Apparently only the newer versions can do this, 4.15+, but the concept is simple:
setuid = stunnel setgid = stunnel debug = 5 output = /var/log/stunnel/stunnel.log pid = /var/run/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 ciphers = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL options = NO_SSLv2 [https-site1] accept = 10.0.0.1:443 cert = /etc/pki/tls/certs/site1.pem connect = 10.0.0.101:80 TIMEOUTclose = 0 [https-site2] accept = 10.0.0.2:443 cert = /etc/pki/tls/certs/site2.pem connect = 10.0.0.102:80 TIMEOUTclose = 0
This is much better than running multiple instances of stunnel.
For what it’s worth, if you enable a log file, it’ll turn off sys logging, which is critical for extreme performance. Keep the debug level low. For https, disable v2 and set the cipher list the right way.