How to create stunnel with systemd? stunnel

How to create stunnel with systemd?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7+
  • systemd
  • stunnel

Issue

  • How to create stunnel with systemd?

Resolution

  • (Assuming Server side stunnel is already available and this is going to be client side.)

  • (Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

  • Example of stunnel.conf

    [root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
    setuid = nobody
    setgid = nobody
    pid =
    foreground = yes
    ;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
    options = NO_SSLv2
    [myservice]
    client = yes
    accept = 127.0.0.1:8080
    connect = 192.168.3.244:8888
    
  • Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

    [root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
    [Unit]
    Description=SSL tunnel for network daemons
    Documentation=man:stunnel https://www.stunnel.org/docs.html
    DefaultDependencies=no
    After=network.target
    After=syslog.target
    
    [Install]
    WantedBy=multi-user.target
    Alias=stunnel.target
    
    [Service]
    Type=forking
    EnvironmentFile=-/etc/sysconfig/stunnel.conf 
    ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
    #LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections
    
    [root@dhcp234-128 ~]# 
    
  • Check if stunnel is already running.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
    
  • Enable and start the service.

    [root@dhcp234-128 ~]# systemctl enable stunnel.service --now
    
  • Verify if it's running.

    [root@dhcp234-128 ~]# ps -ef | grep stunnel
    nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
    [root@dhcp234-128 ~]# 
    
  • Verify if it's listening on correct port configured for it.

    [root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
    [root@dhcp234-128 ~]# 
    
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By Behnam - Mon, Sep 27th, 2021 8:14 PM
systemctl enable stunnel.service --now and systemctl restart stunnel output: Failed to start SSL tunnel for network daemons Can you help me? Yes, Can you send me configuration your stunnel file?
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHCS6: Luci - the cluster management console
Viewed 3246 times since Sun, Jun 3, 2018
CentOS / RHEL 7 : Configuring an NFS server and NFS client Linux NFS
Viewed 16469 times since Fri, Feb 21, 2020
systemd Auto-restart a crashed service in systemd
Viewed 3243 times since Fri, Jan 17, 2020
Logowanie za pomocą kluczy Secure Shell
Viewed 2987 times since Thu, May 24, 2018
Prosty skaner portów TCP w bash
Viewed 3343 times since Thu, May 24, 2018
Exclude multiple files and directories with rsync
Viewed 2564 times since Wed, Oct 31, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 2505 times since Sat, Jun 2, 2018
Top 4 Reasons for Node Reboot or Node Eviction in Real Application Cluster (RAC) Environment
Viewed 99027 times since Thu, Jun 21, 2018
RHEL: Bonding network interfaces
Viewed 3735 times since Sat, Jun 2, 2018
Używanie rsync poprzez Secure Shell
Viewed 41256 times since Thu, May 24, 2018