Home » Categories » Linux

How to create stunnel with systemd? stunnel

Article Number: 651 | Rating: Unrated | Last Updated: Thu, Jan 16, 2020 5:05 PM

How to create stunnel with systemd?

Solution Verified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7+
  • systemd
  • stunnel

Issue

  • How to create stunnel with systemd?

Resolution

  • (Assuming Server side stunnel is already available and this is going to be client side.)

  • (Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

  • Example of stunnel.conf

    [root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
setuid = nobody
setgid = nobody
pid =
foreground = yes
;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
options = NO_SSLv2
[myservice]
client = yes
accept = 127.0.0.1:8080
connect = 192.168.3.244:8888

  • Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

    [root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
Documentation=man:stunnel https://www.stunnel.org/docs.html
DefaultDependencies=no
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=stunnel.target

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/stunnel.conf 
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
#LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections

[root@dhcp234-128 ~]#

  • Check if stunnel is already running.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel

  • Enable and start the service.

    [root@dhcp234-128 ~]# systemctl enable stunnel.service --now

  • Verify if it's running.

    [root@dhcp234-128 ~]# ps -ef | grep stunnel
nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
[root@dhcp234-128 ~]#

  • Verify if it's listening on correct port configured for it.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
[root@dhcp234-128 ~]#
Posted - Thu, Jan 16, 2020 5:05 PM. This article has been viewed 11435 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By Behnam - Mon, Sep 27th, 2021 8:14 PM
systemctl enable stunnel.service --now and systemctl restart stunnel output: Failed to start SSL tunnel for network daemons Can you help me? Yes, Can you send me configuration your stunnel file?
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
What UUIDs can do for you
Viewed 2518 times since Tue, Jul 17, 2018
12 Linux Rsync Options in Linux Explained
Viewed 13012 times since Wed, Oct 31, 2018
Linux: how to monitor the nofile limit
Viewed 11738 times since Wed, Jul 25, 2018
Deskshare TLS over Stunnel
Viewed 3492 times since Fri, Sep 28, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 3272 times since Sat, Jun 2, 2018
BIND for the Small LAN
Viewed 4210 times since Sun, May 20, 2018
How to manage Linux password expiry with the chage command
Viewed 12062 times since Tue, Sep 11, 2018
linux manual tools
Viewed 3575 times since Fri, Sep 28, 2018
RHCS6: ’fencing’ basics
Viewed 3068 times since Sun, Jun 3, 2018
Using etckeeper with git
Viewed 7860 times since Sun, Jun 3, 2018