StudioExitt

StudioExitt

Coding is an effort. It requires sweat rather than genius. So I do it today.

How to manage stunnel process without super daemon in linux

3 minute read

How to encrypt text with openssl

# create one time password
openssl passwd mypass

# encrypt & decrypt
cat test.txt
openssl enc -seed-cbc -in test.txt -k test -base64 > testenc.txt
openssl enc -d -seed-cbc -in testenc.txt -k test -base64

openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc -k PASS

# encrypt and decrypt with base64 and password options
openssl enc -seed-ecb -in test.txt -k test -base64 > testenc.txt ; cat testenc.txt
openssl enc -d -seed-ecb -in testenc.txt -k test -base64

How to run stunnel with shell script

Shell script for managing stunnel (stunnel.sh)

#!/bin/bash

USAGE_PARAM="{start/stop/restart/log}"
CUR_DATE=`date '+%Y%m%d%H%M%S'`
STUNNEL_SHELL=`basename $0`

echo "---------------------------------------------------"
echo "START : "`date '+%Y-%m-%d %H:%M:%S'`
echo "---------------------------------------------------"

if [ $# = 1]
then
    echo "$STUNNEL_SHELL $1 is starting..."
elif [ $# = 2 ]
then
    echo "$STUNNEL_SHELL $1 $2 is starting..."
else
    echo "Usage : $STUNNEL_SHELL $USAGE_PARAM"
    exit
fi

#echo "Current processes : "`ps -ef|grep stunnel|grep -v grep|grep -v $STUNNEL_SHELL`

running_count ()
{
    ps -e|grep stunnel|grep -v $STUNNEL_SHELL|grep -v grep|wc -l
}

start_stunnel ()
{
    if [ $(running_count) = 0 ]
    then
        backup_log

        # Change the stunnel path whatever you want
        $HOME/sunnel/bin/stunnel $HOME/stunnel/data/stunnel.conf
    else
        echo "stunnel is already running. (Running count:$(running_count))"
    fi
}

stop_sunnel ()
{
    # ps -e (NOT ps -ef)
    for pid in $(ps -e|grep stunnel|grep -v grep|grep -v $STUNNEL_SHELL|awk '{print $1}')
    do
        echo "kill -TERM "$pid
        kill -TERM $pid
    done
}

restart_stunnel ()
{
    stop_stunnel
    sleep 1
    start_stunnel
}

backup_log ()
{
    mv $HOME/stunnel/log/stunnel.log $HOME/stunnel/log/stunnel.$CUR_DATE.log
}

tail_log ()
{
    tail -100f $HOME/stunnel/log/stunnel.log
}

case $1 in
    restart)
        restart_stunnel
        ;;
    start)
        start_stunnel
        ;;
    stop)
        stop_stunnel
        ;;
    status)
        ps -ef | grep stunnel |grep -v $STUNNEL_SHELL| grep -v vi | grep -v 'tail' | grep -v grep
        ;;
    log)
        tail_log
        ;;
    *)
    echo "Usage : $STUNNEL_SHELL $USAGE_PARAM"
    exit
esac

Add jobs to cron under Linux or Unix (crontab -l)

# Monitor the stunnel process
* * * * * $HOME/stunnel/shl/stunnel.sh start >> $HOME/stunnel/log/stunnel_cron.log 2>&1

# Delete crontab log
* 5 * * 0 cp /dev/null $HOME/stunnel/log/stunnel_cron.log > /dev/null 2>&1

Configuration of stunnel (stunnel.conf)

;------------------------------------------
; Global options
;------------------------------------------
pid=$HOME/stunnel/data/stunnel.pid
output=$HOME/stunnel/log/stunnel.log

;socket = a:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1
foreground = no
debug = 7
syslog = yes

;------------------------------------------
; Service-level options
;------------------------------------------
[stunnel1]
client = yes
accept = 127.0.0.1:12701
connect = xxx.xxx.xxx.xxx:1234
TIMEOUTclose = 0
verify = 2
sslVersion = all
cert = $HOME/stunnel/data/sess1/pem/cert.pem
key = $HOME/stunnel/data/sess1/pem/key.pem
CAFile = $HOME/stunnel/data/sess1/pem/CACerts.pem

[stunnel2]
client = yes
accept = 127.0.0.1:12702
connect = xxx.xxx.xxx.xxx:1234
TIMEOUTclose = 0
verify = 2
sslVersion = all
cert = $HOME/stunnel/data/sess2/pem/cert.pem
key = $HOME/stunnel/data/sess2/pem/key.pem
CAFile = $HOME/stunnel/data/sess2/pem/CACerts.pem

Create pem file

openssl req -new -x509 -nodes -out stunnel.pem -keyout stunnel.pem

or

openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem
cat key.pem > stunnel.pem ; cat cert.pem >> stunnel.pem

Run : stunnel stunnel.conf

Stunnel client example (stunnel.conf)

;------------------------------------------
; Global options
;------------------------------------------
pid=/app/inf/stunnel/stunnel.pid
output=./stunnel.log

;socket = a:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1
foreground = yes
debug = 7
syslog = yes

;------------------------------------------
; Service-level options
;------------------------------------------
[stunnel1]
client = yes
accept = 127.0.0.1:12701
connect = xxx.xxx.xxx.xxx:12702
TIMEOUTclose = 0
verify = 0
sslVersion = all
cert = ./stunnel.pem
;key = ./stunnel.pem
;CAfile = ./stunnel.pem

Stunnel server example (stunnel.conf)

;------------------------------------------
; Global options
;------------------------------------------
pid=/app/inf/stunnel/stunnel.pid
output=./stunnel.log

;socket = a:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
socket = l:SO_KEEPALIVE=1
socket = r:SO_KEEPALIVE=1
foreground = yes
debug = 7
syslog = yes

;------------------------------------------
; Service-level options
;------------------------------------------
[stunnel1]
client = no
accept = xxx.xxx.xxx.xxx:12701
connect = 127.0.0.1:12702
TIMEOUTclose = 0
verify = 0
sslVersion = all
cert = ./stunnel.pem
key = ./stunnel.pem
CAfile = ./stunnel.pem

Tags:

Categories:

Updated:

Leave a comment

You may also enjoy

Starting kotlin

1 minute read

Grammar val : read only (like final) var : Mutable

Basic information for proxy

less than 1 minute read

read file # Read and print file = open(gfile, 'r') while True: line = file.readline() if not line: break print(line) file.close()

Checking file status

less than 1 minute read

filechk.py ```python #!/usr/bin/python import time import os, sys from datetime import datetime from commands import *