Answer the question
In order to leave comments, you need to log in
How to set up an HTTP file server over SSL using Stunnel?
Hello!
I decided to set up an HTTP file server over SSL using Stunnel.
In the configuration file, I uncommented the lines
TLS front-end to a web server
[https]
accept = 443
connect = 80
cert =
stunnel.pem routers with DD-WRT firmware - everything works out. But it's worth trying to go to the external ip httpS://4.ХХХ.Х.ХХХ assigned by my provider, I get into the DD-WRT interface of my router. Can someone suggest what I'm doing wrong?
Software versions: server, stunnel and DD-WRT firmware are the latest.
There is one guess. Maybe you need to forward the stunnel port?
Damn, on stunnel, the port number changes every time it starts, but I couldn’t fix it - I didn’t find anything similar in the documentation for the stunnel settings ... I figured
out what the problem is. I configured according to the instructions https://forum.antichat.ru/threads/56265/ but uncommented "TLS front-end to a web server". Have n't commented yet:
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
I didn't understand this a bit: "It remains to configure STunnel as a service and start (commands in the explorer start menu "Install STunnel as service" and "Start STunnel service".
Now HTTP File Server is available via the HTTPS protocol, that is, https://your_ip_or_host:port
For greater security, you can disable HTTP altogether, and leave only HTTPS. This is done very simply. In HFS go to "Menu -> Limits -> Bans". Click Add row and in the IP address mask line write
\127.0.0.1 and check the Disconnect with no replay checkbox. Now it will be possible to connect to your server ONLY via HTTPS. But you can no longer be afraid of cracking passwords."
I could not find the stunnel service in windows services and having configured access only via https, for some reason I cannot log in via https, but I can log in via http...
Problem solved. Gave advice on the HTTP File Server forum. We do in the settings menu -> Accept connexion on -> 127.0.0.1 and if you have a local network where there is more than one PC, we try to access the server from another computer.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question