Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5660] branches/1.0
|
From: <abe...@us...> - 2012-09-03 17:42:37
|
Revision: 5660
http://astlinux.svn.sourceforge.net/astlinux/?rev=5660&view=rev
Author: abelbeck
Date: 2012-09-03 17:42:30 +0000 (Mon, 03 Sep 2012)
Log Message:
-----------
stunnel, add STUNNEL_CLIENT and STUNNEL_DEBUGLEVEL variables, fix permissions issue so running as 'nobody' now always works
Modified Paths:
--------------
branches/1.0/package/stunnel/stunnel.init
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/stunnel/stunnel.init
===================================================================
--- branches/1.0/package/stunnel/stunnel.init 2012-09-03 13:55:30 UTC (rev 5659)
+++ branches/1.0/package/stunnel/stunnel.init 2012-09-03 17:42:30 UTC (rev 5660)
@@ -6,31 +6,37 @@
if [ -n "$STUNNELSERVS" ]; then
+ SUSER="${STUNNELUSER:-nobody}"
+ SDEBUG="${STUNNEL_DEBUGLEVEL:-5}"
+
mkdir -p /var/run/stunnel
+ chown ${SUSER}:${SUSER} /var/run/stunnel
- if [ -n "$STUNNELUSER" ]; then
- SUSER="$STUNNELUSER"
- else
- SUSER="nobody"
- fi
-
- if [ -n "$STUNNELCERT" ]; then
+ if [ "$STUNNEL_CLIENT" = "yes" ]; then
+ SCLIENT="yes"
SCERT="$STUNNELCERT"
- elif [ -n "$HTTPSCERT" ]; then
- SCERT="$HTTPSCERT"
- else
- SCERT="/etc/ssl/mini_httpd.pem"
+ else # Server mode
+ SCLIENT=""
+ if [ -n "$STUNNELCERT" ]; then
+ SCERT="$STUNNELCERT"
+ elif [ -n "$HTTPSCERT" ]; then
+ SCERT="$HTTPSCERT"
+ else
+ SCERT="/etc/ssl/mini_httpd.pem"
+ fi
fi
echo "; Autogenerated. Do not edit.
+${SCLIENT:+
+client = $SCLIENT}${SCERT:+
+cert = $SCERT}
-cert = $SCERT
-
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
setgid = $SUSER
setuid = $SUSER
+debug = $SDEBUG
" > /tmp/etc/stunnel.conf
for i in $STUNNELSERVS; do
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-03 13:55:30 UTC (rev 5659)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-03 17:42:30 UTC (rev 5660)
@@ -384,8 +384,8 @@
#SSHDROOT="yes"
## Stunnel support.
-## Listen on a TCP port using SSL, then relay that connection
-## to a non-SSL TCP service.
+## Listen on a TCP port using SSL, then relay that connection to a non-SSL TCP service. (STUNNEL_CLIENT="no")
+## Listen on a TCP port using non-SSL, then relay that connection to a SSL TCP service. (STUNNEL_CLIENT="yes")
## Define 3 ~ (tilde) separated arguments for each tunnel
## Arg1: Listen Port (or addr:port)
## Arg2: Connect to Host
@@ -393,14 +393,10 @@
## Separate multiple tunnel definitions with a space
#STUNNELSERVS="8443~192.168.111.11~80 993~mailserver~143"
##
-## Custom stunnel cert.
-## By default HTTPSCERT is used if defined, else /etc/ssl/mini_httpd.pem is used by default.
-#STUNNELCERT="/mnt/kd/ssl/stunnel.pem"
-##
-## Stunnel user/group id. By default stunnel is run as nobody
-## this is fine unless you need to run as some other user because
-## you need to bind to a port > 1023, etc. .
-#STUNNELUSER="root"
+#STUNNEL_CLIENT="yes" # "yes" is to enable 'client' mode (listen non-SSL), defaults to 'server' mode (listen SSL)
+#STUNNEL_DEBUGLEVEL="5" # "0" is no debug, "2" is critical, "3" is errors, "5" is notice, "7" is full debugging
+#STUNNELCERT="/mnt/kd/ssl/stunnel.pem" # defaults to HTTPSCERT if defined, optional when STUNNEL_CLIENT="yes"
+#STUNNELUSER="root" # defaults to "nobody", do not change unless binding fails
## Service Advertisement (mDNS)
## If you define ADNAME, I will advertise all of the available services on
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
