How to create stunnel with systemd? stunnel -

How to create stunnel with systemd? stunnel

Environment

Red Hat Enterprise Linux 7+
systemd
stunnel

Issue

How to create stunnel with systemd?

Resolution

(Assuming Server side stunnel is already available and this is going to be client side.)
(Optional) copy .pem file from server to client (Using scp, ftp, sftp or whatever option available for copy data from one system to another)

Example of stunnel.conf

[root@dhcp234-128 ~]# cat /etc/stunnel/stunnel.conf 
setuid = nobody
setgid = nobody
pid =
foreground = yes
;cert = /etc/stunnel/stunnel.pem  ## Location of .pem copied from server (uncomment if using a .pem file)
options = NO_SSLv2
[myservice]
client = yes
accept = 127.0.0.1:8080
connect = 192.168.3.244:8888

Create unit file for systemd. At the time of writing this article, there is no default unit file systemd is providing. Engineering request has been filed for the same to ship default unit file.

[root@dhcp234-128 ~]# cat /etc/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
Documentation=man:stunnel https://www.stunnel.org/docs.html
DefaultDependencies=no
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=stunnel.target

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/stunnel.conf 
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
#LimitNOFILE=infinity            <-- uncomment to increase maximum number of client connections

[root@dhcp234-128 ~]#

Check if stunnel is already running.

[root@dhcp234-128 ~]# netstat -tnlp | grep stunnel

Enable and start the service.

[root@dhcp234-128 ~]# systemctl enable stunnel.service --now

Verify if it's running.

[root@dhcp234-128 ~]# ps -ef | grep stunnel
nobody    2517     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2518     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2519     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2520     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2521     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
nobody    2522     1  0 01:06 ?        00:00:00 /usr/bin/stunnel /etc/stunnel/stunnel.conf
[root@dhcp234-128 ~]#

Verify if it's listening on correct port configured for it.

[root@dhcp234-128 ~]# netstat -tnlp | grep stunnel
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2522/stunnel        
[root@dhcp234-128 ~]#

Article Number: 651
Posted: Thu, Jan 16, 2020 5:05 PM
Last Updated: Thu, Jan 16, 2020 5:05 PM

Online URL: http://kb.ictbanking.net/article.php?id=651