From owner-freebsd-questions@FreeBSD.ORG  Thu May 22 07:45:34 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7BBB937B401
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 07:45:34 -0700 (PDT)
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D8C843F3F
	for <freebsd-questions@freebsd.org>;
	Thu, 22 May 2003 07:45:33 -0700 (PDT)
	(envelope-from Jan.Grant@bristol.ac.uk)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Thu, 22 May 2003 15:45:29 +0100
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 19IrIp-0002CD-00;
          Thu, 22 May 2003 15:44:19 +0100
Date: Thu, 22 May 2003 15:44:19 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender: cmjg@mail.ilrt.bris.ac.uk
To: ODHIAMBO Washington <wash@wananchi.com>
In-Reply-To: <20030522134300.GH96496@ns2.wananchi.com>
Message-ID: <Pine.GSO.4.44.0305221540580.9794-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Jan Grant <Jan.Grant@bristol.ac.uk>
cc: freebsd-questions@freebsd.org
Subject: Re: For the experienced - stunnel and port 80
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2003 14:45:34 -0000

On Thu, 22 May 2003, ODHIAMBO Washington wrote:

> For those who have lived in the world of paranoia long enough, please welcome
> me to that side of life ;)
>
> I am running apache+modssl on port 443. I want stunnel to listen on port 80,
> and then connect to port 443 instead, so that the users can just type
> www.domain.tld and not https://www.domain.tld.
>
> I have put this in stunnel.conf
>
> [https]
> accept  = 80
> connect = localhost:443
>
>
> sockstat -l shows stunnel listening on port 80, but in the life of me, I
> cannot just connect to that box if I do not use https://....
>
> Can someone bail me out here with advise??

Your browser is trying to talk HTTP because it thinks it's connecting to
an SSL-less socket.

If you want this to behave properly you ought to configure your apache
to redirect non-SSL (ie, port 80) requests to your SSL site.

There are a number of ways you can do this (preserving any path passed
as part of the request or redirecting to the root of
https://www.blah.../) - the httpd documentation for mod_alias and the
"Redirect" directive are what you're after.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
(Things I've found in my attic, #2: A hundredweight of pornography.)