How to create stunnel with systemd? stunnel
Article Number: 651 | Rating: Unrated | Last Updated: Thu, Jan 16, 2020 5:05 PM
How to create stunnel with systemd?
Environment
- Red Hat Enterprise Linux 7+
- systemd
- stunnel
Issue
- How to create stunnel with systemd?
Resolution
-
(Assuming Server side stunnel is already available and this is going to be client side.)
-
(Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)
-
Example of stunnel.conf
[root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf setuid = nobody setgid = nobody pid = foreground = yes ;cert = /etc/stunnel/stunnel.pem ## Location of .pem copied from server (uncomment if using a .pem file) options = NO_SSLv2 [myservice] client = yes accept = 127.0.0.1:8080 connect = 192.168.3.244:8888 -
Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.
[root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service [Unit] Description=SSL tunnel for network daemons Documentation=man:stunnel https://www.stunnel.org/docs.html DefaultDependencies=no After=network.target After=syslog.target [Install] WantedBy=multi-user.target Alias=stunnel.target [Service] Type=forking EnvironmentFile=-/etc/sysconfig/stunnel.conf ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf #LimitNOFILE=infinity <-- uncomment to increase maximum number of client connections [root@dhcp234-128 ~]# -
Check if stunnel is already running.
[root@dhcp234-128 ~]# netstat -tnlp | grep stunnel -
Enable and start the service.
[root@dhcp234-128 ~]# systemctl enable stunnel.service --now -
Verify if it's running.
[root@dhcp234-128 ~]# ps -ef | grep stunnel nobody 2517 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf nobody 2518 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf nobody 2519 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf nobody 2520 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf nobody 2521 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf nobody 2522 1 0 01:06 ? 00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf [root@dhcp234-128 ~]# -
Verify if it's listening on correct port configured for it.
[root@dhcp234-128 ~]# netstat -tnlp | grep stunnel tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2522/stunnel [root@dhcp234-128 ~]#
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word