Changeset d3469f0

Timestamp:

05/14/2005 04:30:29 PM (19 years ago)

Author:

Manuel Canales Esparcia <manuel@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

1503942

Parents:

322f172

Message:

Tagged stunnel.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4209 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/stunnel.xml (modified) (2 diffs)

postlfs/security/stunnel.xml

@@ -15 +15 @@
 
 <sect1 id="stunnel" xreflabel="Stunnel-&stunnel-version;">
-<sect1info>
-<othername>$LastChangedBy$</othername>
-<date>$Date$</date>
-</sect1info>
-<?dbhtml filename="stunnel.html"?>
-<title>Stunnel-&stunnel-version;</title>
-<indexterm zone="stunnel">
-<primary sortas="a-Stunnel">Stunnel</primary></indexterm>
-
-<sect2>
-<title>Introduction to <application>Stunnel</application></title>
-
-<para>The <application>Stunnel</application> package contains a program that 
-allows you to encrypt arbitrary <acronym>TCP</acronym> connections inside 
-<acronym>SSL</acronym> (Secure Sockets Layer) so you can easily communicate 
-with clients over secure channels. <application>Stunnel</application> can be 
-used to add <acronym>SSL</acronym> functionality to commonly used Inetd 
-daemons like <acronym>POP</acronym>-2, <acronym>POP</acronym>-3, and 
-<acronym>IMAP</acronym> servers, to standalone daemons like 
-<acronym>NNTP</acronym>, <acronym>SMTP</acronym> and <acronym>HTTP</acronym>, 
-and in tunneling <acronym>PPP</acronym> over network sockets without changes 
-to the server package source code.</para>
-
-<sect3><title>Package information</title>
-<itemizedlist spacing="compact">
-<listitem><para>Download (HTTP): 
-<ulink url="&stunnel-download-http;"/></para></listitem>
-<listitem><para>Download (FTP): 
-<ulink url="&stunnel-download-ftp;"/></para></listitem>
-<listitem><para>Download MD5 sum: 
-&stunnel-md5sum;</para></listitem>
-<listitem><para>Download size: 
-&stunnel-size;</para></listitem>
-<listitem><para>Estimated disk space required: 
-&stunnel-buildsize;</para></listitem>
-<listitem><para>Estimated build time: 
-&stunnel-time;</para></listitem></itemizedlist>
-</sect3>
-
-<sect3><title>Additional downloads</title>
-<itemizedlist spacing="compact">
-<listitem><para>Required patch: <ulink 
-url="ftp://stunnel.mirt.net/stunnel/stunnel-&stunnel-version;-1_minute_sleep_fix.patch"/></para>
-</listitem>
-</itemizedlist>
-</sect3>
-
-<sect3><title><application>Stunnel</application> dependencies</title>
-<sect4><title>Required</title>
-<para><xref linkend="openssl"/></para>
-</sect4>
-
-<sect4><title>Optional</title>
-<para><xref linkend="tcpwrappers"/></para>
-</sect4>
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>Installation of <application>Stunnel</application></title>
-
-<para>The <command>stunnel</command> daemon will be run in a 
-<command>chroot</command> jail by an unprivileged user. Create the new user, 
-group and <command>chroot</command> home directory structure using the 
-following commands as the root user:</para>
-
-<screen><userinput role='root'><command>groupadd stunnel &amp;&amp;
+  <?dbhtml filename="stunnel.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+
+  <title>Stunnel-&stunnel-version;</title>
+
+  <indexterm zone="stunnel">
+    <primary sortas="a-Stunnel">Stunnel</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title>Introduction to Stunnel</title>
+
+    <para>The <application>Stunnel</application> package contains a program
+    that allows you to encrypt arbitrary TCP connections inside SSL (Secure
+    Sockets Layer) so you can easily communicate with clients over secure
+    channels. <application>Stunnel</application> can be used to add SSL
+    functionality to commonly used <application>Inetd</application> daemons
+    like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP,
+    SMTP and HTTP, and in tunneling PPP over network sockets without changes
+    to the server package source code.</para>
+
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&stunnel-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&stunnel-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &stunnel-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &stunnel-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &stunnel-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &stunnel-time;</para>
+      </listitem>
+    </itemizedlist>
+
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Required patch: <ulink
+        url="ftp://stunnel.mirt.net/stunnel/stunnel-&stunnel-version;-1_minute_sleep_fix.patch"/></para>
+      </listitem>
+    </itemizedlist>
+
+    <bridgehead renderas="sect3">Stunnel Dependencies</bridgehead>
+
+    <bridgehead renderas="sect4">Required</bridgehead>
+    <para><xref linkend="openssl"/></para>
+
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para><xref linkend="tcpwrappers"/></para>
+
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of Stunnel</title>
+
+    <para>The <command>stunnel</command> daemon will be run in a
+    <command>chroot</command> jail by an unprivileged user. Create the
+    new user, group and <command>chroot</command> home directory structure
+    using the following commands as the <systemitem
+    class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>groupadd stunnel &amp;&amp;
 useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
         -g stunnel -s /bin/false stunnel &amp;&amp;
-install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run</command></userinput></screen>
-
-<note><para>A signed <acronym>SSL</acronym> Certificate and a Private Key is 
-necessary to run the <command>stunnel</command> daemon. If you own, or have 
-already created a signed <acronym>SSL</acronym> Certificate you wish to use, 
-copy it to <filename>/etc/stunnel/stunnel.pem</filename> before starting the 
-build, otherwise you will be prompted to create one during the installation 
-process. The <filename>.pem</filename> file must be formatted as shown 
-below:</para>
-
-<screen>-----BEGIN RSA PRIVATE KEY-----
+install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run</userinput></screen>
+
+    <note>
+      <para>A signed SSL Certificate and a Private Key is necessary to run
+      the <command>stunnel</command> daemon. If you own, or have already
+      created a signed SSL Certificate you wish to use, copy it to
+      <filename>/etc/stunnel/stunnel.pem</filename> before starting the build,
+      otherwise you will be prompted to create one during the installation
+      process. The <filename>.pem</filename> file must be formatted as shown
+      below:</para>
+
+<screen><literal>-----BEGIN RSA PRIVATE KEY-----
 <replaceable>[many encrypted lines of unencrypted key]</replaceable>
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 <replaceable>[many encrypted lines of certificate]</replaceable>
------END CERTIFICATE-----</screen></note>
-
-<para>Install <application>Stunnel</application> by running the following 
-commands:</para>
-
-<screen><userinput><command>patch -Np1 -i ../stunnel-&stunnel-version;-1_minute_sleep_fix.patch &amp;&amp;
+-----END CERTIFICATE-----</literal></screen>
+
+    </note>
+
+    <para>Install <application>Stunnel</application> by running the following
+    commands:</para>
+
+<screen><userinput>patch -Np1 -i ../stunnel-&stunnel-version;-1_minute_sleep_fix.patch &amp;&amp;
 ./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib &amp;&amp;
-make</command></userinput></screen>
-
-<para>Now, as the root user:</para>
-
-<screen><userinput role='root'><command>make install</command></userinput></screen>
-
-</sect2>
-
-<sect2>
-<title>Command explanations</title>
-
-<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces the 
-configuration directory to <filename class='directory'>/etc</filename> instead 
-of <filename class='directory'>/usr/etc</filename>.</para>
-
-<para><parameter>--localstatedir=/var/lib</parameter>: This parameter 
-causes the installation process to create 
-<filename class='directory'>/var/lib/stunnel</filename> instead of 
-<filename class='directory'>/usr/var/stunnel</filename>.</para>
-
-<para><command>make install</command>: This command installs the package and, 
-if you did not copy an <filename>stunnel.pem</filename> file to the 
-<filename class='directory'>/etc/stunnel</filename> directory, prompts you for 
-the necessary information to create one. Ensure you reply to the</para>
-
-<screen><computeroutput>Common Name (FQDN of your server) [localhost]:</computeroutput></screen>
-
-<para>prompt with the name or <acronym>IP</acronym> address you will be using 
-to access the service.</para>
-
-</sect2>
-
-<sect2>
-<title>Configuring <application>Stunnel</application></title>
-
-<sect3 id="stunnel-config"><title>Config files</title>
-<para><filename>/etc/stunnel/stunnel.conf</filename></para>
-<indexterm zone="stunnel stunnel-config">
-<primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
-</indexterm>
-</sect3>
-
-<sect3><title>Configuration Information</title>
-
-<para>Create a basic <filename>/etc/stunnel/stunnel.conf</filename> 
-configuration file using the following commands:</para>
-
-<screen><userinput role='root'><command>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF"</command>
-# File: /etc/stunnel/stunnel.conf
+make</userinput></screen>
+
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>make install</userinput></screen>
+
+  </sect2>
+
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+
+    <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
+    the configuration directory to <filename class='directory'>/etc</filename>
+    instead of <filename class='directory'>/usr/etc</filename>.</para>
+
+    <para><parameter>--localstatedir=/var/lib</parameter>: This parameter
+    causes the installation process to create
+    <filename class='directory'>/var/lib/stunnel</filename> instead of
+    <filename class='directory'>/usr/var/stunnel</filename>.</para>
+
+    <para><command>make install</command>: This command installs the package
+    and, if you did not copy an <filename>stunnel.pem</filename> file to the
+    <filename class='directory'>/etc/stunnel</filename> directory, prompts you
+    for the necessary information to create one. Ensure you reply to the</para>
+
+<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
+
+    <para>prompt with the name or IP address you will be using
+    to access the service.</para>
+
+  </sect2>
+
+  <sect2 role="configuration">
+    <title>Configuring Stunnel</title>
+
+    <sect3 id="stunnel-config">
+      <title>Config Files</title>
+
+      <para><filename>/etc/stunnel/stunnel.conf</filename></para>
+
+      <indexterm zone="stunnel stunnel-config">
+        <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
+      </indexterm>
+
+    </sect3>
+
+    <sect3>
+      <title>Configuration Information</title>
+
+      <para>Create a basic <filename>/etc/stunnel/stunnel.conf</filename>
+      configuration file using the following commands:</para>
+
+<screen role="root"><userinput>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF"
+<literal># File: /etc/stunnel/stunnel.conf
 
 pid = /run/stunnel.pid
@@ -162 +177 @@
 client = no
 setuid = stunnel
-setgid = stunnel
-
-<command>EOF</command></userinput></screen>
-
-<para>Next, you need to add the service you wish to encrypt to the 
-configuration file. The format is as follows:</para> 
-
-<screen><userinput role='root'>[<replaceable>[service]</replaceable>]
+setgid = stunnel</literal>
+
+EOF</userinput></screen>
+
+    <para>Next, you need to add the service you wish to encrypt to the
+    configuration file. The format is as follows:</para>
+
+<screen><literal>[<replaceable>[service]</replaceable>]
 accept  = <replaceable>[hostname:portnumber]</replaceable>
-connect = <replaceable>[hostname:portnumber]</replaceable></userinput></screen>
-
-<para>If you use <application>Stunnel</application> to encrypt a daemon 
-started from <command>[x]inetd</command>, you may need to disable that daemon 
-in the <filename>/etc/[x]inetd.conf</filename> file and enable a corresponding 
-<replaceable>[service]</replaceable>_stunnel service. You may have to add an 
-appropriate entry in <filename>/etc/services</filename> as well.</para>
-
-<para>For a full explanation of the commands and syntax used in the 
-configuration file, run <command>man stunnel</command>. To see a 
-<acronym>BLFS</acronym> example of an actual setup of an 
-<command>stunnel</command> encrypted service, read the 
-<xref linkend="samba3-swat-config"/> in the <application>Samba</application> 
-instructions.</para>
-
-<para id="stunnel.init">To automatically start the <command>stunnel</command> 
-daemon when the system is rebooted, install the 
-<filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the 
-<xref linkend="intro-important-bootscripts"/> package.</para>
-<indexterm zone="stunnel stunnel.init">
-<primary sortas="f-stunnel.init">stunnel</primary></indexterm>
-
-<screen><userinput role='root'><command>make install-stunnel</command></userinput></screen>
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>Contents</title>
-<segmentedlist>
-<segtitle>Installed Programs</segtitle>
-<segtitle>Installed Library</segtitle>
-<segtitle>Installed Directories</segtitle>
-<seglistitem>
-<seg>stunnel and stunnel3</seg>
-<seg>libstunnel.so</seg>
-<seg>/etc/stunnel, /var/lib/stunnel and /usr/share/doc/stunnel</seg>
-</seglistitem>
-</segmentedlist>
-
-<variablelist>
-<bridgehead renderas="sect3">Short Descriptions</bridgehead>
-<?dbfo list-presentation="list"?>
-
-<varlistentry id="stunnel-prog">
-<term><command>stunnel</command></term>
-<listitem><para> is a program designed to work as an <acronym>SSL</acronym> 
-encryption wrapper between remote clients and local
-(<command>[x]inetd</command>-startable) or remote servers.</para>
-<indexterm zone="stunnel stunnel-prog">
-<primary sortas="b-stunnel">stunnel</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="stunnel3">
-<term><command>stunnel3</command></term>
-<listitem><para>is a <application>Perl</application> wrapper script to use 
-<command>stunnel</command> 3.x syntax with <command>stunnel</command> 
->=4.05.</para>
-<indexterm zone="stunnel stunnel3">
-<primary sortas="b-stunnel3">stunnel3</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="libstunnel">
-<term><filename class='libraryfile'>libstunnel.so</filename></term>
-<listitem><para> contains the <acronym>API</acronym> functions required by 
-<application>Stunnel</application>.</para>
-<indexterm zone="stunnel libstunnel">
-<primary sortas="c-libstunnel">libstunnel.so</primary></indexterm>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</sect2>
+connect = <replaceable>[hostname:portnumber]</replaceable></literal></screen>
+
+      <para>If you use <application>Stunnel</application> to encrypt a daemon
+      started from <command>[x]inetd</command>, you may need to disable that
+      daemon in the <filename>/etc/[x]inetd.conf</filename> file and enable a
+      corresponding <replaceable>[service]</replaceable>_stunnel service. You
+      may have to add an appropriate entry in <filename>/etc/services</filename>
+      as well.</para>
+
+      <para>For a full explanation of the commands and syntax used in the
+      configuration file, run <command>man stunnel</command>. To see a
+      BLFS example of an actual setup of an <command>stunnel</command> encrypted
+      service, read the <xref linkend="samba3-swat-config"/> in the
+      <application>Samba</application> instructions.</para>
+
+    </sect3>
+
+    <sect3  id="stunnel-init">
+      <title>Boot Script</title>
+
+      <para>To automatically start the <command>stunnel</command> daemon
+      when the system is rebooted, install the
+      <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the
+      <xref linkend="intro-important-bootscripts"/> package.</para>
+
+      <indexterm zone="stunnel stunnel-init">
+        <primary sortas="f-stunnel">stunnel</primary>
+      </indexterm>
+
+<screen role="root"><userinput>make install-stunnel</userinput></screen>
+
+    </sect3>
+
+  </sect2>
+
+  <sect2 role="content">
+    <title>Contents</title>
+
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Library</segtitle>
+      <segtitle>Installed Directories</segtitle>
+
+      <seglistitem>
+        <seg>stunnel and stunnel3</seg>
+        <seg>libstunnel.so</seg>
+        <seg>/etc/stunnel, /var/lib/stunnel, and /usr/share/doc/stunnel</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+
+      <varlistentry id="stunnel-prog">
+        <term><command>stunnel</command></term>
+        <listitem>
+          <para> is a program designed to work as an SSL
+          encryption wrapper between remote clients and local
+          (<command>[x]inetd</command>-startable) or remote servers.</para>
+          <indexterm zone="stunnel stunnel-prog">
+            <primary sortas="b-stunnel">stunnel</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="stunnel3">
+        <term><command>stunnel3</command></term>
+        <listitem>
+          <para>is a <application>Perl</application> wrapper script to use
+          <command>stunnel</command> 3.x syntax with <command>stunnel</command>
+          >=4.05.</para>
+          <indexterm zone="stunnel stunnel3">
+            <primary sortas="b-stunnel3">stunnel3</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="libstunnel">
+        <term><filename class='libraryfile'>libstunnel.so</filename></term>
+        <listitem>
+          <para> contains the API functions required by
+          <application>Stunnel</application>.</para>
+          <indexterm zone="stunnel libstunnel">
+            <primary sortas="c-libstunnel">libstunnel.so</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
 
 </sect1>
-