Starting Stunnel On Boot With CentOS7

Home » CentOS » Starting Stunnel On Boot With CentOS7
CentOS 6 Comments

The stunnel package doesn’t come with an init script and systemctl doesn’t list it as a service I recognize, I guess I could put it in /etc/rd.d/rc.local or create a script in /etc/rc.d/init.d but thought I’d ask before creating my own solution.

Confidentiality Notice | This email and any included attachments may be privileged, confidential and/or otherwise protected from disclosure. Access to this email by anyone other than the intended recipient is unauthorized. If you believe you have received this email in error, please contact the sender immediately and delete all copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

6 thoughts on - Starting Stunnel On Boot With CentOS7

  • stunnel wraps a plaintext service in an SSL session. Why would you expect it to have a service installed by default? What would it wrap?

    Awww…. there goes my plans to print out your email and hand it out to people in the subway…

  • On my CenOS7 system with stunnel from base

    stunnel-4.56-4.el7.x86_64

    there’s a systemd service file

    /etc/systemd/system/stunnel.service

    try

    sudo systemctl enable stunnel.service

    Hope this helps,

    K
    ​al​

  • Packaged unit files are in /usr/lib/systemd/system … someone put that there as a local configuration (rpm -qf /path/to/file to it to verify)

    Of course this is what the OP should do too … a very simple unit file that matches his needs…

    cat > /etc/systemd/system/stunnel.service <
    [Service]
    ExecStart=/usr/bin/stunnel /etc/stunnel/myconf.conf

    [Install]
    WantedBy=multi-user.target EOF

    In the config file set foreground to yes ….

    For a more advanced setup use a template like:

    cat > /etc/systemd/stunnel@.service <<
    [Service]
    ExecStart=/usr/bin/stunnel /etc/stunnel/%i.conf

    [Install]
    WantedBy=multi-user.target EOF

    Don’t forget to systemctl daemon-reload after adding one of these…

    Using the template method you’d enable it with the name of the config file of interest … remember to have foreground=yes …

    Given the config /etc/stunnel/snowflake.conf …

    systemctl enable stunnel@snowflake.service

    systemctl start stunnel@snowflake.service

  • Thank you for your reply. I must be “the king of weird”:

    rpm -qa | grep stunnel returns stunnel-4.56-4.el7.x86_64

    rpm -ql stunnel returns (nothing in /etc/ststemd, of course, it could be a script)

    /etc/stunnel
    /usr/bin/stunnel
    /usr/lib64/stunnel
    /usr/lib64/stunnel/libstunnel.so
    /usr/share/doc/stunnel-4.56
    /usr/share/doc/stunnel-4.56/AUTHORS
    /usr/share/doc/stunnel-4.56/BUGS
    /usr/share/doc/stunnel-4.56/COPYING
    /usr/share/doc/stunnel-4.56/COPYRIGHT.GPL
    /usr/share/doc/stunnel-4.56/CREDITS
    /usr/share/doc/stunnel-4.56/Certificate-Creation
    /usr/share/doc/stunnel-4.56/ChangeLog
    /usr/share/doc/stunnel-4.56/PORTS
    /usr/share/doc/stunnel-4.56/README
    /usr/share/doc/stunnel-4.56/TODO
    /usr/share/doc/stunnel-4.56/VNC_StunnelHOWTO.html
    /usr/share/doc/stunnel-4.56/faq.stunnel-2.html
    /usr/share/doc/stunnel-4.56/pop3-redirect.xinetd
    /usr/share/doc/stunnel-4.56/sfinger.xinetd
    /usr/share/doc/stunnel-4.56/stunnel-pop3s-client.conf
    /usr/share/doc/stunnel-4.56/stunnel-sfinger.conf
    /usr/share/doc/stunnel-4.56/stunnel.conf-sample
    /usr/share/doc/stunnel-4.56/tworzenie_certyfikatow.html
    /usr/share/man/fr/man8/stunnel.8.gz
    /usr/share/man/man8/stunnel.8.gz
    /usr/share/man/pl/man8/stunnel.8.gz

    rpm -q –scripts stunnel returns nothing, I haven’t ever used this before so I may have done it wrong.

    Anyway, there is no /etc/systemd/system/stunnel.service on the system.

    This isn’t the first time I’ve encountered anomalous behavior so I guess I’m just “lucky”. I have no idea which repo I pulled it from but I’m not using exotic ones.

    —– Original Message —–
    From: “Kahlil Hodgson”
    To: “CentOS mailing list”
    Sent: Tuesday, December 22, 2015 11:38:46 PM
    Subject: Re: [CentOS] Starting stunnel on boot with CentOS7

    On my CenOS7 system with stunnel from base

    stunnel-4.56-4.el7.x86_64

    there’s a systemd service file

    /etc/systemd/system/stunnel.service

    try

    sudo systemctl enable stunnel.service

    Hope this helps,

    K
    ​al​

  • Hmmm, you obviously know a lot more about systemd than I do, I’m going to have to look at what you posted more carefully. Thanks.

    —– Original Message —

  • ​Apologies. My bad. The service file was copied across from F22.

    # Service file from Fedora 22

    [Unit]
    Description=SSL tunnel for network daemons After=syslog.target network.target

    [Service]
    ExecStart=/usr/bin/stunnel Type=forking PrivateTmp=true

    [Install]
    WantedBy=multi-user.target