[stunnel-users] Stunnel - how to make Google App Engine HTTP into HTTPS ?

Shamun Toha Md shamun at companysocia.com
Thu Feb 6 10:39:58 CET 2014 

SOLVED. Found the problem.

Step 1: make a web server

$ echo "complex world" | nc -l 80 # run a webserver

Step 2: make a https server connects to step 1

$ cat /etc/stunnel/stunnel.conf
pid = /stunnel.pid
cert=/etc/stunnel/a.crt
CAfile=/etc/stunnel/a.ca
key=/etc/stunnel/a.key
sslVersion = all
client=no
debug = 7
output = /var/log/stunnel.log
[https]
accept=443
connect=80
TIMEOUTclose = 0
$ pgrep -f stunnel | xargs kill -9; stunnel


Step 3: verify SSL is working of step 2

$ openssl s_client -ssl3 -connect server1.com:443
lot of data.. and SSL handshake has read 3029 bytes and written 354 bytes
means successfully installed

Step 4: final

$ curl -v "https://server1.com"
or
$ google-chrome "https://server1.com"

i get the output from webserver and the url stays in https://


*Summary: Google App Engine is pain (someone please fix it or report
Google, cause Google App engine is now became very popular but its pain
when you use it with stunnel + apache).* They have a redirect which cause
the SSL/HTTPS not working  it was confusing if stunnel issue or apache
issue. In apache you can do the same by following this which proves that
Google App Engine is EVIL for https.


Apache2, in CentOS 6.4:

Step 2: same as above stunnel but if you want without stunnel and use
apache then you need as below:

$ cat /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443

SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec


NameVirtualHost SERVER1:443
<VirtualHost SERVER1:443>
  SSLEngine on
        SSLProxyEngine On
        ProxyPreserveHost On
        #ProxyRequests Off
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

  SSLCertificateFile /etc/stunnel/a.crt
  SSLCertificateKeyFile /etc/stunnel/a.key
  SSLCertificateChainFile /etc/stunnel/a.ca

        ServerName SERVER1
        ProxyPass / http://SERVER1
        ProxyPassReverse / http://SERVER1
        #ProxyPassReverseCookiePath /MYSITE/ /
        CacheDisable *
</VirtualHost>
$ service httpd restart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140206/de7d77b2/attachment.html>

More information about the stunnel-users mailing list