Home » Categories » Linux

How to create stunnel with systemd? stunnel

Article Number: 651 | Rating: Unrated | Last Updated: Thu, Jan 16, 2020 5:05 PM

How to create stunnel with systemd?

Solution Verified - Updated -
English

Environment

  • Red Hat Enterprise Linux 7+
  • systemd
  • stunnel

Issue

  • How to create stunnel with systemd?

Resolution

  • (Assuming Server side stunnel is already available and this is going to be client side.)

  • (Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

  • Example of stunnel.conf

    [root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
setuid = nobody
setgid = nobody
pid =
foreground = yes
;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
options = NO_SSLv2
[myservice]
client = yes
accept = 127.0.0.1:8080
connect = 192.168.3.244:8888

  • Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

    [root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
Documentation=man:stunnel https://www.stunnel.org/docs.html
DefaultDependencies=no
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=stunnel.target

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/stunnel.conf 
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
#LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections

[root@dhcp234-128 ~]#

  • Check if stunnel is already running.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel

  • Enable and start the service.

    [root@dhcp234-128 ~]# systemctl enable stunnel.service --now

  • Verify if it's running.

    [root@dhcp234-128 ~]# ps -ef | grep stunnel
nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
[root@dhcp234-128 ~]#

  • Verify if it's listening on correct port configured for it.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
[root@dhcp234-128 ~]#
Posted - Thu, Jan 16, 2020 5:05 PM. This article has been viewed 1712 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux Network (TCP) Performance Tuning with Sysctl
Viewed 5544 times since Fri, Aug 3, 2018
How To Add Swap Space on Ubuntu 16.04
Viewed 830 times since Fri, Jun 8, 2018
Linux Find Large Files
Viewed 1003 times since Mon, Oct 29, 2018
RHEL: udev rules basics
Viewed 1706 times since Sat, Jun 2, 2018
OpenSSL – sprawdzanie czy klucz pasuje do certyfikatu
Viewed 1248 times since Thu, May 24, 2018
RHEL: Crash kernel dumps configuration and analysis on RHEL 5
Viewed 1627 times since Sat, Jun 2, 2018
stunnel How To Encrypt Traffic to Redis with Stunnel on Ubuntu 16.04
Viewed 219 times since Sun, Dec 6, 2020
How to Clear RAM Memory Cache, Buffer and Swap Space on Linux
Viewed 368 times since Mon, Nov 23, 2020
linux ssh Remotely Initiated Reverse SSH Tunnel
Viewed 578 times since Wed, Apr 22, 2020
RHEL7: How to get started with Firewalld.
Viewed 1999 times since Wed, May 22, 2019