Installing Stunnel client on CentOS 6.6

I had some troubles to get Stunnel running myself so wrote down those working steps. I’ve tested this on Digital Ocean with CentOS 6.6 Final running on my servers.

It’s possible to setup one Stunnel server and have multiple clients connect to them. You can also add multiple services to run on one Stunnel server.

For my setup I needed 10 clients to connect to one server to direct https traffic over the internet to my varnish backend server.

yum install stunnel

nano /etc/stunnel/stunnel.conf

This is my basic configuration:
chroot = /var/run/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid
client = yes

[varnish]
accept = 127.0.0.1:8001
connect = REMOTEHOST:8001

Change “REMOTEHOST” to your remote Stunnel host

you might run into problems later if those directories don’t exist – what was a problem I faced that took me some time to figure out:

mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel

If you prefer to have init.d script for Stunnel follow these steps to have ability to do “service stunnel start / stop / reload”

nano /etc/rc.d/init.d/stunnel

#!/bin/bash
#
# Init Script to run stunnel in daemon mode at boot time.
#
# Author: Riccardo Riva - RPM S.r.l.
# Revision 1.0 - 2010 November, 11

#====================================================================
# Run level information:
#
# chkconfig: 2345 99 99
# description: Secure Tunnel
# processname: stunnel
#
# Run "/sbin/chkconfig --add stunnel" to add the Run levels.
# This will setup the symlinks and set the process to run at boot.
#====================================================================

#====================================================================
# Paths and variables and system checks.

# Source function library
. /etc/rc.d/init.d/functions

# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0

# Path to the executable.
#
SEXE=/usr/bin/stunnel

# Path to the configuration file.
#
CONF=/etc/stunnel/stunnel.conf

# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo "The configuration file cannot be found!"
exit 0
fi

# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/stunnel

#====================================================================

# Run controls:

prog=$"stunnel"

RETVAL=0

# Start stunnel as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo "stunnel is already running!"
exit 0
else
echo -n $"Starting $prog: "
$SEXE $CONF
fi

RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}

# Stop stunnel.
#
stop() {
if [ ! -f $LOCK_FILE ]; then
echo "stunnel is not running!"
exit 0

else

echo -n $"Shutting down $prog: "
killproc stunnel
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
echo
return $RETVAL

fi
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status stunnel
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=1
esac

exit $RETVAL

#--- End of file ---

if you are running Centos 5 you might want to change this line:
SEXE=/usr/bin/stunnel

to this:
SEXE=/usr/sbin/stunnel

chmod +x /etc/rc.d/init.d/stunnel
make the init.d script executable

/sbin/chkconfig --add stunnel
Have stunnel start up after a server reboot !

service stunnel start

That’s it.. now you have stunnel installed and running