From owner-freebsd-questions@FreeBSD.ORG Thu May 22 09:24:19 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E30637B401 for ; Thu, 22 May 2003 09:24:19 -0700 (PDT) Received: from out003.verizon.net (out003pub.verizon.net [206.46.170.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FD4043F3F for ; Thu, 22 May 2003 09:24:18 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com ([129.44.60.214]) by out003.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030522162417.JUDX4805.out003.verizon.net@mac.com>; Thu, 22 May 2003 11:24:17 -0500 Message-ID: <3ECCF9AF.9010607@mac.com> Date: Thu, 22 May 2003 12:24:15 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ODHIAMBO Washington References: <20030522134300.GH96496@ns2.wananchi.com> In-Reply-To: <20030522134300.GH96496@ns2.wananchi.com> X-Enigmail-Version: 0.75.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from [129.44.60.214] at Thu, 22 May 2003 11:24:17 -0500 cc: freebsd-questions@freebsd.org Subject: Re: For the experienced - stunnel and port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2003 16:24:19 -0000 ODHIAMBO Washington wrote: > I am running apache+modssl on port 443. I want stunnel to listen on port 80, > and then connect to port 443 instead, so that the users can just type > www.domain.tld and not https://www.domain.tld. [ ... ] > sockstat -l shows stunnel listening on port 80, but in the life of me, I > cannot just connect to that box if I do not use https://.... HTTP doesn't have the equivalent of STARTTLS for negotiating SSL over a plain HTTP connection; you have to specify https:// in the URL. Your attempted use of stunnel isn't going to do anything useful in terms of encrypting the connections between the client and web server. To solve the original problem, create seperate virtual domains for the site on port 80 and 443, and in the virutal section for the port-80 version do a: Redirect permanent / https://www.domain.tld -Chuck