[stunnel-users] Connecting a HTTP browser to a HTTPS server.
peter at easthope.ca
peter at easthope.ca
Fri Jan 12 22:42:11 CET 2018
Hello,
I'm interested to configure stunnel to allow my local non-TLS Web browser to
receive pages from a remote server providing only HTTPS.
This section of https://www.stunnel.org/static/stunnel.html appears relevant.
transparent = none | source | destination | both (Unix only)
enable transparent proxy support on selected platforms
...
destination
The original destination is used instead of the connect option.
A service section for transparent destination may look like this:
[transparent]
client = yes
accept = <stunnel_port>
transparent = destination
This configuration requires iptables setup to work, possibly in /etc/rc.local or equivalent file.
...
For a connect target installed on a remote host:
/sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \
-i eth0 -j DNAT --to-destination <local_ip>:<stunnel_port>
The transparent destination option is currently only supported on Linux.
====================================
Substitution of parameters for my context gives these configurations..
[transparent]
client = yes
accept = 127.0.0.1:954
transparent = destination
/sbin/iptables -I INPUT -i eth0 -p tcp --dport 954 -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \
-i eth0 -j DNAT --to-destination 127.0.0.1:954
The non-TLS browser would address http://www.stunnel.org:954/ and
receive the page from https://www.stunnel.org:443/. According to
Wikipedia, 954 is not assigned.
The browser would continue to receive the page http://www.website.org/
without involvement of stunnel or iptables.
Plausible?
Thanks, ... P.
--
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel: +1 360 639 0202 Pender Is.: +1 250 629 3757
http://easthope.ca/Peter.html Bcc: peter at easthope. ca
More information about the stunnel-users
mailing list