Ok, this is the best I can do to help:
1) To help you clarify things to the best of my ability review how to combine stunnel to HFS (as standalone pieces...)
http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_serverhttp://www.rejetto.com/forum/hfs-~-http-file-server/stunnel-and-hfs-(securing-your-hfs)/msg1058480/#msg1058480OK, as explained by silentplz
Quote:
****************
----------------
Once you have created a new SSL configuration with HFS, you edit stunnel.conf as follows :
cert = .\SslCerts\your-certificate-name.pem
key = .\SslCerts\your-private-key-name.pem
The certificate must be in extension ".pem" ( x509 certificate ) .
If your certificate is included in a single file, you enter the same file name in the two entries :
cert = .\SslCerts\your-certificate-name.pem
key = .\SslCerts\your-certificate-name.pem
Then you put your certificate file in the SslCerts folder.
---------------------
********************
Stunnel will only accept a certificate in this form:
The certificate must be in extension ".pem" ( x509 certificate ) .
Since you have a pre created certificate, you will need to manually open and edit the stunnel config and change the line to point to your certificate...
Answer to 1 - conclusion -- Edit Stunnel Config!
2) yes, "servany"
https://support.microsoft.com/KB/137890?wa=wsignin1.0*NOTE(i'm not familiar with "servany" [might have been called that... there are many/other windows program to make a service...] but I have successfully made this version of HFS witch goes by its "own build name" to run as a service before in the past)
So, I can confidently say the servany (with tweaking) will allow you to run this like a service..,
As example of some tweaks: in the stunnel tab make sure you check mark the box that makes stunnel start with HFS and close with HFS....
answer to 2 -- conclusion review
https://support.microsoft.com/KB/137890?wa=wsignin1.0 and test it!
3) Sorry but nope!... Again, as you have stated, the unfortunate side effect of using stunnel is that HFS will no longer see the public IP coming!
Hfs IP now shows that the IP that is connecting is your localhost -- 127.0.0.1 or you network ip address 192.168.x.x...)
So HFS built in banning wil not work... Sorry your on your own....
http://www.rejetto.com/wiki/index.php?title=HFS:_IP_maskshttp://www.rejetto.com/forum/hfs-~-http-file-server/automatictemporary-ban/I'm not 100% (as I went over some of this in other areas...)
Silentplz has created a combined was of HFS and its banning tools when you make the stunnel log appear in the hfs window. using a setting in the stunel tab...
BUT!!! HFS still see 127.0.0.1 to connect to hfs,.. so with tha option enabled - it show hfs 127.0.0.1 then the stunnel connection there by seeing the public ip in HFS..., but unknown if the ban will still work as 127.0.0.1 is the actual ip connecting to HFS....
answer to 3 -- conclusion !Your on your own for banning!... baning ip will now be an stunnel problem...
http://comments.gmane.org/gmane.network.stunnel.user/473