Now I have confirmed that my problems was due to the Ubuntu package. I
compiled stunnel from source and replaced the ubuntu binary with the
compiled one. Now it has been up for a few days rather than hours like
before.
//Marcus
On Fri, Oct 3, 2008 at 11:16 AM, Marcus Herou <marcus.herou#tailsweep.com>wrote:
> I as well installed the Ubuntu package. I was just sharing my experiences
> not deeming stunnel which I believe is great. However I had issues.
>
> /M
>
>
> On Fri, Oct 3, 2008 at 11:10 AM, Unai Rodriguez <me#u-journal.org> wrote:
>
>> I have been using STUNNEL 3.26 happily for more than a year on a
>> production
>> environment with no issues. I just installed the precompiled debian
>> package
>> (apt-get install stunnel), then I wrote a little script to start/stop it
>> (than I can provide) which basically is (with some other things):
>>
>>
>> ==============================================================================
>> # Level is a one of the syslog level names or numbers emerg (0), alert
>> (1),
>> crit (2), err (3), warning (4),
>> # notice (5), info (6), or debug (7). All logs for the specified level
>> and
>> all levels numerically less than it
>> # will be shown. Use -D debug or -D 7 for greatest debugging output.
>> LOGLEVEL="3"
>> LOG_FILE="/var/log/stunnel/stunnel.log"
>>
>> # Where is /usr/sbin/stunnel listening?
>> LISTEN_HOST="10.123.16.101"
>> LISTEN_PORT="443"
>>
>> # connect to remote service
>> # If no host specified, defaults to localhost
>> CONNECT_TO_HOST="10.123.16.101"
>> CONNECT_TO_PORT="80"
>>
>> # File containing random input. The SSL library will use data from this
>> file first to seed the random number generator.
>> # You can leave this alone ;-) (unai)
>> RND_FILE="/etc/ssl/certs/stunnel.rnd"
>>
>> # private key and certificate chain PEM file name.
>> # Probably the most important setting!!! (unai)
>> PEM_FILE="/etc/ssl/certs/stunnel.pem"
>>
>> # Service name to use for tcpwrappers. If not specified then a tcpwrapper
>> # service name will be generated automatically for you. This will also be
>> # used when auto-generating pid filenames.
>> SERVICENAME="https"
>>
>> # Pid directory location
>> PID_DIR="/var/run/stunnel"
>> /usr/sbin/stunnel -d $LISTEN_HOST:$LISTEN_PORT -D $LOGLEVEL \
>> -R $RND_FILE -p $PEM_FILE -o $LOG_FILE \
>> -r
>> $CONNECT_TO_HOST:$CONNECT_TO_PORT \
>> -N $SERVICENAME -P $PID_DIR
>>
>> ==============================================================================
>>
>> It is true that I had "initial headaches" installing the SSL certificates,
>> but once passed that stage, everything has been really smooth.
>>
>> unai
>>
>>
>> On Fri, 3 Oct 2008 09:08:57 +0200, "Marcus Herou"
>> <marcus.herou#tailsweep.com> wrote:
>> > Well yes I had troubles with permissions initially but I sorted that out
>> > and
>> > it worked perfectly for hours in a rowthen suddenly out of the blue it
>> > allocated 100% cpu.
>> >
>> > Hmm I though kill pid.... restart service. Then again after some hours
>> the
>> > same stuff happened. Because of lacking time I just took the easy way
>> out
>> > and installed lighttpd. I don't like lighttpd as a central
>> infrastructure
>> > component though and will test stunnel again.
>> >
>> > /M
>> >
>> >
>> >
>> > On Fri, Oct 3, 2008 at 8:45 AM, Benoit <maverick#maverick.eu.org>
>> wrote:
>> >
>> >>
>> >>
>> >> Marcus Herou a écrit :
>> >>
>> >>> I used Stunnel earlier this week but the strangest things happened and
>> > it
>> >>> allocated 100% of the CPU etc. Really strange. I stopped it and just
>> >>> installed lighttpd with ssl support which proxies everything to
>> > haproxy.
>> >>>
>> >> You may have trouble with your chroot (unsufficient access right for
>> >> example),
>> >> you may check syslog
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> >
>>
>>
>
>
> --
> Marcus Herou CTO and co-founder Tailsweep AB
> +46702561312
> marcus.herou#tailsweep.com
> http://www.tailsweep.com/
> http://blogg.tailsweep.com/
>
-- Marcus Herou CTO and co-founder Tailsweep AB +46702561312 marcus.herou#tailsweep.com http://www.tailsweep.com/ http://blogg.tailsweep.com/Received on 2008/10/23 07:08
This archive was generated by hypermail 2.2.0 : 2008/10/23 07:15 CEST