Just a quick tip on setting up stunnel in transparent proxy mode (ie. target service sees original source IP address) pointing at services running on localhost. (mostly based on sslh documentation)

Use the following iptables/sysctl rules:

#!/bin/bash

set -e

# Set route_localnet = 1 on all interfaces so that ssl …