4

I am trying to setup stunnel to access a HTTPS web service from a HTTP-only client. Should be a piece of cake, right? I have the following stunnel.conf:

client=yes
verify=0
[test-https]
accept  = 1337
connect = www.google.com:443

But when I point my browser to http://localhost:1337 I get the 404 error page from Google:

404. That’s an error. The requested URL / was not found on this server

I tried many other sites and always get some kind of error. Wordpress sites, for example, would say:

Neither /etc/wordpress/config-localhost.php nor /etc/wordpress/config-localhost.php could be found. Ensure one of them exists, is readable by the webserver and contains the right password/username.

It seems I am doing something fundamentally wrong but every single example on the web show the exact same configuration I have. Can someone please give me any kind of help?

I am using stunnel 5.02-1 (x86_64) on Arch Linux. I put my stunnel log on pastebin.

kaqqao
  • 223

2 Answers2

4

Problem is with the localhost part. Most servers does not respond if you use localhost as its name.

How to resolve this: first, do a nslookup on the server you want to reach and choose one of the multiple IP, i.e. 12.34.56.78 (not a true Google IP, just made it up) Configure your stunnel.conf to point to that IP:

connect = 12.34.56.78:443

Set on your client's /etc/hosts (I'm assuming it is the same machine as the stunnel, if not, use the correspondig IP) this new line:

127.0.0.1 www.google.com

Use the URL http://www.google.com:1337

NOTE: if you still get errors, try to change the accept from 1337 to 443.

NuTTyX
  • 2,716
0

Two problems:

  1. Generate your own self-signed certificate with these commands, in the directory /etc/stunnel:

    openssl genrsa 1024 > stunnel.key openssl req -new -key stunnel.key -x509 -days 1000 -out stunnel.crt cat stunnel.crt stunnel.key > stunnel.pem

and make sure the two lines in the file /etc/stunnel/stunnel.conf

 ;cert = /etc/stunnel/mail.pem
 ;key = /etc/stunnel/mail.pem

are modified as follows:

 cert = /etc/stunnel/stunnel.pem
 key = /etc/stunnel/stunnel.pem
  1. The invocation in your browser, given your [test-https] label, must not be http://localhost:1337 but instead it must be test-https://localhost:1337
MariusMatutiae
  • 48,517
  • 12
  • 86
  • 136