I'm configuring stunnel to encapsulate SSL petitions to Haproxy. Haproxy serves several sites in the same IP address:
domain.com - Website app.domain.com - Node.js webserver
I acquired an SSL certificate that only is valid for site app.domain.com. I would like to configure stunnel to accept petitions to:
And do not serve petitions to:
The problem is that if someone tries to acceed to https://domain.com, stunnel encapsulates the app.domain.com certificate (and it's invalid for this domain, of course).
I tried something like this in stunnel.conf:
pid = /var/run/stunnel.pid output = /var/log/stunnel.log [https] cert = /etc/ssl/certs/app.domain.crt key = /etc/ssl/private/app.domain.key sni = https:app.domain.com accept = 443 connect = 80
But when I try to start stunnel I get:
Line 10: End of section https: Each service must define two endpoints str_stats: 112 block(s), 5843 byte(s) [Failed: /etc/stunnel/stunnel.conf] You should check that you have specified the pid= in you configuration file
Any help would be appreciated. Maybe there is another solution like configuring something in haproxy to reject SSL petitions to domain.com.