Hi All!  

About me:

I've never heard of stunnel before but it sounds great. I'm not a networking/internet expert.

Here is my situation:

Platform:   Microsoft Windows Server 2016.  Two Network Interface Cards.  Port 443 on both currently have HTTPS/TCP traffic on them, from two different Web Apps, each with their own domain. Everything is working properly, traffic is very low, only a few (about 20) hits per minute (each port) at max load.

Both Web Apps are built using Lazarus, Free Pascal, Brook Framework.

The Brook Framework has the built-in ability to handle SSL/TLS encryption.  Certs are supplied by Let's Encrypt, and new certs are obtained by a bot.

I now have a third and soon a forth Web App built using the same technology, but my only two 443 ports are occupied.

Here is my requirement:

I need something that will act as a "port splitter".  Maybe this is also known as a reverse proxy.  Example:

Incoming URLs on port 443:

https://mywebapp.companyname.com/bob/useraccount?act=login&exp=pg

https://mywebapp.companyname.com/betty/useraccount?act=login&exp=pg

The port splitter needs to recognize the part in teal green (maybe called an "entry point"?), and pass that unchanged traffic through to (and from) a port that the associated Web App is listening on.

WebApp "bob" is listening on local port 449  (not exposed to the internet, only conversing with stunnel)

WebApp "betty" is listening on local port 451  (not exposed to the internet, only conversing with stunnel)

Both Web Apps will send/receive their own HTTPS traffic, handle their own decryption/encryption, and send it back through their respective listening ports, through the port splitter, back the the requesting user.

No load balancing is required.  No decryption/encryption/certs is/are required.

This needs to happen downstream from our router, without making any changes to OS rules or router settings.

I'd like to just shut down the current Web App listening on port 443, reconfig it to a new local port

As I looked through the FAQ and manual, I could not determine if stunnel could do this.

So my questions are:

A)  Can stunnel do this?

B)  If so, is there a "How To" I missed in the manual I can read to do this?

C)  If ((A = Yes) and B = No)), can you tell me in a couple sentences where to look in the config file to do some reading and get this set up?

If we can get this working, there are other Lazarus/Brook developers who could benefit from using stunnel.

If stunnel is not the answer, is there another "port splitter" piece of software that you know of that can? (other than IIS with ARR and WAP, I don't want to use those, I'm slowly trying to de-Microsoft my infrastructure.)

Thanks in advance!