Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 10 of 23 total |
Stunnel Configuration Correct For EWB Web Server? |
Thu, Oct 15 2015 4:31 AM | Permanent Link |
Frederick Chin | I have installed Stunnel and in the configuration file, I have the section for https set as follows:-
; TLS front-end to a web server [https] accept = 8899 connect = 80 cert = stunnel.pem My web server is listening at port 8899. Is this the correct configuration for a secure connection with the EWB web server from any device? Frederick |
Thu, Oct 15 2015 5:22 AM | Permanent Link |
Matthew Jones | Frederick Chin wrote:
> connect = 80 SSL uses port 443. Port 80 will assume insecure. -- Matthew Jones |
Thu, Oct 15 2015 8:57 AM | Permanent Link |
Raul Team Elevate | On 10/15/2015 4:31 AM, Frederick Chin wrote:
> I have installed Stunnel and in the configuration file, I have the section for https set as follows:- > > ; TLS front-end to a web server > [https] > accept = 8899 > connect = 80 > cert = stunnel.pem > > My web server is listening at port 8899. > Is this the correct configuration for a secure connection with the EWB web server from any device? Possibly but without knowing few more things here's what i would suggest. Configure for EWB Web Server to ONLY listen on IP 127.0.0.1 and whatever port you want (80 is fine in this case) - on Connections tab enter the IP (don't leave it blank). Simplest way to configure stunnel is to use 443 but 8899 is OK as well (however then users need to type in https://<yourip>:8899/ ) Once done using your config : accept = 8899 connect = 80 should work just fine and EWB web server would be only accessible by localhost (which means not internet accessible) I personally never remember that the defaults are so i prefer to specify the host part also : accept = 0.0.0.0:8899 connect = 127.0.0.1:80 Raul |
Thu, Oct 15 2015 8:57 AM | Permanent Link |
Raul Team Elevate | On 10/15/2015 5:22 AM, Matthew Jones wrote:
>> connect = 80 > > SSL uses port 443. Port 80 will assume insecure. > This is for EWB web server which does not support SSL so 80 is fine Raul |
Thu, Oct 15 2015 9:00 AM | Permanent Link |
Raul Team Elevate | On 10/15/2015 4:31 AM, Frederick Chin wrote:
> My web server is listening at port 8899. That's what you told stunnel to listen on - run your EWB web server on some other port. See my other post for details. Raul |
Thu, Oct 15 2015 9:32 AM | Permanent Link |
Matthew Jones | Raul wrote:
> This is for EWB web server which does not support SSL so 80 is fine Then the config is the wrong way around surely? Maybe I just don't understand, but if the web server is on 8899, then the SSL must be the other one. As your other message implies, it isn't right somehow. (I do like that RO SDK just has SSL built in!) -- Matthew Jones |
Thu, Oct 15 2015 11:13 AM | Permanent Link |
Frederick Chin | Raul,
/* Possibly but without knowing few more things here's what i would suggest. Configure for EWB Web Server to ONLY listen on IP 127.0.0.1 and whatever port you want (80 is fine in this case) - on Connections tab enter the IP (don't leave it blank). Simplest way to configure stunnel is to use 443 but 8899 is OK as well (however then users need to type in https://<yourip>:8899/ ) Once done using your config : accept = 8899 connect = 80 should work just fine and EWB web server would be only accessible by localhost (which means not internet accessible) I personally never remember that the defaults are so i prefer to specify the host part also : accept = 0.0.0.0:8899 connect = 127.0.0.1:80 */ I do want users to connect to the EWB web server from the Internet. Should I leave Stunnel's default settings as accept = 443 connect = 80 and set EWB web server to listen from port 443 and the URL to access the web server will be https://<myip>/<default html file> ? Frederick |
Thu, Oct 15 2015 11:24 AM | Permanent Link |
Raul Team Elevate | On 10/15/2015 11:13 AM, Frederick Chin wrote:
> I do want users to connect to the EWB web server from the Internet. Directly ? If so then why bother with the stunnel at all ? > Should I leave Stunnel's default settings as > accept = 443 > connect = 80 Yes > and set EWB web server to listen from port 443 and the URL to access the web server will be NO - EWB web server should be on IP 127.0.0.1 and port 80 STunnel will listen on port 443 (that's what the accept=443 parameter specifies). Stunnel is a HTTP proxy at the end of the day so users will communicate to it and only it communicates with the EWB Web server > https://<myip>/<default html file> ? Yes Raul |
Thu, Oct 15 2015 11:29 AM | Permanent Link |
Raul Team Elevate | On 10/15/2015 9:32 AM, Matthew Jones wrote:
> Then the config is the wrong way around surely? Maybe I just don't > understand, but if the web server is on 8899, then the SSL must be the > other one. As your other message implies, it isn't right somehow. yes - config is wrong. Stunnel listens for requests on hostrt specified by "accept" and forwards them to hostrt specified by "connect" So normal way of securing a web server that is on same host as stunnel is simply : accept=0.0.0.0:443 connect=127.0.0.1:80 and limit web server to only listen on 127.0.0.1 port 80. Raul |
Thu, Oct 15 2015 11:51 AM | Permanent Link |
Frederick Chin | Raul,
/* Directly ? If so then why bother with the stunnel at all ? */ With EWB Web Server <-> Stunnel <-> Internet <-> Users, wouldn't Stunnel provide a secure connection for data passing between the web server and users? Frederick |
Page 1 of 3 | Next Page » | |
Jump to Page: 1 2 3 |
This web page was last updated on Saturday, January 18, 2025 at 08:56 AM | Privacy PolicySite Map © 2025 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |