Home » Categories » Linux

How to create stunnel with systemd? stunnel

Article Number: 651 | Rating: Unrated | Last Updated: Thu, Jan 16, 2020 5:05 PM

How to create stunnel with systemd?

Solution Verified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7+
  • systemd
  • stunnel

Issue

  • How to create stunnel with systemd?

Resolution

  • (Assuming Server side stunnel is already available and this is going to be client side.)

  • (Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

  • Example of stunnel.conf

    [root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
setuid = nobody
setgid = nobody
pid =
foreground = yes
;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
options = NO_SSLv2
[myservice]
client = yes
accept = 127.0.0.1:8080
connect = 192.168.3.244:8888

  • Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

    [root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
Documentation=man:stunnel https://www.stunnel.org/docs.html
DefaultDependencies=no
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=stunnel.target

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/stunnel.conf 
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
#LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections

[root@dhcp234-128 ~]#

  • Check if stunnel is already running.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel

  • Enable and start the service.

    [root@dhcp234-128 ~]# systemctl enable stunnel.service --now

  • Verify if it's running.

    [root@dhcp234-128 ~]# ps -ef | grep stunnel
nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
[root@dhcp234-128 ~]#

  • Verify if it's listening on correct port configured for it.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
[root@dhcp234-128 ~]#
Posted - Thu, Jan 16, 2020 5:05 PM. This article has been viewed 9943 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By Behnam - Mon, Sep 27th, 2021 8:14 PM
systemctl enable stunnel.service --now and systemctl restart stunnel output: Failed to start SSL tunnel for network daemons Can you help me? Yes, Can you send me configuration your stunnel file?
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Exclude multiple files and directories with rsync
Viewed 2624 times since Wed, Oct 31, 2018
stunnel Howto A Guide to create SSL access to a HTTP-only webserver with stunnel
Viewed 2781 times since Fri, Sep 28, 2018
How To Set Up an SSL Tunnel Using Stunnel on Ubuntu
Viewed 3383 times since Fri, Sep 28, 2018
How to enable automatic security updates on CentOS 7 with yum-cron
Viewed 2538 times since Fri, Oct 26, 2018
RHCS: Install a two-node basic cluster
Viewed 10048 times since Sun, Jun 3, 2018
LUKS List available methods of encryption for LUKS
Viewed 3036 times since Fri, Jul 13, 2018
RHEL: Extending a vmdk (Virtual Machine disk)
Viewed 4250 times since Sun, May 27, 2018
CentOS / RHEL : Configure yum automatic updates with yum-cron service
Viewed 3593 times since Fri, Oct 26, 2018
How to mount software RAID1 member using mdadm
Viewed 3112 times since Wed, Oct 3, 2018
RHCS6: Basic operations on clustered services
Viewed 2757 times since Sun, Jun 3, 2018