Discussion:
[stunnel-users] Failed to redirect http to https
(too old to reply)
Doris Hongmei
2016-06-27 04:02:24 UTC
Permalink
Hi Support,
I setup stunnel to a web server with apache
Configuration like below,
--- /usr/local/etc/stunnel/stunnel.conf ----------
; It is recommended to drop root privileges if stunnel is started by root
setuid = nobody
setgid = nobody

; TLS front-end to a web server
[https]
accept = 443
connect = 127.0.0.1:80
cert = /usr/local/etc/stunnel/stunnel.pem

--- end of /usr/local/etc/stunnel/stunnel.conf ----------

After stunnel started, https://xxx/ is working, http://xxx/ is also still working , which doesn't redirect to https://xxx automatically.
As my understanding, all the connections from http should redirect to https through stunnel, right?

What steps did I miss? I need your help.

Thanks.


[Ericsson]<http://www.ericsson.com/>
DORIS HONGMEI
Software Configuration Mgmt Engineer
BUSS SA OSS&BSS BL CPM DU SEP GZ RelGrp

Ericsson
5&6F, No 44-46 Jianzhong Road
510630,Guangzhou,Tian He Software Park, China
Mobile +8613922114721
Office +862085117729
***@ericsson.com
www.ericsson.com


[http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign>

Legal entity: Ericsson, registered office in CGC . This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
Ludolf Holzheid
2016-06-27 06:36:41 UTC
Permalink
Post by Doris Hongmei
Hi Support,
I setup stunnel to a web server with apache
Configuration like below,
--- /usr/local/etc/stunnel/stunnel.conf ----------
; It is recommended to drop root privileges if stunnel is started by root
setuid = nobody
setgid = nobody
; TLS front-end to a web server
[https]
accept = 443
connect = 127.0.0.1:80
cert = /usr/local/etc/stunnel/stunnel.pem
--- end of /usr/local/etc/stunnel/stunnel.conf ----------
After stunnel started, https://xxx/ is working, http://xxx/ is also still working , which doesn't redirect to https://xxx automatically.
As my understanding, all the connections from http should redirect to https through stunnel, right?
What steps did I miss? I need your help.
Doris,

Stunnel does not change the setup of your web server. If you don't
want http://xxx to work, you'll have to change the web server's
configuration. It should make it either stop listening on external
interfaces (by binding it to 127.0.0.1), or let /the web server/
redirect all inbound traffic (traffic not originated by 127.0.0.1) to
HTTPS.

HTH,

Ludolf
--
Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:***@bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796
Doris Hongmei
2016-06-27 07:50:23 UTC
Permalink
I got it,
Thanks.

BR//
Doris

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-***@stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Monday, June 27, 2016 2:37 PM
To: stunnel-***@stunnel.org
Subject: Re: [stunnel-users] Failed to redirect http to https
Post by Doris Hongmei
Hi Support,
I setup stunnel to a web server with apache Configuration like below,
--- /usr/local/etc/stunnel/stunnel.conf ---------- ; It is recommended
to drop root privileges if stunnel is started by root setuid = nobody
setgid = nobody
; TLS front-end to a web server
[https]
accept = 443
connect = 127.0.0.1:80
cert = /usr/local/etc/stunnel/stunnel.pem
--- end of /usr/local/etc/stunnel/stunnel.conf ----------
After stunnel started, https://xxx/ is working, http://xxx/ is also still working , which doesn't redirect to https://xxx automatically.
As my understanding, all the connections from http should redirect to https through stunnel, right?
What steps did I miss? I need your help.
Doris,

Stunnel does not change the setup of your web server. If you don't want http://xxx to work, you'll have to change the web server's configuration. It should make it either stop listening on external interfaces (by binding it to 127.0.0.1), or let /the web server/ redirect all inbound traffic (traffic not originated by 127.0.0.1) to HTTPS.

HTH,

Ludolf

--

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:***@bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-***@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Loading...