HTTPS question...with Stunnel

[sharf]

Ok so I had the program...I forget who made it, that installed and set up stunnel and HFS all at once. And for the longest time it worked, but recently, after some update, https://myip asks me about the certificate, but then wont load...but if I type http:myip it works perfectly, just without SSL...any ideas on what's going on?

thanks, sharf.

[guestion]

http://www.rejetto.com/forum/index.php/topic,7080.0.html

[sharf]

Yes...that's what I used...but that doesn't answer my question...it was when HFS updated that it stopped working...

[SilentPliz]

Check if your certificate is still valid ... maybe it is outdated.

If so, you must generate a new one.

it was when HFS updated that it stopped working...

... perhaps a coincidence.

[sharf]

Well..idk how to check that...but the stunnel log says it's blocking 127.0.0.1 everytime I try to connect to it HTTPs...it does still work HTTP...and I doubt the certificate would be out of date, I just made it a few months ago...

[SilentPliz]

Check your HFS settings :

The listening port of HFS has not changed?

Look in Menu > Limits > Bans if you have always exactly this ban \127.0.0.1

Also check: IP adress and Accept connections on

[sharf]

I forget where to check for the listening port, is that at the top where it says port 80? Also the ip address is 192.168.1.17, not 127.0.0.1, is that a problem? I try changing it to 127.0.0.1 and that didn't help. And nothing is banned. I could not find anything about accepting connections on.

[SilentPliz]

OK, you had "lose" your settings since the update.
Post here the [https] section of your configuration file of Stunnel (stunnel.conf), I'll help you to refind it.

It looks probably like this:

[https]
accept = 443
connect = 44300
TIMEOUTclose = 0


do not touch anything for moment

[sharf]

This?

; Lines preceded with a “;” are comments
; Empty lines are ignored
; For more options and details: see the manual (stunnel.html)

; File with certificate and private key
cert = stunnel.pem
key = stunnel.pem

; Log (1= minimal, 5=recommended, 7=all) and log file)
; Preceed with a “;” to disable logging
debug = 6
output = ..\stunnel.log

; Some performance tuning
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Data compression algorithm: zlib or rle
compression = zlib

; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled)
options = ALL
options = NO_SSLv2

; Service-level configuration
; Stunnel listens to port 443 (HTTPS) to IP 0.0.0.0
; and connects to port 44300 (HFS) on 127.0.0.1
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
TIMEOUTclose = 0

[SilentPliz]

Replace in stunnel.conf the https section by this add in blue, and read this comics below for redo your settings.
( Don't forget to check if the port 443 is open in your router)


; Lines preceded with a “;” are comments
; Empty lines are ignored
; For more options and details: see the manual (stunnel.html)

; File with certificate and private key
cert = stunnel.pem
key = stunnel.pem

; Log (1= minimal, 5=recommended, 7=all) and log file)
; Preceed with a “;” to disable logging
debug = 6
output = ..\stunnel.log

; Some performance tuning
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Data compression algorithm: zlib or rle
compression = zlib

; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled)
options = ALL
options = NO_SSLv2

; Service-level configuration
; Stunnel listens to port 443 (HTTPS) to IP 0.0.0.0
; and connects to port 44300 (HFS) on 127.0.0.1
[https]
accept = 0.0.0.0:443
connect = 127.0.0.1:44300
local = 192.168.1.17
TIMEOUTclose = 0

[SilentPliz]

...conclusion.

Menu > Save Options > To file

And think to keep an copy of yours hfs.ini & *.vfs files in a safe place... regularly.

[sharf]

Got it, thank you very much. I think what happened, is one time my server crashed, and it lost the file system...and then I reset that, but didn't notice it had reset the port and everything. It's working now and I have backed up all the config stuff, thanks a bunch!