mirror of
				https://github.com/house-of-vanity/house-of-vanity.github.io.git
				synced 2025-10-25 18:29:08 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			48 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			48 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| +++
 | |
| title = "Expose service via TLS stunnel"
 | |
| date = "2023-12-18"
 | |
| description = "How to expose any TCP application securely via TLS tunnel"
 | |
| 
 | |
| [taxonomies]
 | |
| tags = ["linux", "tools", "selfhosting"]
 | |
| 
 | |
| [extra]
 | |
| author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
 | |
| +++
 | |
| 
 | |
| First of all, I encountered an issue with the Outline VPN server, which exposes Prometheus metrics on 127.0.0.1 with no option to change it. As a solution, I used stunnel4. Essentially, it works as a TLS proxy, listening on a configured port and forwarding traffic to another.
 | |
| 
 | |
| [Server1 (stunnel server)] <==> [Server2 (stunnel client)]
 | |
| 
 | |
| ## Server side
 | |
| Install stunnel and create configs:
 | |
| ```shell
 | |
| ab@cy:/etc/stunnel$ cat outline_prom.conf
 | |
| debug = 5
 | |
| output = /var/log/stunnel.log
 | |
| 
 | |
| [outline_prom]
 | |
| accept = 0.0.0.0:9095
 | |
| connect = 127.0.0.1:9092
 | |
| PSKsecrets = /etc/stunnel/psk.txt
 | |
| ```
 | |
| 
 | |
| `psk.txt` is a credentials file and looks like:
 | |
| ```shell
 | |
| # I used `openssl rand -hex 32` to generate secret
 | |
| ab@cy:/etc/stunnel$ cat psk.txt
 | |
| user:secret_string
 | |
| ```
 | |
| 
 | |
| ## Client side
 | |
| `psk.txt` the same and config looks like:
 | |
| ```shell
 | |
| ab@home:/etc/stunnel$ cat /etc/stunnel/outline_prom.conf
 | |
| [outline_prom_cy]
 | |
| client = yes
 | |
| accept = 0.0.0.0:9095
 | |
| connect = cy.hexor.cy:9095
 | |
| PSKsecrets = /etc/stunnel/psk.txt
 | |
| ```
 | |
| ---
 |