stunnel

SSL Error - wrong version number (HTTPS to HTTP)

喜你入骨 提交于 2021-01-29 21:30:22
问题 I receive an error when i try to "redirect" and https request to http by a stunnel server. construction: flask server: serve https which includes an button with a https request to another server (stunnel4). stunnel: receives the request and redirect it to a local (http) server. the stunnel server failes by following error: Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG5[1744]: Service [https] accepted connection from <external_IP>:51874 Mär 27 19:27:20 raspberrypi stunnel[1400]: LOG5[1744]: s

31.Docker 服务端防护

廉价感情. 提交于 2020-09-30 15:45:34
Docker 服务端防护 运行一个容器或应用程序的核心是通过 Docker 服务端。Docker 服务的运行目前需要 root 权限,因此其安全性十分关键。 首先,确保只有可信的用户才可以访问 Docker 服务。Docker 允许用户在主机和容器间共享文件夹,同时不需要限制容器的访问权限,这就容易让容器突破资源限制。例如,恶意用户启动容器的时候将主机的根目录 / 映射到容器的 /host 目录中,那么容器理论上就可以对主机的文件系统进行任意修改了。这听起来很疯狂?但是事实上几乎所有虚拟化系统都允许类似的资源共享,而没法禁止用户共享主机根文件系统到虚拟机系统。 这将会造成很严重的安全后果。因此,当提供容器创建服务时(例如通过一个 web 服务器),要更加注意进行参数的安全检查,防止恶意的用户用特定参数来创建一些破坏性的容器 为了加强对服务端的保护,Docker 的 REST API(客户端用来跟服务端通信)在 0.5.2 之后使用本地的 Unix 套接字机制替代了原先绑定在 127.0.0.1 上的 TCP 套接字,因为后者容易遭受跨站脚本攻击。现在用户使用 Unix 权限检查来加强套接字的访问安全。 用户仍可以利用 HTTP 提供 REST API 访问。建议使用安全机制,确保只有可信的网络或 VPN,或证书保护机制(例如受保护的 stunnel 和 ssl 认证

使用squid stunnel实现代理服务

泪湿孤枕 提交于 2020-01-06 17:13:19
一.环境介绍 平常我这边都用的是ss,今天测试一下squid+stunnel实现代理服务 1.服务端:云服务器,服务端squid 2.本地内网的PC机,能上网就行,客户端stunnel 二.服务端安装squid 1.安装squid yum install squid openssl openssl-devel -y 2.生成加密代理证书 cd /etc/squid openssl req -new > tank.csr //要求输入密码和确认密码 ,最后一步写服务器主机名 openssl rsa -in privkey.pem -out tank.key //输入上面输入的密码 openssl x509 -in tank.csr -out tank.crt -req -signkey tank.key -days 3650 3.配置squid vi /etc/squid/squid.conf 新增优化配置 acl OverConnLimit maxconn 10 //限制每个IP最大允许10个连接 minimum_object_size 1 KB //允午最小文件请求体大小 maximum_object_size 1 MB //允午最大文件请求体大小 cache_swap_low 10 //最小允许使用swap 10% cache_swap_high 25 //最大允许使用swap

cTrader decode protobuf message from Report API Events (tunnel)

北城以北 提交于 2020-01-04 03:40:34
问题 i am dealing with cTrader Trading platform. My project is written in python 3 on tornado. And have issue in decoding the prtobuf message from report API Events. Below will list everything what i achieved and where have the problem. First cTrader have Rest API for Report so i got the .proto file and generated it for python 3 proto file is called : cTraderReportingMessages5_9_pb2 from rest Report API getting the protobuf message and able to decode in the following way because i know which

Securing Node Redis

柔情痞子 提交于 2019-12-22 12:18:10
问题 I'm trying to secure the Node Redis IPC server to use a private/public key. I've followed this tutorial which uses stunnel which wraps the tunnel used by Redis under a SSL layer. The example is not for Node, but it does secure the connection, and I only can connect to the server if I include the certification in my config file, otherwise the connection is reseted. However, I cannot replicate this with NodeJS. On my server computer, I have: var redis = require('redis'); var client = redis

Establishing a connection to DUKASCOPY using stunnel

落花浮王杯 提交于 2019-12-21 20:38:12
问题 looking for some help in establishing a connection with my broker DUKASCOPY using stunnel and quickfix python over FIX4.4 protocol. Here is my stunnel config: client = yes cert = /etc/stunnel/stunnel.pem [OKSERVER] accept = 9443 connect = demo-api.dukascopy.com:10443 My quickfix cfg file: [DEFAULT] ConnectionType=initiator LogonTimeout=30 ReconnectInterval=30 ResetOnLogon=Y FileLogPath=./Logs/ [SESSION] BeginString=FIX.4.4 SenderCompID=SENDER_ID # replaced with anonymous value for this post

How to securely connect to Heroku Redis via the command line?

戏子无情 提交于 2019-12-11 00:43:38
问题 The Heroku Redis CLI documentation states that connecting via the Heroku CLI is insecure, as it relies on the redis-cli binary. Is there a secure way to connect to a Heroku Redis instance via a command-line interface? Connecting via my local machine, or though a dyno as a relay both work fine. 回答1: I believe this is because you're using the hobby-dev tier of Heroku Redis which seems not to support SSL. SSL for Heroku Redis is only available on production tier plans. The hobby-dev plan is

stunnel https gets redirected to http

扶醉桌前 提交于 2019-12-10 21:21:35
问题 I have a Web service listening on port 8081 (it's a ServiceStack REST Web Service running on mono, if that helps). I am trying to secure it using stunnel, but the problem is as soon as I connect to https://ip, it gets redirected to http://ip:8081, which doesn't make sense to me. Could somebody point me in a direction? My stunnel config file follows: cert = stunnel.pem chroot = /usr/local/var/run/stunnel/ pid = /stunnel.pid setuid = nobody setgid = nobody foreground = yes [https] accept = 443

Securing Node Redis

橙三吉。 提交于 2019-12-06 08:43:10
I'm trying to secure the Node Redis IPC server to use a private/public key. I've followed this tutorial which uses stunnel which wraps the tunnel used by Redis under a SSL layer. The example is not for Node, but it does secure the connection, and I only can connect to the server if I include the certification in my config file, otherwise the connection is reseted. However, I cannot replicate this with NodeJS. On my server computer, I have: var redis = require('redis'); var client = redis.createClient(); client.auth('myPassword'); client.publish('instances', 'start'); And my on my client

wss fails over https on apache server

匿名 (未验证) 提交于 2019-12-03 08:57:35
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试): 问题: I have a server in digital ocean which is using StartCOM class I primary intermediate CA for ssl. I have set u a websocket server and I want to make a connection to it from a page which is served by https. When I try to connect to the websocket using just http it works fine. But when I try to use it over https by changing the websocket uri from ws to wss it does not connect. What am I doing wrong. Connection is made using fancywebsockets.js fancywebsockets.js var FancyWebSocket = function(url) { var callbacks = {}; var ws_url = url; var conn
订阅 stunnel