Ноябрь 6th, 2013 
Evgeniy Kamenev Установка и настройка Stunnel на Centos 5
1. Установка stunnel
yum install stunnel
2. Настройка Stunnel
nano /etc/stunnel/stunnel.conf
chroot = /var/run/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid
debug = 4
output = /stunnel.log
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
[https]
accept = 443
connect = 80
mkdir /var/run/stunnel
chown -R nobody:nobody /var/run/stunnel/
touch /var/run/stunnel/stunnel.log
Генерируем самоподписной сертификат
cd /etc/stunnel
openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
3.Создание скрипта запуска stunnel-run
nano /usr/local/sbin/stunnel-run
#!/bin/bash
if [ -f /var/run/stunnel/stunnel.pid ]; then
ps aux |grep -v grep |grep $pid |grep stunnel > /dev/null
if [ $? = 0 ]; then
echo «Server is already running !!»
else
echo «Pid file exists but process not found … trying to
start stunnel»
/usr/sbin/stunnel /etc/stunnel/stunnel.conf
fi
rm -f /tmp/stunnelrun > /dev/null
else
echo «Pid file not found. Starting stunnel.»
/usr/sbin/stunnel /etc/stunnel/stunnel.conf
Fi
Запуск stunnel(ручной)
Добавляем в планировщик cron
nano /etc/cron.d/stunnel
*/15 * * * * /usr/local/sbin/stunnel-run 2>&1 > /dev/null
Т.е каждые 15 мин будет проверятся и запускаться,если не зупущен stunnel
/etc/init.d/crond restart
Или,как второй вариант стартового скрипта(альтернатива)
Создаем стартовый скрипт
nano /etc/init.d/stunnel
#!/bin/bash
#
# Init Script to run stunnel in daemon mode at boot time.
#
# Author: Riccardo Riva — RPM S.r.l.
# Revision 1.0 — 2010 November, 11
#====================================================================
# Run level information:
#
# chkconfig: 2345 99 99
# description: Secure Tunnel
# processname: stunnel
#
# Run «/sbin/chkconfig —add stunnel» to add the Run levels.
# This will setup the symlinks and set the process to run at boot.
#====================================================================
#====================================================================
# Paths and variables and system checks.
# Source function library
. /etc/rc.d/init.d/functions
# Check that networking is up.
#
[ ${NETWORKING} =»yes» ] || exit 0
# Path to the executable.
#
SEXE=/usr/bin/stunnel
# Path to the configuration file.
#
CONF=/etc/stunnel/stunnel.conf
# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo «The configuration file cannot be found!»
exit 0
fi
# Path to the lock file.
#
LOCK_FILE=/var/run/stunnel/stunnel.pid
#====================================================================
# Run controls:
prog=$»stunnel»
RETVAL=0
# Start stunnel as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo «stunnel is already running!»
exit 0
else
echo -n $»Starting $prog: »
$SEXE $CONF
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
# Stop stunnel.
#
stop() {
if [ ! -f $LOCK_FILE ]; then
echo «stunnel is not running!»
exit 0
else
echo -n $»Shutting down $prog: »
#killproc stunnel
killall -9 stunnel
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
echo
return $RETVAL
fi
}
# See how we were called.
case «$1″ in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status stunnel
RETVAL=$?
;;
*)
echo $»Usage: $0 {start|stop|restart|condrestart|status}»
RETVAL=1
esac
exit $RETVAL
Ставим в автозагрузку
chkconfig —add stunnel
Теперь запускаем стандартным способом
/etc/init.d/stunnel start
Источники:
Опубликовано в рубрике 
Метки: