; ==== stunnel configuration for https to http forwarding ====

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem

; since private key and certificate are in one file, we don't need
; to specify the key file. Since we do not use authentication with
; client certs, we don't need the CA certificate for verification.
key = /etc/stunnel/stunnel.key
;CAfile = /home/stunnel/etc/stunnel/cacert.pem

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /home/stunnel/var/lib/stunnel/
;setuid = nobody
;setgid = nogroup
; PID is created inside chroot jail
pid = /var/run/stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[https]
accept  = 443
connect = 80
TIMEOUTclose = 0

; ==== end of stunnel.conf ====