I as well installed the Ubuntu package. I was just sharing my experiences
not deeming stunnel which I believe is great. However I had issues.
/M
On Fri, Oct 3, 2008 at 11:10 AM, Unai Rodriguez <me#u-journal.org> wrote:
> I have been using STUNNEL 3.26 happily for more than a year on a production
> environment with no issues. I just installed the precompiled debian package
> (apt-get install stunnel), then I wrote a little script to start/stop it
> (than I can provide) which basically is (with some other things):
>
>
> ==============================================================================
> # Level is a one of the syslog level names or numbers emerg (0), alert (1),
> crit (2), err (3), warning (4),
> # notice (5), info (6), or debug (7). All logs for the specified level and
> all levels numerically less than it
> # will be shown. Use -D debug or -D 7 for greatest debugging output.
> LOGLEVEL="3"
> LOG_FILE="/var/log/stunnel/stunnel.log"
>
> # Where is /usr/sbin/stunnel listening?
> LISTEN_HOST="10.123.16.101"
> LISTEN_PORT="443"
>
> # connect to remote service
> # If no host specified, defaults to localhost
> CONNECT_TO_HOST="10.123.16.101"
> CONNECT_TO_PORT="80"
>
> # File containing random input. The SSL library will use data from this
> file first to seed the random number generator.
> # You can leave this alone ;-) (unai)
> RND_FILE="/etc/ssl/certs/stunnel.rnd"
>
> # private key and certificate chain PEM file name.
> # Probably the most important setting!!! (unai)
> PEM_FILE="/etc/ssl/certs/stunnel.pem"
>
> # Service name to use for tcpwrappers. If not specified then a tcpwrapper
> # service name will be generated automatically for you. This will also be
> # used when auto-generating pid filenames.
> SERVICENAME="https"
>
> # Pid directory location
> PID_DIR="/var/run/stunnel"
> /usr/sbin/stunnel -d $LISTEN_HOST:$LISTEN_PORT -D $LOGLEVEL \
> -R $RND_FILE -p $PEM_FILE -o $LOG_FILE \
> -r
> $CONNECT_TO_HOST:$CONNECT_TO_PORT \
> -N $SERVICENAME -P $PID_DIR
>
> ==============================================================================
>
> It is true that I had "initial headaches" installing the SSL certificates,
> but once passed that stage, everything has been really smooth.
>
> unai
>
>
> On Fri, 3 Oct 2008 09:08:57 +0200, "Marcus Herou"
> <marcus.herou#tailsweep.com> wrote:
> > Well yes I had troubles with permissions initially but I sorted that out
> > and
> > it worked perfectly for hours in a rowthen suddenly out of the blue it
> > allocated 100% cpu.
> >
> > Hmm I though kill pid.... restart service. Then again after some hours
> the
> > same stuff happened. Because of lacking time I just took the easy way out
> > and installed lighttpd. I don't like lighttpd as a central infrastructure
> > component though and will test stunnel again.
> >
> > /M
> >
> >
> >
> > On Fri, Oct 3, 2008 at 8:45 AM, Benoit <maverick#maverick.eu.org> wrote:
> >
> >>
> >>
> >> Marcus Herou a écrit :
> >>
> >>> I used Stunnel earlier this week but the strangest things happened and
> > it
> >>> allocated 100% of the CPU etc. Really strange. I stopped it and just
> >>> installed lighttpd with ssl support which proxies everything to
> > haproxy.
> >>>
> >> You may have trouble with your chroot (unsufficient access right for
> >> example),
> >> you may check syslog
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
>
>
-- Marcus Herou CTO and co-founder Tailsweep AB +46702561312 marcus.herou#tailsweep.com http://www.tailsweep.com/ http://blogg.tailsweep.com/Received on 2008/10/03 11:16
This archive was generated by hypermail 2.2.0 : 2008/10/03 11:32 CEST