Back to Blog
Stunnel logs5/15/2023 Import the certificate.pem in the /etc/stunnel/ directory. Here is the nf file on the stunnel client : verify = 2 chroot = /var/run/stunnel setuid = stunnel setgid = stunnel pid = /stunnel.pid CAfile = /etc/stunnel/certificate.pem client = yes sslVersion = TLSv1 renegotiation = no accept = 24 connect = 192.168.100.17:44323ġ2. A netstat or ss command on the server will show the Stunnel listening on port 44323.Ĭonfiguration to be carried out on the stunnelclient (192.168.100.18)ġ1. As we do not have the Init script by default in the package, start the service as follows: stunnel /etc/stunnel/nfġ0. The port 44323 is a non reserved port which I chose to tunnel the traffic from the client.ĩ. Based upon the configuration in part 5, we will now create the /var/run/stunnel directory and assign it with user and group of stunnel: useradd -G stunnel stunnel & mkdir /var/run/stunnel & chown stunnel:stunnel /var/run/stunnelĨ. ![]() Make sure you have the right permission (400) on the privatekey.pem.ħ. Position your privatekey.pem and certificate.pem at /etc/stunnel directory. Here is my /etc/stunnel/nf on the server: chroot = /var/run/stunnelĦ. I observed that the package by default does not come with a nf or even a Init script after installing it from the repository. Now comes the most interesting part to configure the nf file by tunnelling it to the MySQL port on the stunnelserver. Openssl req -new -x509 -days 365 -key privatekey.pem -out certificate.pemĥ. Once you have all the packages installed, it’s time to create your privatekey.pem. Then, use the private key to create the certificate.pem. Whilst creating the certificate.pem, it will prompt you to enter some details. For more information about installations of MariaDB, Galera etc, refer to these links:Ĭonfiguration to be carried out on the stunnelserver (192.168.100.17)Ĥ. ![]() The commands to install the MariaDB packages are as follows: sudo yum install MariaDB-server MariaDB-clientģ. Also, install both packages on the stunnelserver. Make sure you have the MariaDB-client package installed on the stunnelclient which will be used as client to connect to the server. As we will be using Stunnel over MariaDB, you can use the MariaDB repository tools to get the links to download the repository. Install the Stunnel and OpenSSL package on both the client and the server. stunnelclient : 192.168.100.18 – Used as the Clientīasic package installation and configuration on both serversġ.You can apply the same concept for SSH, Telnet, POP, IMAP or any TCP connection. We will tunnel the MySQL traffic via Stunnel. I created two CentOS 7 virtual machines with hostname as stunnelserver and stunnelclient. I will demonstrate the installation and configuration using the CentOS distribution which is on my Virtual Box lab environment. MariaDB Client will access the MariaDB server database using the Stunnel for more security and robustness. ![]() ![]() In this article, we will focus on using MySQL alongside Stunnel. The concept that lies behind Stunnel is about the encryption methodology that is used when the client is sending a message to a server using a secure tunnel. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments. It is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. Stunnel can also allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code. Stunnel is a program by Michal Trojnara that allows you to encrypt arbitrary TCP connections inside SSL.
0 Comments
Read More
Leave a Reply. |