Re: For the experienced - stunnel and port 80

From: Jan Grant (Jan.Grant_at_bristol.ac.uk)
Date: 05/22/03

  • Next message: Jez Han***: "Re: root msgs on ttyv0.." 
    Date: Thu, 22 May 2003 15:44:19 +0100 (BST)
To: ODHIAMBO Washington <wash@wananchi.com>

    On Thu, 22 May 2003, ODHIAMBO Washington wrote:

    > For those who have lived in the world of paranoia long enough, please welcome
    > me to that side of life ;)
    >
    > I am running apache+modssl on port 443. I want stunnel to listen on port 80,
    > and then connect to port 443 instead, so that the users can just type
    > www.domain.tld and not https://www.domain.tld.
    >
    > I have put this in stunnel.conf
    >
    > [https]
    > accept = 80
    > connect = localhost:443
    >
    >
    > sockstat -l shows stunnel listening on port 80, but in the life of me, I
    > cannot just connect to that box if I do not use https://....
    >
    > Can someone bail me out here with advise??

    Your browser is trying to talk HTTP because it thinks it's connecting to
    an SSL-less socket.

    If you want this to behave properly you ought to configure your apache
    to redirect non-SSL (ie, port 80) requests to your SSL site.

    There are a number of ways you can do this (preserving any path passed
    as part of the request or redirecting to the root of
    https://www.blah.../) - the httpd documentation for mod_alias and the
    "Redirect" directive are what you're after. 

    -- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
(Things I've found in my attic, #2: A hundredweight of pornography.)
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Jez Han***: "Re: root msgs on ttyv0.."