129 lines
2.8 KiB
Plaintext
129 lines
2.8 KiB
Plaintext
# Sample stunnel configuration file
|
|
# Copyright by Michal Trojnara 2002-2004
|
|
# --with changes for SuSE package
|
|
|
|
# client = yes | no
|
|
# client mode (remote service uses SSL)
|
|
# default: no (server mode)
|
|
client = no
|
|
|
|
#
|
|
# chroot + user (comment out to disable)
|
|
#
|
|
chroot = /var/lib/stunnel/
|
|
setuid = stunnel
|
|
setgid = nogroup
|
|
# note about the chroot feature and the "exec" keyword to start other services...
|
|
# while the init script /etc/init.d/stunnel will copy the binaries and libraries
|
|
# into the chroot jail, more files might be needed in the jail (configuration
|
|
# files etc.)
|
|
|
|
pid = /var/run/stunnel.pid
|
|
|
|
#
|
|
# debugging
|
|
#
|
|
#debug = 7
|
|
#output = stunnel.log
|
|
|
|
#
|
|
# Some performance tunings
|
|
#
|
|
# disable Nagle algorithm (a.k.a. tinygram prevention, see man 7 tcp)
|
|
socket = l:TCP_NODELAY=1
|
|
socket = r:TCP_NODELAY=1
|
|
#compression = rle
|
|
|
|
# Workaround for Eudora bug
|
|
#options = DONT_INSERT_EMPTY_FRAGMENTS
|
|
|
|
# Authentication stuff
|
|
#verify = 2
|
|
# Don't forget to c_rehash CApath; CApath is located inside chroot jail:
|
|
#CApath = /certs
|
|
# It's often easier to use CAfile:
|
|
#CAfile = /etc/stunnel/certs.pem
|
|
# Don't forget to c_rehash CRLpath; CRLpath is located inside chroot jail:
|
|
#CRLpath = /crls
|
|
# Alternatively you can use CRLfile:
|
|
#CRLfile = /etc/stunnel/crls.pem
|
|
|
|
cert = /etc/stunnel/stunnel.pem
|
|
|
|
|
|
#
|
|
# Examples for service-level configuration:
|
|
#
|
|
|
|
# [pop3s]
|
|
# accept = 995
|
|
# connect = 110
|
|
|
|
# [imaps]
|
|
# accept = 993
|
|
# connect = 143
|
|
|
|
# [imaps]
|
|
# accept = 993
|
|
# exec = /usr/sbin/imapd
|
|
# execargs = imapd
|
|
# pty = no
|
|
|
|
# [ssmtp]
|
|
# accept = 465
|
|
# connect = 25
|
|
|
|
# [s1]
|
|
# accept = 5000
|
|
# connect = mail.example.com:110
|
|
# delay = yes
|
|
|
|
# [s2]
|
|
# accept = 5001
|
|
# connect = mail.example.com:25
|
|
|
|
# [https]
|
|
# accept = 443
|
|
# connect = 80
|
|
# TIMEOUTclose = 0
|
|
|
|
# [swat]
|
|
# accept = 902
|
|
# connect = 901
|
|
|
|
#
|
|
# mysql over stunnel example:
|
|
#
|
|
# [mysqls] <-- on the server
|
|
# accept = 3307
|
|
# connect = localhost:mysql
|
|
#
|
|
# client = yes <-- on the client
|
|
# [mysqls]
|
|
# accept = 3307
|
|
# connect = remote-mysql-server.example.com:3307
|
|
#
|
|
# Hint. Use the mysql client with "-h 127.0.0.1", not "-h localhost", because
|
|
# "localhost" will mean it will go through the local socket and ignore the port.
|
|
|
|
#
|
|
# pppd over stunnel example:
|
|
# (note: read http://sites.inka.de/sites/bigred/devel/tcp-tcp.html , and
|
|
# look for better alternatives like cipe or openvpn.)
|
|
#
|
|
# [ppp] <-- on the server
|
|
# accept = 2020
|
|
# exec = /usr/sbin/pppd
|
|
# execargs = pppd local
|
|
# # the pty option doesn't work in chroot jail without further efforts
|
|
# #pty = yes
|
|
#
|
|
#
|
|
# [ppp] <-- on the "client"
|
|
# connect = host.example.com:2020
|
|
# exec = /usr/sbin/pppd
|
|
# execargs = pppd local nodeflate nobsdcomp 192.168.20.20:192.168.20.21
|
|
# # the pty option doesn't work in chroot jail without further efforts
|
|
# #pty = yes
|
|
|