Configuration Information
As the root
user, create the
directory used for the .pid
file
that is created when the stunnel
daemon starts:
install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run
Next, create a basic /etc/stunnel/stunnel.conf
configuration file
using the following commands as the root
user:
cat >/etc/stunnel/stunnel.conf << "EOF" &&
; File: /etc/stunnel/stunnel.conf
pid = /run/stunnel.pid
chroot = /var/lib/stunnel
client = no
setuid = stunnel
setgid = stunnel
cert = /etc/stunnel/stunnel.pem
EOF
chmod -v 644 /etc/stunnel/stunnel.conf
Finally, you need to add the service(s) you wish to encrypt to
the configuration file. The format is as follows:
[<service>
]
accept = <hostname:portnumber>
connect = <hostname:portnumber>
If you use stunnel to encrypt a
daemon started from [x]inetd, you may need to
disable that daemon in the /etc/[x]inetd.conf
file and enable a
corresponding <service>
_stunnel service.
You may have to add an appropriate entry in /etc/services
as well.
For a full explanation of the commands and syntax used in the
configuration file, run man
stunnel. To see a BLFS example of an actual setup
of an stunnel
encrypted service, read the the section called “Configuring
SWAT” in the Samba
instructions.