Hexor/house-of-vanity.github.io
1
0
Fork 0
mirror of https://github.com/house-of-vanity/house-of-vanity.github.io.git synced 2025-07-07 00:34:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

stunnel guide

Browse Source
This commit is contained in:
Alexandr Bogomyakov
2023-12-18 15:37:45 +02:00
committed by GitHub
parent 34b8ac8bfc
commit bfbc02ea0c
1 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
content/posts/stunnel_tls.md Normal file
View File

@ -0,0 +1,46 @@
+++
title = "Expose service via TLS stunnel"
date = "2023-12-18"
description = "How to expose any TCP application securely via TLS tunnel"
[taxonomies]
tags = ["linux", "tools", "selfhosting"]
[extra]
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
+++
First of all I faced an issue with outline vpn server which expose prom metrics on `127.0.0.1` with no way to change it. So stunnel4 is a solution. Basically it wirks as TLS proxy listen on configured port and proxy traffic to another.
[Server1(stunnel server)] <==> [Server2(stunnel client)]
## Server side
Install stunnel and create configs:
```shell
ab@cy:/etc/stunnel$ cat outline_prom.conf
debug = 5
output = /var/log/stunnel.log
[outline_prom]
accept = 0.0.0.0:9095
connect = 127.0.0.1:9092
PSKsecrets = /etc/stunnel/psk.txt
```
`psk.txt` is a credentials file and looks like:
```shell
# I used `openssl rand -hex 32` to generate secret
ab@cy:/etc/stunnel$ cat psk.txt
user:secret_string
```
## Client side
`psk.txt` the same and config looks like:
```shell
ab@home:/etc/stunnel$ cat /etc/stunnel/outline_prom.conf
[outline_prom_cy]
client = yes
accept = 0.0.0.0:9095
connect = cy.hexor.cy:9095
PSKsecrets = /etc/stunnel/psk.txt
```
---