Stunnel problems

Jan_Mechelen · Sat Jun 25, 2016 2:20 pm

Hello,

I'm running a http-server on port 80 on RPi that doens't support SSL. In order to secure access from the internet I added stunnel to Rpi that listens on port 443 and transfers to port 80.

Access with a browser from another computer does not work. I have absolutely no knowledge of stunnel and can therfore interprete the logfile. Maybe sombody with knowlege might give me some hints?

stunnel.conf
debug = 7
log = overwrite
client = no
output = /var/log/stunnel4/stunnel.log
cert = /etc/stunnel/server.pem
key = /etc/stunnel/server.key

[https-xwrc]
accept = 0.0.0.0:443
connect = 192.168.0.248:80
TIMEOUTclose = 0

stunnel log file
2016.06.24 11:32:27 LOG7[1705]: Clients allowed=500
2016.06.24 11:32:27 LOG5[1705]: stunnel 5.06 on arm-unknown-linux-gnueabihf platform
2016.06.24 11:32:27 LOG5[1705]: Compiled with OpenSSL 1.0.1k 8 Jan 2015
2016.06.24 11:32:27 LOG5[1705]: Running with OpenSSL 1.0.1t 3 May 2016
2016.06.24 11:32:27 LOG5[1705]: Update OpenSSL shared libraries or rebuild stunnel
2016.06.24 11:32:27 LOG5[1705]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
2016.06.24 11:32:27 LOG7[1705]: errno: (*__errno_location ())
2016.06.24 11:32:27 LOG5[1705]: Reading configuration from file /etc/stunnel/stunnel.conf
2016.06.24 11:32:27 LOG5[1705]: FIPS mode disabled
2016.06.24 11:32:27 LOG7[1705]: Compression disabled
2016.06.24 11:32:27 LOG7[1705]: Snagged 64 random bytes from /root/.rnd
2016.06.24 11:32:27 LOG7[1705]: Wrote 1024 new random bytes to /root/.rnd
2016.06.24 11:32:27 LOG7[1705]: PRNG seeded successfully
2016.06.24 11:32:27 LOG6[1705]: Initializing service [https-xwrc]
2016.06.24 11:32:27 LOG6[1705]: Loading cert from file: /etc/stunnel/server.pem
2016.06.24 11:32:27 LOG6[1705]: Loading key from file: /etc/stunnel/server.key
2016.06.24 11:32:27 LOG4[1705]: Insecure file permissions on /etc/stunnel/server.key
2016.06.24 11:32:27 LOG7[1705]: Private key check succeeded
2016.06.24 11:32:27 LOG7[1705]: DH initialization
2016.06.24 11:32:27 LOG7[1705]: Could not load DH parameters from /etc/stunnel/server.pem
2016.06.24 11:32:27 LOG7[1705]: Using hardcoded DH parameters
2016.06.24 11:32:27 LOG7[1705]: DH initialized with 2048-bit key
2016.06.24 11:32:27 LOG7[1705]: ECDH initialization
2016.06.24 11:32:27 LOG7[1705]: ECDH initialized with curve prime256v1
2016.06.24 11:32:27 LOG7[1705]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
2016.06.24 11:32:27 LOG5[1705]: Configuration successful
2016.06.24 11:32:27 LOG7[1705]: Listening file descriptor created (FD=7)
2016.06.24 11:32:27 LOG7[1705]: Service [https-xwrc] (FD=7) bound to 0.0.0.0:443
2016.06.24 11:32:27 LOG7[1706]: Created pid file /var/run/stunnel4.pid
2016.06.24 11:37:13 LOG7[1706]: Service [https-xwrc] accepted (FD=3) from 192.168.0.1:53703
2016.06.24 11:37:13 LOG7[1846]: Service [https-xwrc] started
2016.06.24 11:37:13 LOG5[1846]: Service [https-xwrc] accepted connection from 192.168.0.1:53703
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): before/accept initialization
2016.06.24 11:37:13 LOG7[1846]: SNI: no virtual services defined
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1846]: 0 items in the session cache
2016.06.24 11:37:13 LOG7[1846]: 0 client connects (SSL_connect())
2016.06.24 11:37:13 LOG7[1846]: 0 client connects that finished
2016.06.24 11:37:13 LOG7[1846]: 0 client renegotiations requested
2016.06.24 11:37:13 LOG7[1846]: 1 server connects (SSL_accept())
2016.06.24 11:37:13 LOG7[1846]: 1 server connects that finished
2016.06.24 11:37:13 LOG7[1846]: 0 server renegotiations requested
2016.06.24 11:37:13 LOG7[1846]: 0 session cache hits
2016.06.24 11:37:13 LOG7[1846]: 0 external session cache hits
2016.06.24 11:37:13 LOG7[1846]: 0 session cache misses
2016.06.24 11:37:13 LOG7[1846]: 0 session cache timeouts
2016.06.24 11:37:13 LOG6[1846]: SSL accepted: new session negotiated
2016.06.24 11:37:13 LOG6[1846]: No peer certificate received
2016.06.24 11:37:13 LOG6[1846]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2016.06.24 11:37:13 LOG6[1846]: Compression: null, expansion: null
2016.06.24 11:37:13 LOG6[1846]: s_connect: connecting 192.168.0.248:80
2016.06.24 11:37:13 LOG7[1846]: s_connect: s_poll_wait 192.168.0.248:80: waiting 10 seconds
2016.06.24 11:37:13 LOG5[1846]: s_connect: connected 192.168.0.248:80
2016.06.24 11:37:13 LOG5[1846]: Service [https-xwrc] connected remote server from 192.168.0.248:36146
2016.06.24 11:37:13 LOG7[1846]: Remote socket (FD=9) initialized
2016.06.24 11:37:13 LOG6[1846]: SSL socket closed (SSL_read)
2016.06.24 11:37:13 LOG7[1846]: Sent socket write shutdown
2016.06.24 11:37:13 LOG5[1846]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.06.24 11:37:13 LOG7[1846]: Remote socket (FD=9) closed
2016.06.24 11:37:13 LOG7[1846]: Local socket (FD=3) closed
2016.06.24 11:37:13 LOG7[1846]: Service [https-xwrc] finished (0 left)
2016.06.24 11:37:13 LOG7[1706]: Service [https-xwrc] accepted (FD=3) from 192.168.0.1:53707
2016.06.24 11:37:13 LOG7[1847]: Service [https-xwrc] started
2016.06.24 11:37:13 LOG5[1847]: Service [https-xwrc] accepted connection from 192.168.0.1:53707
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): before/accept initialization
2016.06.24 11:37:13 LOG7[1847]: SNI: no virtual services defined
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1847]: 1 items in the session cache
2016.06.24 11:37:13 LOG7[1847]: 0 client connects (SSL_connect())
2016.06.24 11:37:13 LOG7[1847]: 0 client connects that finished
2016.06.24 11:37:13 LOG7[1847]: 0 client renegotiations requested
2016.06.24 11:37:13 LOG7[1847]: 2 server connects (SSL_accept())
2016.06.24 11:37:13 LOG7[1847]: 2 server connects that finished
2016.06.24 11:37:13 LOG7[1847]: 0 server renegotiations requested
2016.06.24 11:37:13 LOG7[1847]: 0 session cache hits
2016.06.24 11:37:13 LOG7[1847]: 0 external session cache hits
2016.06.24 11:37:13 LOG7[1847]: 0 session cache misses
2016.06.24 11:37:13 LOG7[1847]: 0 session cache timeouts
2016.06.24 11:37:13 LOG6[1847]: SSL accepted: new session negotiated
2016.06.24 11:37:13 LOG6[1847]: No peer certificate received
2016.06.24 11:37:13 LOG6[1847]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2016.06.24 11:37:13 LOG7[1706]: Service [https-xwrc] accepted (FD=9) from 192.168.0.1:53708
2016.06.24 11:37:13 LOG6[1847]: Compression: null, expansion: null
2016.06.24 11:37:13 LOG6[1847]: s_connect: connecting 192.168.0.248:80
2016.06.24 11:37:13 LOG7[1847]: s_connect: s_poll_wait 192.168.0.248:80: waiting 10 seconds
2016.06.24 11:37:13 LOG5[1847]: s_connect: connected 192.168.0.248:80
2016.06.24 11:37:13 LOG5[1847]: Service [https-xwrc] connected remote server from 192.168.0.248:36148
2016.06.24 11:37:13 LOG7[1847]: Remote socket (FD=10) initialized
2016.06.24 11:37:13 LOG6[1847]: SSL socket closed (SSL_read)
2016.06.24 11:37:13 LOG7[1847]: Sent socket write shutdown
2016.06.24 11:37:13 LOG5[1847]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.06.24 11:37:13 LOG7[1847]: Remote socket (FD=10) closed
2016.06.24 11:37:13 LOG7[1847]: Local socket (FD=3) closed
2016.06.24 11:37:13 LOG7[1847]: Service [https-xwrc] finished (0 left)
2016.06.24 11:37:13 LOG7[1848]: Service [https-xwrc] started
2016.06.24 11:37:13 LOG5[1848]: Service [https-xwrc] accepted connection from 192.168.0.1:53708
2016.06.24 11:37:13 LOG7[1848]: SSL state (accept): before/accept initialization
2016.06.24 11:37:13 LOG7[1848]: SNI: no virtual services defined
2016.06.24 11:37:13 LOG7[1848]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1848]: SSL state (accept): unknown state
2016.06.24 11:37:13 LOG7[1848]: SSL state (accept): unknown state