I'm configuring stunnel to encapsulate SSL petitions to Haproxy. Haproxy serves several sites in the same IP address:
domain.com - Website
app.domain.com - Node.js webserver
I acquired an SSL certificate that only is valid for site app.domain.com. I would like to configure stunnel to accept petitions to:
https://app.domain.com
And do not serve petitions to:
https://domain.com
The problem is that if someone tries to acceed to https://domain.com, stunnel encapsulates the app.domain.com certificate (and it's invalid for this domain, of course).
I tried something like this in stunnel.conf:
pid = /var/run/stunnel.pid
output = /var/log/stunnel.log
[https]
cert = /etc/ssl/certs/app.domain.crt
key = /etc/ssl/private/app.domain.key
sni = https:app.domain.com
accept = 443
connect = 80
But when I try to start stunnel I get:
Line 10: End of section https: Each service must define two endpoints
str_stats: 112 block(s), 5843 byte(s)
[Failed: /etc/stunnel/stunnel.conf]
You should check that you have specified the pid= in you configuration file
Any help would be appreciated. Maybe there is another solution like configuring something in haproxy to reject SSL petitions to domain.com.
