как настроить STunnel?

gentoo / # cat /etc/stunnel/stunnel.conf
# Sample stunnel configuration file by Michal Trojnara 2002-2005
# Some options used here may not be adequate for your particular configuration
# Please make sure you understand them (especially the effect of chroot jail)
# Certificate/key is needed in server mode and optional in client mode
# cert = /etc/stunnel/stunnel.pem
# key = /etc/stunnel/stunnel.pem
cert = /etc/stunnel/stunnel.cert
key = /etc/stunnel/stunnel.key
# Some security enhancements for UNIX systems - comment them out on Win32
# chroot = /chroot/stunnel/
setuid = stunnel
setgid = stunnel
# PID is created inside chroot jail
pid = /var/run/stunnel/stunnel.pid
# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
# Workaround for Eudora bug
options = DONT_INSERT_EMPTY_FRAGMENTS
# Authentication stuff
#verify = 2
# Don't forget to c_rehash CApath
# CApath is located inside chroot jail:
#CApath = /certs
# It's often easier to use CAfile:
#CAfile = /etc/stunnel/certs.pem
# Don't forget to c_rehash CRLpath
# CRLpath is located inside chroot jail:
#CRLpath = /crls
# Alternatively you can use CRLfile:
#CRLfile = /etc/stunnel/crls.pem
# Some debugging stuff useful for troubleshooting
debug = 7
output = /etc/stunnel/stunnel.log
# Use it for client mode
#client = yes
# Service-level configuration
#[pop3s]
#accept = 995
#connect = 110
#[imaps]
#accept = 993
#connect = 143
#[ssmtp]
#accept = 465
#connect = 25
[https]
accept = 777
connect = 8787
TIMEOUTclose = 0
#[proxy]
#accept = 77777
#connect = 209.250.241.48:8787
#TIMEOUTclose = 0
#[sproxy]
#accept = 5133
#connect = _ip_адрес_вашего_сервера_:5133
#TIMEOUTclose = 0

2008.12.25 13:45:34 LOG5[11483:3086801808]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.12.25 13:45:34 LOG7[11483:3086801808]: https finished (1 left)
2008.12.25 13:45:34 LOG7[11483:3086874304]: https accepted FD=13 from 94.41.37.153:4605
2008.12.25 13:45:34 LOG7[11483:3086801808]: https started
2008.12.25 13:45:34 LOG7[11483:3086801808]: FD 13 in non-blocking mode
2008.12.25 13:45:34 LOG7[11483:3086801808]: TCP_NODELAY option set on local socket
2008.12.25 13:45:34 LOG7[11483:3086801808]: Waiting for a libwrap process
2008.12.25 13:45:34 LOG7[11483:3086801808]: Acquired libwrap process #0
2008.12.25 13:45:34 LOG7[11483:3086801808]: Releasing libwrap process #0
2008.12.25 13:45:34 LOG7[11483:3086801808]: Released libwrap process #0
2008.12.25 13:45:34 LOG7[11483:3086801808]: https permitted by libwrap from 94.41.37.153:4605
2008.12.25 13:45:34 LOG5[11483:3086801808]: https accepted connection from 94.41.37.153:4605
2008.12.25 13:45:34 LOG7[11483:3086801808]: SSL state (accept): before/accept initialization
2008.12.25 13:45:34 LOG3[11483:3086801808]: SSL_accept: 1407609C: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2008.12.25 13:45:34 LOG5[11483:3086801808]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.12.25 13:45:34 LOG7[11483:3086801808]: https finished (1 left)
2008.12.25 13:45:38 LOG7[11483:3086874304]: https accepted FD=13 from 94.41.37.153:4607
2008.12.25 13:45:38 LOG7[11483:3086801808]: https started
2008.12.25 13:45:38 LOG7[11483:3086801808]: FD 13 in non-blocking mode
2008.12.25 13:45:38 LOG7[11483:3086801808]: TCP_NODELAY option set on local socket
2008.12.25 13:45:38 LOG7[11483:3086801808]: Waiting for a libwrap process
2008.12.25 13:45:38 LOG7[11483:3086801808]: Acquired libwrap process #0
2008.12.25 13:45:38 LOG7[11483:3086801808]: Releasing libwrap process #0
2008.12.25 13:45:38 LOG7[11483:3086801808]: Released libwrap process #0
2008.12.25 13:45:38 LOG7[11483:3086801808]: https permitted by libwrap from 94.41.37.153:4607
2008.12.25 13:45:38 LOG5[11483:3086801808]: https accepted connection from 94.41.37.153:4607
2008.12.25 13:45:38 LOG7[11483:3086801808]: SSL state (accept): before/accept initialization
2008.12.25 13:45:38 LOG3[11483:3086801808]: SSL_accept: 1407609C: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2008.12.25 13:45:38 LOG5[11483:3086801808]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.12.25 13:45:38 LOG7[11483:3086801808]: https finished (1 left)
2008.12.25 13:45:49 LOG3[11483:3086871440]: SSL_accept: 1407609C: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2008.12.25 13:45:49 LOG5[11483:3086871440]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2008.12.25 13:45:49 LOG7[11483:3086871440]: https finished (0 left)
2008.12.25 13:45:55 LOG5[11483:3086874304]: Received signal 15; terminating
2008.12.25 13:45:55 LOG7[11483:3086874304]: removing pid file /var/run/stunnel/stunnel.pid

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
;cert = stunnel.pem
;key = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
[https]
accept = 777
connect = 209.250.241.48:777
TIMEOUTclose = 0
; vim:ft=dosini
#[proxy]
#accept = 77777
#connect = 209.250.241.48:77777
#TIMEOUTclose = 0

#[sproxy]
#accept = 7778
#connect =209.250.241.48:7778
#TIMEOUTclose = 0