Skip to content

Instantly share code, notes, and snippets.

@leepa leepa/
Last active Dec 19, 2015

What would you like to do?


So, make sure you replace youraccount with your account name. Also make sure you set the reqadd Authorization line to be the base64 of your token/user/password combo:

echo -n username:password | openssl enc -a

Replace any equals signs with \3D to make sure they are escaped.

log local0 notice
maxconn 4096
chroot /usr/share/haproxy
user haproxy
group haproxy
log global
mode http
option httplog
option dontlognull
option log-separate-errors
retries 3
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend http-in
bind *:5984
default_backend cloudant
backend cloudant
reqidel ^Authorization.*
reqidel ^Host.*
reqidel ^X-Forwarded-For:.*
reqadd Host:\
reqadd Authorization:\ Basic\ dG9tZWRzd2Vlc21p..truncated..Vd3Unk0czZxbGhobQ\x3D\x3D
option tcpka
server s1 localhost:5999
; *****************************************************************************
; * Global Options *
; *****************************************************************************
; A copy of some devices and system files is needed within the chroot jail
; Chroot conflicts with configuration file reload and many other features
chroot = /var/lib/stunnel4/
; Chroot jail can be escaped if setuid option is not used
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /
; Debugging stuff (may useful for troubleshooting)
;debug = 7
output = /var/log/stunnel4/stunnel.log
; Certificate/key is needed in server mode and optional in client mode
; cert = /etc/stunnel/cert.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Enable client mode
client = yes
accept = localhost:5999
connect =
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.