How to create stunnel with systemd? stunnel

How to create stunnel with systemd?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7+
  • systemd
  • stunnel

Issue

  • How to create stunnel with systemd?

Resolution

  • (Assuming Server side stunnel is already available and this is going to be client side.)

  • (Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

  • Example of stunnel.conf

    [root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
    setuid = nobody
    setgid = nobody
    pid =
    foreground = yes
    ;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
    options = NO_SSLv2
    [myservice]
    client = yes
    accept = 127.0.0.1:8080
    connect = 192.168.3.244:8888
    
  • Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

    [root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
    [Unit]
    Description=SSL tunnel for network daemons
    Documentation=man:stunnel https://www.stunnel.org/docs.html
    DefaultDependencies=no
    After=network.target
    After=syslog.target
    
    [Install]
    WantedBy=multi-user.target
    Alias=stunnel.target
    
    [Service]
    Type=forking
    EnvironmentFile=-/etc/sysconfig/stunnel.conf 
    ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
    #LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections
    
    [root@dhcp234-128 ~]# 
    
  • Check if stunnel is already running.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
    
  • Enable and start the service.

    [root@dhcp234-128 ~]# systemctl enable stunnel.service --now
    
  • Verify if it's running.

    [root@dhcp234-128 ~]# ps -ef | grep stunnel
    nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    [root@dhcp234-128 ~]# 
    
  • Verify if it's listening on correct port configured for it.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
    [root@dhcp234-128 ~]# 
    
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Force system to prompt for password in Single User mode
Viewed 1387 times since Sat, Jun 2, 2018
RHEL: Enabling standard ftp/telnet
Viewed 979 times since Sun, May 27, 2018
RHCS6: Create a new Logical Volume / Global Filesystem 2 (GFS2)
Viewed 696 times since Sun, Jun 3, 2018
ZFS: Grow/Shrink an existing zfs filesystem
Viewed 692 times since Sun, Jun 3, 2018
LVM: Create a new Volume Group
Viewed 652 times since Sat, Jun 2, 2018
Using renice and taskset to manage process priority and CPU affinity with Linux OEL 6.4
Viewed 322 times since Mon, Feb 17, 2020
Stunnel Setup
Viewed 3126 times since Fri, Sep 28, 2018
How to run command or code in parallel in bash shell under Linux or Unix
Viewed 535 times since Tue, Aug 6, 2019
Linux – Securing your important files with XFS extendend attributes
Viewed 484 times since Wed, Jul 25, 2018
tcpdump
Viewed 576 times since Fri, Jul 27, 2018