[stunnel-users] Stunnel - how to make Google App Engine HTTP into HTTPS ?
Shamun Toha Md
shamun at companysocia.com
Thu Feb 6 10:39:58 CET 2014
SOLVED. Found the problem.
Step 1: make a web server
$ echo "complex world" | nc -l 80 # run a webserver
Step 2: make a https server connects to step 1
$ cat /etc/stunnel/stunnel.conf
pid = /stunnel.pid
cert=/etc/stunnel/a.crt
CAfile=/etc/stunnel/a.ca
key=/etc/stunnel/a.key
sslVersion = all
client=no
debug = 7
output = /var/log/stunnel.log
[https]
accept=443
connect=80
TIMEOUTclose = 0
$ pgrep -f stunnel | xargs kill -9; stunnel
Step 3: verify SSL is working of step 2
$ openssl s_client -ssl3 -connect server1.com:443
lot of data.. and SSL handshake has read 3029 bytes and written 354 bytes
means successfully installed
Step 4: final
$ curl -v "https://server1.com"
or
$ google-chrome "https://server1.com"
i get the output from webserver and the url stays in https://
*Summary: Google App Engine is pain (someone please fix it or report
Google, cause Google App engine is now became very popular but its pain
when you use it with stunnel + apache).* They have a redirect which cause
the SSL/HTTPS not working it was confusing if stunnel issue or apache
issue. In apache you can do the same by following this which proves that
Google App Engine is EVIL for https.
Apache2, in CentOS 6.4:
Step 2: same as above stunnel but if you want without stunnel and use
apache then you need as below:
$ cat /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
NameVirtualHost SERVER1:443
<VirtualHost SERVER1:443>
SSLEngine on
SSLProxyEngine On
ProxyPreserveHost On
#ProxyRequests Off
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/stunnel/a.crt
SSLCertificateKeyFile /etc/stunnel/a.key
SSLCertificateChainFile /etc/stunnel/a.ca
ServerName SERVER1
ProxyPass / http://SERVER1
ProxyPassReverse / http://SERVER1
#ProxyPassReverseCookiePath /MYSITE/ /
CacheDisable *
</VirtualHost>
$ service httpd restart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140206/de7d77b2/attachment.html>
More information about the stunnel-users
mailing list