Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 10 of 10 total
Thread Cloud server and stunnel
Tue, Aug 1 2017 6:52 PMPermanent Link

KimHJ

Comca Systems, Inc

I see that stunnel is used to make your server secure connection between the web application and the server.

I have successfully installed stunnel on our local server with a purchased certificate and it works great.

Have any one been successfully installing it on a server in the cloud?

I tried today.
I have a Windows Server 2012 R2 at 1and1, i bought the certificate from 1and1 it was issued by Symantec.
I installed the certificate on the server and after that  I exported the .pfx file.

Installed Stunnel, in the configuration file I have:
[https]
accept =8888
connect=8089
cert=app.myappserver.com.pfx

I get no error when I load the config file, but I'm not able to access the server with: https://app.myappserver.com:8888/Mycloudapp/myindex.html

The domain is a subdomain of www.myappserver.com but the certificate was issued to the subdomain.

The only thing I noticed that is different is the network type. The Web Server in our office is on a private network the server at 1and1 is a public network.

Thanks
Kim
Wed, Aug 2 2017 4:31 AMPermanent Link

Matthew Jones

KimHJ wrote:

> I'm not able to access the server

What exactly is happening? Timeout, or error? First thing I'd look for is firewall - have you opened port 8888 to the world?

Also, be slightly aware of what you are doing, and ensure the server is patched fully, and automatically. I have a client who uses 1and1 and their server got infected with ransomware. They were told it was up to them to protect it. Given it is most likely on the local network, that might be tough. Azure, as an example of an alternative, completely isolates networks between their computers, and there is an external firewall in addition to the OS firewall, so very hard to break in. Just FYI.

Anyway, I don't know stunnel, but there is now an open source reverse proxy that can handle many domains, paths, and http rewriting. It is not simple, but it works well. I have it now running on a number of live sites. It is part of the ICS component set, and was sponsored by a client of mine for a project. I can't find a download of the open source version right now, but if anyone is interested, let me know. I have it set to allow redirection to https, except for Let's Encrypt certificates, which I have all automated. I wish the system of components was simpler, but it works. It allows me to use all sorts of server names with the same single https IP address, which has helped with dev testing a lot..

--

Matthew Jones
Wed, Aug 2 2017 5:42 PMPermanent Link

KimHJ

Comca Systems, Inc

"Matthew Jones" wrote:

>>What exactly is happening? Timeout, or error? First thing I'd look for is firewall - have you opened port 8888 to >>the world?

Stunnel is open to the world on all ports and TCP and UDP it should get any incoming and redirect but it doesn't.

Kim
Wed, Aug 2 2017 6:29 PMPermanent Link

Uli Becker

> Stunnel is open to the world on all ports and TCP and UDP it should get any incoming and redirect but it doesn't.

You didn't mention what kind of server you use, but did you double check
that the server is listening on port 8089?

Uli
Thu, Aug 3 2017 4:45 AMPermanent Link

Matthew Jones

KimHJ wrote:

> but it doesn't.

Sorry, but we can't help if you don't actually give the full details. Open Chrome, and hit F12. Go to the network tab. Go to the URL, and what is actually reported. Does it connect and get an error, or does it time out?

Now do the same on the server itself. What errror are you getting? Now try it on the 8089 port.

What are the firewall settings that you have for ports 8888 and 8089?

Is there an external firewall that you have to open too?

--

Matthew Jones
Thu, Aug 3 2017 10:45 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Kim,

I don't think Stunnel supports PFX files directly.  Instead, you need to convert them to PEM files.

See here under "Converting Using OpenSSL":

https://www.sslshopper.com/article-most-common-openssl-commands.html

The good thing is that 2.07 will be here soon and then all of this will be a thing of the past.  2.07 will be using WinCrypt on Windows, so you will be able to simply install the PFX into a local certificate store and then select it using the server UI as the certificate for your domain.

Tim Young
Elevate Software
www.elevatesoft.com
Thu, Aug 3 2017 3:13 PMPermanent Link

KimHJ

Comca Systems, Inc

Uli Becker wrote:

>>You didn't mention what kind of server you use, but did you double check
>>that the server is listening on port 8089?

Right now I access the server using http on port 8089 and it's working fine, but I want to change to https.

Kim
Thu, Aug 3 2017 3:23 PMPermanent Link

KimHJ

Comca Systems, Inc

Tim Young [Elevate Software] wrote:

Kim,

>>I don't think Stunnel supports PFX files directly.  Instead, you need to convert them to PEM files.

I have Windows server 2012 R2 here in my office I installed stunnel and I point to my .pfx file and I can access my EWB using port 8888 and have it redirect to 8089 using https.

I have no ports open in the firewall only in my router.

Kim
Thu, Aug 3 2017 3:28 PMPermanent Link

KimHJ

Comca Systems, Inc

Found the problem after talking to tech service at 1and1.

Even everything is set correctly on the virtual server the ports that stunnel need to listen to have to be open in the virtual servers dashboard or Cloudpanel as 1and1 calls it.

Thanks all for everything, I spend around 10 hours on this one, with that speed I will be 130 when finish Smile

Kim
Thu, Aug 3 2017 3:54 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Kim,

<< Found the problem after talking to tech service at 1and1.

Even everything is set correctly on the virtual server the ports that stunnel need to listen to have to be open in the virtual servers dashboard or Cloudpanel as 1and1 calls it.

Thanks all for everything, I spend around 10 hours on this one, with that speed I will be 130 when finish Smile>>

Nah, you'll pick up momentum, so you could probably wrap it up by 80 or so... Smile

Tim Young
Elevate Software
www.elevatesoft.com
Image