mirror of
				https://github.com/house-of-vanity/house-of-vanity.github.io.git
				synced 2025-10-25 02:19:09 +00:00 
			
		
		
		
	
		
			
				
	
	
	
		
			1.2 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	
			1.2 KiB
		
	
	
	
	
	
	
	
+++ title = "Expose service via TLS stunnel" date = "2023-12-18" description = "How to expose any TCP application securely via TLS tunnel"
[taxonomies] tags = ["linux", "tools", "selfhosting"]
[extra] author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" } +++
First of all, I encountered an issue with the Outline VPN server, which exposes Prometheus metrics on 127.0.0.1 with no option to change it. As a solution, I used stunnel4. Essentially, it works as a TLS proxy, listening on a configured port and forwarding traffic to another.
[Server1 (stunnel server)] <==> [Server2 (stunnel client)]
Server side
Install stunnel and create configs:
ab@cy:/etc/stunnel$ cat outline_prom.conf
debug = 5
output = /var/log/stunnel.log
[outline_prom]
accept = 0.0.0.0:9095
connect = 127.0.0.1:9092
PSKsecrets = /etc/stunnel/psk.txt
psk.txt is a credentials file and looks like:
# I used `openssl rand -hex 32` to generate secret
ab@cy:/etc/stunnel$ cat psk.txt
user:secret_string
Client side
psk.txt the same and config looks like:
ab@home:/etc/stunnel$ cat /etc/stunnel/outline_prom.conf
[outline_prom_cy]
client = yes
accept = 0.0.0.0:9095
connect = cy.hexor.cy:9095
PSKsecrets = /etc/stunnel/psk.txt