Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ; Sample stunnel configuration file by Michal Trojnara 2002-2009
- ; Some options used here may not be adequate for your particular configuration
- ; Please make sure you understand them (especially the effect of the chroot jail)
- ; Certificate/key is needed in server mode and optional in client mode
- cert = /root/ssl_keys/certificate.crt
- key = /root/ssl_keys/privateKey.key
- ;key = /etc/ssl/certs/stunnel.pem
- ; Protocol version (all, SSLv2, SSLv3, TLSv1)
- sslVersion = all
- ; Some security enhancements for UNIX systems - comment them out on Win32
- ;;chroot = /var/lib/stunnel4/
- ;;setuid = stunnel4
- ;;setgid = stunnel4
- ; PID is created inside the chroot jail
- pid = /stunnel4.pid
- ; Some performance tunings
- socket = l:TCP_NODELAY=1
- socket = r:TCP_NODELAY=1
- ;compression = zlib
- ; Workaround for Eudora bug
- ;options = DONT_INSERT_EMPTY_FRAGMENTS
- ; Authentication stuff
- ;verify = 2
- ; Don't forget to c_rehash CApath
- ; CApath is located inside chroot jail
- ;CApath = /certs
- ; It's often easier to use CAfile
- ;CAfile = /etc/stunnel/certs.pem
- ; Don't forget to c_rehash CRLpath
- ; CRLpath is located inside chroot jail
- ;CRLpath = /crls
- ; Alternatively you can use CRLfile
- ;CRLfile = /etc/stunnel/crls.pem
- ; Some debugging stuff useful for troubleshooting
- debug = 7
- ;debug = 3
- output = /var/log/stunnel4/stunnel.log
- ; Use it for client mode
- ;client = yes
- ; Report the real Client to the Logs.
- transparent = yes
- foreground = yes
- ; Service-level configuration
- [https]
- accept = 443
- connect = 80
- ;TIMEOUTclose = 0
- ; vim:ft=dosini
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement