<div><div class="gmail_quote">On Fri, Feb 10, 2012 at 10:09 PM, Thomas Manson <span dir="ltr"><<a href="mailto:dev.mansonthomas@gmail.com">dev.mansonthomas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<div><br></div><div> I want to setup the following architecture : </div><div><br></div><div>stunnel ---> haproxy --> 2 webserver.</div><div><br></div><div>I run severa virtual host on the 2 webservers, and a subset of them needs https.</div>
<div><br></div><div>I can allocate several IP address for the host that run stunnel.</div><div><br></div><div>How do I configure a single stunnel process to have a certificate per IP for the port https?</div><div><br></div>
<div>I tryed to add several section like the following : </div><div><br></div><div><div>[<a href="http://mansonthomas.com" target="_blank">mansonthomas.com</a>]</div><div>cert = /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt" target="_blank">mansonthomas.com/mansonthomas.com.crt</a></div>
<div>accept = <a href="http://88.190.17.222:443" target="_blank">88.190.17.222:443</a></div><div>connect = <a href="http://127.0.0.1:82" target="_blank">127.0.0.1:82</a></div><div><br></div><div>xforwardedfor = yes</div>
<div>TIMEOUTclose = 0</div>
</div><div><br></div><div><br></div><div>So the question is : Is it possible ? </div><div>do you have a sample configuration file to share for this use case?</div></blockquote><div><br></div>Hi,<div><br></div><div>I don't know if 'accept' supports IP but you can use several ports on the same IP and redirect these ports with iptables to the dedicated IP</div>
<div><br clear="all">----<br>Kevin Decherf - M: +33 681194547 - T: @Kdecherf</div></div><br></div>