I am trying to get stunnel to forward from a port (eventually via https on 443) to port 8080.
The http served on 8080 is already visible correctly by a remote browser.
I have tried some 4 versions of stunnel between 4.42 - 4.55. On Ubuntu 16 and 18.
The stunnel program output:
...
[!] bind: Address already in use (98)
[!] Error binding service [myhttp] to 0.0.0.0:9985
...
stunnel.conf (am I missing something? on the web there are various claims that this or that should be added):
cert = /etc/letsencrypt/live/<<my-domain>>/cert.pem
key = /etc/letsencrypt/live/<<my-domain>>/privkey.pem
[myhttp]
accept = 9985
connect = 8080
I have tried prefixing the ports with 127.0.0.1:
or ::1:
. (This has an effect in changing the 0.0.0.0 above, however same result.)
My firewall:
root@localhost:/home/my# iptables -L -v
Chain INPUT (policy ACCEPT 211 packets, 160K bytes)
pkts bytes target prot opt in out source destination
145 849K ACCEPT all -- lo any anywhere anywhere
8874 1008K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
248 24754 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
310 22151 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:9985
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:9986
If I add into /etc/services:
myhttp 9985/tcp
then the output of iptables -L -v
contains ... tcp dpt:myhttp...
, but still 0 accepts.
If i change the entry in stunnel.conf to accept = 80
then the remote browser can get an https-connection through that port, and get the page served on port 8080, and it has an ssl-lock-symbol. However using port 80 for https is no solution, I need that port to serve plain http or direct the browser to the https-port.