Jakoby
n3wb
- Joined
- May 11, 2018
- Messages
- 8
- Reaction score
- 0
hey
this is my first time to try blueiris with stunnel to connect it with https. I follow the instruction at the YouTube Video Stunnel, but i get still the same error - it starts normal but if i cheched the Connection i get a error - Server down at the stunnel gui.
it does not work with Wan 192.168.1.102:8080 with no browser …. with port 81 it works. with other port 443 it doesnt work….. the BlueIris Settings are okey … whats wrong
; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2019
; Some options used here may be inadequate for your particular configuration
; This sample file does not represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **
; * Global options *
; **
; Debugging stuff (may be useful for troubleshooting)
;debug = info
;output = stunnel.log
; Enable FIPS 140-2 mode if needed for compliance
;fips = yes
; Microsoft CryptoAPI engine allows for authentication with private keys
; stored in the Windows certificate store
; Each section using this feature also needs the "engineId = capi" option
;engine = capi
; You also need to disable TLS 1.2 or later, because the CryptoAPI engine
; currently does not support PSS
;sslVersionMax = TLSv1.1
; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; e.g. softhsm2.dll or opensc-pkcs11.so
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:softhsm2.dll
;engineCtrl = PIN:1234
; **
; * Service defaults may also be specified in individual service sections *
; **
; Enable support for the insecure SSLv3 protocol
;options = -NO_SSLv3
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **
; * Include all configuration file fragments from the specified folder *
; **
;include = conf.d
; **
; * Service definitions (at least one service has to be defined) *
; **
; * Example TLS client mode services
; Encrypted HTTP proxy authenticated with a client certificate
; located in the Windows certificate store
;[example-proxy]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = capi
; Encrypted HTTP proxy authenticated with a client certificate
; located in a cryptographic token
;[example-pkcs11]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = pkcs11
;cert = pkcs11:token=MyToken;object=MyCert
;key = pkcs11:token=MyToken;object=MyKey
* Example TLS server mode services
[blueiris]
accept = 443
connect = 81
cert = stunnel.pem
;[pop3s]
;accept = 995
;connect = 110
;cert = stunnel.pem
;[imaps]
;accept = 993
;connect = 143
;cert = stunnel.pem
; Either only expose this service to trusted networks, or require
; authentication when relaying emails originated from loopback.
; Otherwise the following configuration creates an open relay.
;[ssmtp]
;accept = 465
;connect = 25
;cert = stunnel.pem
; TLS front-end to a web server
;[https]
;accept = 443
;connect = 80
;cert = stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
; Remote cmd.exe protected with PSK-authenticated TLS
; Create "secrets.txt" containing IDENTITY:KEY pairs
;[cmd]
;accept = 1337
;exec = c:\windows\system32\cmd.exe
;execArgs = cmd.exe
;PSKsecrets = secrets.txt
; vim:ft=dosini
this is my first time to try blueiris with stunnel to connect it with https. I follow the instruction at the YouTube Video Stunnel, but i get still the same error - it starts normal but if i cheched the Connection i get a error - Server down at the stunnel gui.
it does not work with Wan 192.168.1.102:8080 with no browser …. with port 81 it works. with other port 443 it doesnt work….. the BlueIris Settings are okey … whats wrong
; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2019
; Some options used here may be inadequate for your particular configuration
; This sample file does not represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **
; * Global options *
; **
; Debugging stuff (may be useful for troubleshooting)
;debug = info
;output = stunnel.log
; Enable FIPS 140-2 mode if needed for compliance
;fips = yes
; Microsoft CryptoAPI engine allows for authentication with private keys
; stored in the Windows certificate store
; Each section using this feature also needs the "engineId = capi" option
;engine = capi
; You also need to disable TLS 1.2 or later, because the CryptoAPI engine
; currently does not support PSS
;sslVersionMax = TLSv1.1
; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; e.g. softhsm2.dll or opensc-pkcs11.so
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:softhsm2.dll
;engineCtrl = PIN:1234
; **
; * Service defaults may also be specified in individual service sections *
; **
; Enable support for the insecure SSLv3 protocol
;options = -NO_SSLv3
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **
; * Include all configuration file fragments from the specified folder *
; **
;include = conf.d
; **
; * Service definitions (at least one service has to be defined) *
; **
; * Example TLS client mode services
; Encrypted HTTP proxy authenticated with a client certificate
; located in the Windows certificate store
;[example-proxy]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = capi
; Encrypted HTTP proxy authenticated with a client certificate
; located in a cryptographic token
;[example-pkcs11]
;client = yes
;accept = 127.0.0.1:8080
;connect = example.com:8443
;engineId = pkcs11
;cert = pkcs11:token=MyToken;object=MyCert
;key = pkcs11:token=MyToken;object=MyKey
* Example TLS server mode services
[blueiris]
accept = 443
connect = 81
cert = stunnel.pem
;[pop3s]
;accept = 995
;connect = 110
;cert = stunnel.pem
;[imaps]
;accept = 993
;connect = 143
;cert = stunnel.pem
; Either only expose this service to trusted networks, or require
; authentication when relaying emails originated from loopback.
; Otherwise the following configuration creates an open relay.
;[ssmtp]
;accept = 465
;connect = 25
;cert = stunnel.pem
; TLS front-end to a web server
;[https]
;accept = 443
;connect = 80
;cert = stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
; Remote cmd.exe protected with PSK-authenticated TLS
; Create "secrets.txt" containing IDENTITY:KEY pairs
;[cmd]
;accept = 1337
;exec = c:\windows\system32\cmd.exe
;execArgs = cmd.exe
;PSKsecrets = secrets.txt
; vim:ft=dosini