From: <abe...@us...> - 2012-09-03 17:42:37
|
Revision: 5660 http://astlinux.svn.sourceforge.net/astlinux/?rev=5660&view=rev Author: abelbeck Date: 2012-09-03 17:42:30 +0000 (Mon, 03 Sep 2012) Log Message: ----------- stunnel, add STUNNEL_CLIENT and STUNNEL_DEBUGLEVEL variables, fix permissions issue so running as 'nobody' now always works Modified Paths: -------------- branches/1.0/package/stunnel/stunnel.init branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf Modified: branches/1.0/package/stunnel/stunnel.init =================================================================== --- branches/1.0/package/stunnel/stunnel.init 2012-09-03 13:55:30 UTC (rev 5659) +++ branches/1.0/package/stunnel/stunnel.init 2012-09-03 17:42:30 UTC (rev 5660) @@ -6,31 +6,37 @@ if [ -n "$STUNNELSERVS" ]; then + SUSER="${STUNNELUSER:-nobody}" + SDEBUG="${STUNNEL_DEBUGLEVEL:-5}" + mkdir -p /var/run/stunnel + chown ${SUSER}:${SUSER} /var/run/stunnel - if [ -n "$STUNNELUSER" ]; then - SUSER="$STUNNELUSER" - else - SUSER="nobody" - fi - - if [ -n "$STUNNELCERT" ]; then + if [ "$STUNNEL_CLIENT" = "yes" ]; then + SCLIENT="yes" SCERT="$STUNNELCERT" - elif [ -n "$HTTPSCERT" ]; then - SCERT="$HTTPSCERT" - else - SCERT="/etc/ssl/mini_httpd.pem" + else # Server mode + SCLIENT="" + if [ -n "$STUNNELCERT" ]; then + SCERT="$STUNNELCERT" + elif [ -n "$HTTPSCERT" ]; then + SCERT="$HTTPSCERT" + else + SCERT="/etc/ssl/mini_httpd.pem" + fi fi echo "; Autogenerated. Do not edit. +${SCLIENT:+ +client = $SCLIENT}${SCERT:+ +cert = $SCERT} -cert = $SCERT - socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 setgid = $SUSER setuid = $SUSER +debug = $SDEBUG " > /tmp/etc/stunnel.conf for i in $STUNNELSERVS; do Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf =================================================================== --- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-03 13:55:30 UTC (rev 5659) +++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-03 17:42:30 UTC (rev 5660) @@ -384,8 +384,8 @@ #SSHDROOT="yes" ## Stunnel support. -## Listen on a TCP port using SSL, then relay that connection -## to a non-SSL TCP service. +## Listen on a TCP port using SSL, then relay that connection to a non-SSL TCP service. (STUNNEL_CLIENT="no") +## Listen on a TCP port using non-SSL, then relay that connection to a SSL TCP service. (STUNNEL_CLIENT="yes") ## Define 3 ~ (tilde) separated arguments for each tunnel ## Arg1: Listen Port (or addr:port) ## Arg2: Connect to Host @@ -393,14 +393,10 @@ ## Separate multiple tunnel definitions with a space #STUNNELSERVS="8443~192.168.111.11~80 993~mailserver~143" ## -## Custom stunnel cert. -## By default HTTPSCERT is used if defined, else /etc/ssl/mini_httpd.pem is used by default. -#STUNNELCERT="/mnt/kd/ssl/stunnel.pem" -## -## Stunnel user/group id. By default stunnel is run as nobody -## this is fine unless you need to run as some other user because -## you need to bind to a port > 1023, etc. . -#STUNNELUSER="root" +#STUNNEL_CLIENT="yes" # "yes" is to enable 'client' mode (listen non-SSL), defaults to 'server' mode (listen SSL) +#STUNNEL_DEBUGLEVEL="5" # "0" is no debug, "2" is critical, "3" is errors, "5" is notice, "7" is full debugging +#STUNNELCERT="/mnt/kd/ssl/stunnel.pem" # defaults to HTTPSCERT if defined, optional when STUNNEL_CLIENT="yes" +#STUNNELUSER="root" # defaults to "nobody", do not change unless binding fails ## Service Advertisement (mDNS) ## If you define ADNAME, I will advertise all of the available services on This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |