Saturday, July 1, 2017

SSL Reverse Proxy using stunnel without using Oracle Wallet

EDIT: Using nginx is a better solution.

Making https call from oracle is a nightmare. As a minimum, you need to import the site certificate into Oracle wallet.

However, if there is any problem with the certificate, it is next to impossible to debug.
Oracle XE doesn't come with Oracle wallet, utl_http may not support SNI, all depends on the oracle database version, etc...

As a workaround, use stunnel to listen on localhost and let it talk to the remote site via https.

In this example, it is listening on 8103 protocol http and talk to remote site via 8443 protocol https.
doing http://127.0.0.1:8103 just like https://web1.remote.com:8443

stunnel.conf
[web1]
client = yes
accept = 127.0.0.1:8103
connect = web1.remote.com:8443
CAfile = ca-certs.pem

No comments:

Post a Comment