Forge Home

stunnel

Stunnel connections management

365 downloads

100 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.1.1 (latest)
  • 3.1.0
  • 3.0.1
  • 3.0.0 (deleted)
released May 17th 2024
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'philippeganz-stunnel', '3.1.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add philippeganz-stunnel
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install philippeganz-stunnel --version 3.1.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

philippeganz/stunnel — version 3.1.1 May 17th 2024

stunnel

Puppet 7 Puppet 8 Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores puppetmodule.info docs MIT License

Table of Contents

Module Description

This module aims to provide a wrapper around the stunnel software.

It helps you put in place stunnel connections with only a few lines of yaml.

It does not aim at replacing the software nor take ownership for their code.

From the creator's description :

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.

Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library. It can benefit from the FIPS 140-2 validation of the OpenSSL FIPS Provider, as long as the building process meets the OpenSSL FIPS 140-2 Security Policy. Our latest Windows installer includes the OpenSSL FIPS Provider.

References

Setup

What puppet-stunnel affects

Depending on the parameter you provide, it might affect system services, system sockets, ports, and some local configuration files for stunnel.

Setup requirements

You need to have the Stunnel software available in your favorite package manager, e.g. Chocolatey on Windows or yum on RHEL.

Beginning with puppet-stunnel

Simply include the module in your control-repo. This will install the necessary piece of software needed to have you up and running with stunnel on your platform.

include stunnel

Usage

All options and possibilities can be found in the REFERENCE file.

Create a client-server connection

Having following layout

(32000) Client (Dynamic range) <--> (1564) Server (27000)

The client would look like this

include stunnel

stunnel::connection {'my_tunnel':
  active        => true,
  enable        => true,
  client        => true,
  accept        => 32000,
  connect       => 'remote_url_or_ip:1564',
  debug_level   => 5,
  log_file      => "${stunnel::log_dir}/my_tunnel.log",
}

and the server like this

include stunnel

stunnel::connection {'my_tunnel':
  active        => true,
  enable        => true,
  accept        => 1564,
  connect       => 'localhost:27000',
  debug_level   => 5,
  log_file      => "${stunnel::log_dir}/my_tunnel.log",
}

Create a client stunnel connecting through a proxy

Now imagine you add a proxy in the middle

(32000) Client (Dynamic range) <--> (8080) Proxy (Dynamic range) <--> (1564) Server (27000)

include stunnel

stunnel::connection {'my_tunnel':
  active        => true,
  enable        => true,
  client        => true,
  accept        => 32000,
  protocol      => connect,
  protocol_host => 'remote_url_or_ip:1564',
  connect       => 'my_proxy:8080',
  debug_level   => 5,
  log_file      => "${stunnel::log_dir}/my_tunnel.log",
}

Limitations

Support for older operating system have not been ported from arusso's version.

This module depends greatly on features implemented by the stunnel team, no warranties on those, you'll have to deal with them if something isn't working as expected.

Development

This module has been forked from arusso (thanks a lot for your work !).

It has been ported to Puppet 7 with modern dependencies and good practices.

Please do contribute if you're missing some features or create an issue.

Contributors

  • Yann Vigara
  • Ross Williams
  • John Cooper
  • Francois Gouteroux
  • Stephen Hoekstra
  • mjs510
  • Olivier Fontannaud
  • Philippe Ganz