Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-17-2009, 12:14 PM   #1
LQ Newbie
Registered: Apr 2009
Posts: 6

Rep: Reputation: 0
Stunnel4 as server


I tried many ways to configure this program (Stunnel4) but cannot install it correctly.

Right now, I got Ubuntu 9.04 normal edition installed. I got aMule and Deluge (2 P2P programs). I was able to install them, to make them run as deamons and run them on startup. In fact, thoses programs can be acess thru http request. I want then to be ussed HTTPS request instead (I know that deluge can do that by internal options but prefer to configure only 1 SSL program for thoses 2 applications, plus another that will control a PHP script.

So I installed by Synaptic the only package Stunnel4.
I created 2 self-certificate (a .KEY and a .CRT files that I renamed for Stunnel).

This is that I got for Stunnel.conf (located at /usr/stunnel):
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/server.crt.pem
key = /etc/stunnel/server.key.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

accept = 995
connect = 110

accept = 993
connect = 143

accept = 465
connect = 25

;accept = 443
;connect = 80
;TIMEOUTclose = 0

accept = 40009
connect = 40010
TIMEOUTclose = 0

accept = 50009
connect = 50010
TIMEOUTclose = 0

; vim:ft=dosini
As you can see, I added at the end options for aMule and deluge.
Now, when I type:

http:\\ I enter Amule Web page
https:\\ DOES NOT WORK

http:\\ I enter deluge web page
https:\\ DOES NOT WORK

Others informations:
1) When I type stunnel4 in TERMINAL, promp return without error, but still does not work
2) When I type sudo stunnel4 and enter my password, it's the same thing as enter stunnel4, sill does not work.
3)Whnn I type /usr/bin/stunnel4, it's the same thing
4) files /etc/stunnel/server.crt.pem and etc/stunnel/server.key.pem does exist.

I need advice:
1) how to run it properly
2) how to put it on startup
3) where to look for more infos (log)


Old 05-23-2009, 09:27 PM   #2
LQ Newbie
Registered: Apr 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Goss evening.

Finally, I was able to make my program work partially but I still have to fix somes small issues.

Without knowing where was the program, I went to the stunnel website downloading the latest version of Stunnel (more recent than the one distributed with Ubuntu 9.04)

I compile it and installed on the same directory than the old one, but stil I got the same problem. I read on the website how to edit the file stunnel4 in /etc/init.d. So, i tried to match the path if files and able to run it. However, I still not able to run it on startup of my PC

This is the file stunnel4 I was talking about:
# Provides: stunnel4
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)

DESC="SSL tunnels"

get_pids() {
local file=$1
if test -f $file; then
CHROOT=`grep "^chroot" $file|sed "s;.*= *;;"`
PIDFILE=`grep "^pid" $file|sed "s;.*= *;;"`
if [ "$PIDFILE" = "" ]; then
if test -f $CHROOT/$PIDFILE; then

startdaemons() {
if ! [ -d /var/run/stunnel4 ]; then
rm -rf /var/run/stunnel4
install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
for file in $FILES; do
if test -f $file; then
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
echo -n "[Already running: $file] "
elif $DAEMON $ARGS; then
echo -n "[Started: $file] "
echo "[Failed: $file]"
echo "You should check that you have specified the pid= in you configuration file"
exit 1

for file in $FILES; do
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
echo -n "[stopped: $file] "

if [ "x$OPTIONS" != "x" ]; then

test -f /etc/default/stunnel4 && . /etc/default/stunnel4
test "$ENABLED" != "0" || exit 0

test -x $DAEMON || exit 0

set -e

case "$1" in
echo -n "Starting $DESC: "
echo "$NAME."
echo -n "Stopping $DESC: "
echo "$NAME."
#force-reload does not send a SIGHUP, since SIGHUP is interpreted as a
#quit signal by stunnel. I reported this problem to upstream authors.
echo -n "Restarting $DESC: "
sleep 5
echo "$NAME."
echo "Usage: $N {start|stop|force-reload|restart}" >&2
exit 1

exit 0
I called the files Stunnnel4 in /etc/init.d on startup with the command start but it does not work (in System -> Preferences -> Startup Applications)

If I type this command on console I got this error:
printmanager@S2:~$ /etc/init.d/stunnel4 start
Starting SSL tunnels: [Failed: /etc/stunnel/stunnel.conf]
You should check that you have specified the pid= in you configuration file
The SSL at this point is NOT working
So, I tried this command instead:
printmanager@S2:~$ sudo /etc/init.d/stunnel4 start
[sudo] password for printmanager:
Starting SSL tunnels: [Already running: /etc/stunnel/stunnel.conf] stunnel.
The error show is quite different. The process suppose to run but still not working.

So I did this:
printmanager@S2:~$ sudo /etc/init.d/stunnel4 restart
Restarting SSL tunnels: [stopped: /etc/stunnel/stunnel.conf] [Started: /etc/stunnel/stunnel.conf] stunnel.
Then it works now !! ut I still not able to put it correctly on startup. I though that a permission for my user (not ROOT) was missing somewhere.

This is the permission I got from various files:
printmanager@S2:~$ ls -als /etc/init.d/stunnel4
4 -rwxrwxrwx 1 root root 2429 2009-05-14 21:25 /etc/init.d/stunnel4

printmanager@S2:~$ ls -als /etc/stunnel/
total 36
4 drwxrwxrwx 2 root root 4096 2009-05-15 20:37 .
12 drwxr-xr-x 130 root root 12288 2009-05-23 20:55 ..
4 -rw-r--r-- 1 printmanager printmanager 1456 2009-05-05 21:06 server.crt.pem
4 -r-------- 1 printmanager printmanager 887 2009-05-06 21:18 server.key.pem
4 -rw-r--r-- 1 printmanager printmanager 963 2009-05-06 21:18
4 -rwxrwxrwx 1 root root 1617 2009-05-13 21:57 stunnel.conf
4 -rw-r--r-- 1 printmanager printmanager 1615 2009-05-13 21:57 stunnel.conf~
I want to where to look now...




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to monitor web server, FTP server, Mail server and database server vodka33us Programming 1 06-16-2008 05:20 AM
best distrubition for nas server and p2p download server and web server geosko Linux - Distributions 8 10-13-2006 10:20 AM
How the DNS-server is connected to work of a web-server and a mail-server? ukrainet Linux - Newbie 2 01-10-2005 10:18 PM
can we configure a Linux server with mail server,file server and web server kumarx Linux - Newbie 5 09-09-2004 07:21 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:41 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration