Changeset 4efb652
- Timestamp:
- 02/16/2015 02:20:47 AM (9 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 683e0873
- Parents:
- c554ae14
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/stunnel.xml
rc554ae14 r4efb652 35 35 channels. <application>stunnel</application> can be used to add SSL 36 36 functionality to commonly used <application>Inetd</application> daemons 37 like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, 38 SMTP and HTTP, and in tunneling PPP over network sockets without changes 39 to the server package source code.</para> 37 such as POP-2, POP-3, and IMAP servers, along with standalone daemons such 38 as NNTP, SMTP, and HTTP. <application>stunnel</application> can also be 39 used to tunnel PPP over network sockets without changes to the server 40 package source code.</para> 40 41 41 42 &lfs76_checked; … … 95 96 <note> 96 97 <para>A signed SSL Certificate and a Private Key is necessary to run the 97 <command>stunnel</command> daemon. Further below, after 98 <command>make ... install</command>, we include instructions to generate 99 them. However, if you own, or have already created a signed SSL 100 Certificate you wish to use, copy it to 98 <command>stunnel</command> daemon. After the package is installed, there 99 are instructions to generate them. However, if you own or have already 100 created a signed SSL Certificate you wish to use, copy it to 101 101 <filename>/etc/stunnel/stunnel.pem</filename> before starting the build 102 102 (ensure only <systemitem class="username">root</systemitem> has read and … … 118 118 commands:</para> 119 119 120 <note><para>For some systems with <application>binutils</application> 121 versions prior to 2.25, <command>configure</command> may fail. If 122 necessary, fix it either with:</para> 120 <note> 121 <para>For some systems with <application>binutils</application> 122 versions prior to 2.25, <command>configure</command> may fail. If 123 necessary, fix it either with:</para> 123 124 124 125 <screen><userinput>sed -i '/LDFLAGS.*static_flag/ s/^/#/' configure</userinput></screen> 125 126 126 <para>or, if <xref linkend="llvm"/> with Clang is installed, you can 127 replace <command>./configure ... </command> with <command>CC=clang 128 ./configure ... </command> in the first command bellow.</para></note> 127 <para>or, if <xref linkend="llvm"/> with Clang is installed, you can 128 replace <command>./configure ...</command> with <command>CC=clang 129 ./configure ...</command> in the first command below.</para> 130 </note> 129 131 130 132 <screen><userinput>./configure --prefix=/usr \ … … 140 142 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen> 141 143 142 <para>To create the <filename>stunnel.pem</filename> in the 143 <filename class="directory">/etc/stunnel</filename> directory, 144 you need to create one. The following command prompts you 145 for the necessary information. Ensure you reply to the</para> 146 144 <para>If you do not already have a signed SSL Certificate and Private Key, 145 create the <filename>stunnel.pem</filename> file in the 146 <filename class="directory">/etc/stunnel</filename> directory using the 147 command below. You will be prompted to enter the necessary 148 information. Ensure you reply to the</para> 149 147 150 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen> 148 151 … … 150 153 to access the service(s).</para> 151 154 152 <para>To generate a certificate, as the 153 <systemitem class="username">root</systemitem> user, run:</para>155 <para>To generate a certificate, as the 156 <systemitem class="username">root</systemitem> user, issue:</para> 154 157 155 158 <screen role="root"><userinput>make cert</userinput></screen> … … 161 164 162 165 <para><parameter>--disable-systemd</parameter>: This switch disables 163 systemd socket activation support ,not available in BLFS.</para>166 systemd socket activation support which is not available in BLFS.</para> 164 167 165 168 <para><command>make docdir=... install</command>: This command installs the 166 package ,changes the documentation installation directory to standard169 package and changes the documentation installation directory to standard 167 170 naming conventions.</para> 168 171 … … 188 191 <para>As the <systemitem class="username">root</systemitem> user, 189 192 create the directory used for the 190 <filename class="extension">.pid</filename> file that iscreated193 <filename class="extension">.pid</filename> file created 191 194 when the <application>stunnel</application> daemon starts:</para> 192 195 … … 224 227 chmod -v 644 /etc/stunnel/stunnel.conf</userinput></screen> 225 228 226 <para>Finally, you need toadd the service(s) you wish to encrypt to the229 <para>Finally, add the service(s) you wish to encrypt to the 227 230 configuration file. The format is as follows:</para> 228 231 … … 239 242 240 243 <para>For a full explanation of the commands and syntax used in the 241 configuration file, run<command>man stunnel</command>.</para>244 configuration file, issue <command>man stunnel</command>.</para> 242 245 243 246 </sect3> … … 247 250 248 251 <para>To automatically start the <command>stunnel</command> daemon 249 when the system is rebooted, install the252 when the system is booted, install the 250 253 <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the 251 254 <xref linkend="bootscripts"/> package.</para> … … 272 275 <seg>stunnel and stunnel3</seg> 273 276 <seg>libstunnel.so</seg> 274 <seg>/etc/stunnel, 277 <seg>/etc/stunnel, 275 278 /usr/lib/stunnel, 276 279 /usr/share/doc/stunnel-&stunnel-version;, and
Note:
See TracChangeset
for help on using the changeset viewer.