Will Stunnel work with multiple domains?
For example if abc.com and xyz.com both resolve to the same ip address where the web server is running locally on port 4080.
Going when to https://abc.com or https://xyz.com stunnel will encrypt the traffic and forward to the local 4080 port in the clear.
What if 10 or 20 domains needed to be served by the same web server?
On Fri, Dec 16, 2011 at 6:41 AM, Brian McGinity brian@databaseknowledge.com wrote:
Will Stunnel work with multiple domains?
For example if abc.com and xyz.com both resolve to the same ip address where the web server is running locally on port 4080.
Hi Brian
Since stunnel is configured to listen on an IP address, you could in theory have a hundred different domains pointing to the same IP and stunnel should serve them all. You might however run into problems with certificate validation but as long as your cert is either a wildcard or lists all the alternate domain names then should be fine.
Dave
Is there a way to do it without the user getting a certificate error?
So abc.com would have its own unique cert and xyz.com would a different cert.
-----Original Message----- From: David van Zijl [mailto:davidvz@gmail.com] Sent: Thursday, December 15, 2011 2:12 PM To: Brian McGinity Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Multiple Domains for https
On Fri, Dec 16, 2011 at 6:41 AM, Brian McGinity brian@databaseknowledge.com wrote:
Will Stunnel work with multiple domains?
For example if abc.com and xyz.com both resolve to the same ip address where the web server is running locally on port 4080.
Hi Brian
Since stunnel is configured to listen on an IP address, you could in theory have a hundred different domains pointing to the same IP and stunnel should serve them all. You might however run into problems with certificate validation but as long as your cert is either a wildcard or lists all the alternate domain names then should be fine.
Dave
On Fri, Dec 16, 2011 at 9:16 AM, Brian McGinity brian@databaseknowledge.com wrote:
Is there a way to do it without the user getting a certificate error?
So abc.com would have its own unique cert and xyz.com would a different cert.
Well there is a TLS extension called Server Name Indication which allows different certificates to be sent depending on the domain name. Stunnel appears to support it though I've never used it (option "sni")
Keep in mind though that many browsers and libraries, particularly older ones, don't support it and will just get the default cert.
-
Brian McGinity -
David van Zijl