Expose service via TLS stunnel
First of all, I encountered an issue with the Outline VPN server, which exposes Prometheus metrics on 127.0.0.1 with no option to change it. As a solution, I used stunnel4. Essentially, it works as a TLS proxy, listening on a configured port and forwarding traffic to another.
[Server1 (stunnel server)] <==> [Server2 (stunnel client)]
Server side
Install stunnel and create configs:
ab@cy:/etc/stunnel$ cat outline_prom.conf
debug = 5
output = /var/log/stunnel.log
[outline_prom]
accept = 0.0.0.0:9095
connect = 127.0.0.1:9092
PSKsecrets = /etc/stunnel/psk.txt
psk.txt
is a credentials file and looks like:
# I used `openssl rand -hex 32` to generate secret
ab@cy:/etc/stunnel$ cat psk.txt
user:secret_string
Client side
psk.txt
the same and config looks like:
ab@home:/etc/stunnel$ cat /etc/stunnel/outline_prom.conf
[outline_prom_cy]
client = yes
accept = 0.0.0.0:9095
connect = cy.hexor.cy:9095
PSKsecrets = /etc/stunnel/psk.txt