abyss x1 in https mode and stunnel for http

twotone

I discovered something rather interesting. I installed an ssl certificate in abyss x1, and switched it to https only mode (port 443). Then I discovered that I could use some different settings in the stunnel.conf file to get stunnel to process the http traffic (port 80). Of course, you have to have both port 80 and 443 forwarded to your server machine's ip address from your router/firewall and both of them open in windows firewall or similar. Here is the stunnel.conf file:


[http]
accept  = 80
connect = 443
client  = yes

So now, encrypted traffic comes in on 443 to abyss, and unencrypted traffic comes in on port 80 to stunnel, gets encrypted, and sent to abyss on port 443.
Cool

admin

twotone,
The problem with this idea is that the server will log all request coming on port 80 as being made by 127.0.0.1 only. So you can no more have accurate statistics.
But the worser is that if you have set up some IP access rules, they won't be in effect (because the original IP is not known to the server) and any visitor that messes with your server will make Abyss Web Server black list 127.0.0.1 and no more accept any connection on port 80 from STunnel.

twotone

True. It's definitely not ideal.
But, for my implementation of Abyss, I am exchanging data for a multi-computer ticketing system where only 1-2 "clients" will be accessing the Abyss server, and almost exclusively through https, so I have very little need for stats, and no need for blacklisting.

pummamoriatug

When you say "it wont set for me," can you be more specific? What exactly is happening? What is your Zen Cart version and what mods have you installed?