensi.org (/usr/local/etc/apache/httpd.conf:450) port 443 namevhost www.kensi.org (/usr/local/etc/apache/httpd.conf:450) www# telnet 0 80 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. GET / <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="https://www.kensi.org">here</A>.<P>; <HR> <ADDRESS>Apache/1.3.27 Server at gw.kensi.org Port 80</ADDRESS> </BODY></HTML> Connection closed by foreign host. Now what I want is apache should _not_ listen on port 80, but leave this to stunnel. That is where I get lost, because once I hash out the "Listen 80" I try to connect and get the error that the "document contains no data" And of course when I telnet 0 80 and do a GET /, I get nothing!! Thanks in advance. -Wash -- Odhiambo Washington <wash@wananchi.com> "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) The average woman would rather have beauty than brains, because the average man can see better than he can think.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030522151438.GM96496>