stunnel translates data between an encrypted connection and an unencrypted connection. Thus, it is with http and other servers.
PYK 2018-05-30: The documentation for accept states:
But in that case stunnel actually binds to 127.0.0.1. To listen on all address, use the wildcard address explicitly:
[https] accept = 0.0.0.0:443 connect = 80 cert = /etc/stunnel/stunnel.pem
This has been reported here .