Stunnel can run multiple ips and certs in one instance

Apparently only the newer versions can do this, 4.15+, but the concept is simple:

setuid          = stunnel
setgid          = stunnel
debug           = 5
output          = /var/log/stunnel/stunnel.log
pid             = /var/run/stunnel/stunnel.pid
socket          = l:TCP_NODELAY=1
ciphers         = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL
options         = NO_SSLv2

[https-site1]
accept          = 10.0.0.1:443
cert            = /etc/pki/tls/certs/site1.pem
connect         = 10.0.0.101:80
TIMEOUTclose    = 0

[https-site2]
accept          = 10.0.0.2:443
cert            = /etc/pki/tls/certs/site2.pem
connect         = 10.0.0.102:80
TIMEOUTclose    = 0

This is much better than running multiple instances of stunnel.

For what it’s worth, if you enable a log file, it’ll turn off sys logging, which is critical for extreme performance. Keep the debug level low. For https, disable v2 and set the cipher list the right way.