1.Установка Stunnel
cd /usr/ports/security/stunnel
make install
В /etc/rc.conf добавляем
stunnel_enable=»YES»
stunnel_pidfile=»/var/tmp/stunnel/stunnel.pid»
2.Настройка Stunnel
cp /usr/local/etc/stunnel/stunnel.conf-sample /usr/local/etc/stunnel/stunnel.conf
mkdir /var/tmp/stunnel
chown -R stunnel:stunnel /var/tmp/stunnel/
chmod -R 700 /var/tmp/stunnel/
Генерируем самлплдрисной сертификат
cd /usr/local/etc/stunnel/
openssl req -new -x509 -days 3650 -nodes -out stunnel.cert -keyout stunnel.key
Country Name (2 letter code) [AU]:UA
State or Province Name (full name) [Some-State]:Kharkov
Locality Name (eg, city) []:Kharkov
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sda-techs
Organizational Unit Name (eg, section) []:It-Department
Common Name (eg, YOUR name) []:freebsd9.kamaok.org.ua #Обязательно ввести здесь FQDN-сервера(вывод команды hostname –f)
Email Address []:
chmod 600 /usr/local/etc/stunnel/stunne.cert
chmod 600 /usr/local/etc/stunnel/stunne.key
nano /usr/local/etc/stunnel/stunnel.conf
chroot = /var/tmp/stunnel
setuid = stunnel
setuid = stunnel
pid = /stunnel.pid
debug = 3
output = /stunnel.log
cert = /usr/local/etc/stunnel/stunnel.cert
key = /usr/local/etc/stunnel/stunnel.key
[https]
accept = 443
connect = 80
;TIMEOUTclose = 0
Важно!!!
В /etc/rc.conf обязательно принудительно указать путь к pid-файлу stunnel в /etc/rc.conf
stunnel_pidfile=»/var/tmp/stunnel/stunnel.pid»
Т.к stunnel запускаетс я в chroot-режиме(chroot = /var/tmp/stunnel), а путь к pid-файлу прописан относительно chroot-директории в конфиге
pid = /stunnel.pid
3.Запуск и проверка корректности запуска
/usr/local/etc/rc.d/stunnel start
freebsd9# sockstat | grep stunnel
stunnel stunnel 46881 6 dgram -> /var/run/logpriv
stunnel stunnel 46881 7 tcp4 *:443 *:*
Логи смотрим в /var/tmp/stunnel/stunnel.log
tail -f /var/tmp/stunnel/stunnel.log
Источник:
1.http://samag.ru/archive/article/389
2.http://www.sslnika.ru/faqs/59—stunnel.html