Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

stunnel

A module managings SSL/TLS tunnels with stunnel
Project URLRSS FeedReport issues

8,361 downloads

8,361 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.0.1 (latest)
released Jun 10th 2016
This version is compatible with:
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'srozzo-stunnel', '1.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add srozzo-stunnel
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install srozzo-stunnel --version 1.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ssl, security, tunnel, tls, stunnel, secure

Documentation

srozzo/stunnel — version 1.0.1 Jun 10th 2016

#stunnel

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with stunnel
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

##Overview

The stunnel module installs, configures, and manages stunnel.

##Setup

###Setup Requirements

CentOS does not include an init script with their stunnel package. One is not offered with this module.

###Beginning with stunnel

Instantiate the module with the minimum global configuration and tunnel configuration to meet your needs.

class {'::stunnel' :
  global_options => {
    cert       => '/etc/stunnel/keys/global.pem',
    chroot     => '/var/stunnel4',
    pid        => '/stunnel.pid',
    setuid     => 'stunnel4',
    setgid     => 'stunnel4',
    sslVersion => 'all',
    socket     => [ 'l:TCP_NODELAY=1', 'r:TCP_NODELAY=1'],
    ciphers    => 'HIGH:!AECDH:!ADH:!aNULL:!eNULL:!NULL',
    options    => [
      'DONT_INSERT_EMPTY_FRAGMENTS',
      'NO_SSLv2',
      'NO_SSLv3'
    ],
  },
  tunnels => {
    smtp-tls-tunnel => {
      options => {
        accept  => '2525',
        client  => 'yes',
        connect => 'email-smtp.us-west-2.amazonaws.com:465',
        delay   => 'yes'
      }
    }
  }
}

##Usage

All interaction with the stunnel module should be done through the main init class. All other classes are enforced as private.

##Reference

###Classes

####Public Classes

  • stunnel: Main class, includes all other classes.

####Private Classes

  • stunnel::installs: Handles the package management.
  • stunnel::config: Manages the configuration file and chroot directory.
  • stunnel::service: Manages the service.
  • stunnel::params: Default module parameters

####Types

  • stunnel::tunnel: Manages configuration fragments for each service tunnel

###Parameters

The following parameters are available in the ::stunnel class:

####global_options

Global portion of the stunnel configuration. See the stunnel man page and the examples herein for reference. https://www.stunnel.org/static/stunnel.html

####tunnels

Service tunnel configurations. See the stunnel man page and the examples herein for reference. https://www.stunnel.org/static/stunnel.html

####package_ensure

Defines state of stunnel package. Valid options are synonymous with the package type ensure parameter. https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure

####package_name The name of the stunnel package to install. Valid options are synonymous with the package type name parameter. https://docs.puppetlabs.com/references/latest/type.html#package-attribute-name

####service_conf Path to where the stunnel.conf should reside on the filesystem. Must me a valid absolute filesystem path.

####service_ensure The state the stunnel service should be in. Valid options are synonymous with the service type ensure parameter. https://docs.puppetlabs.com/references/latest/type.html#service-attribute-ensure

####service_name The name of the stunnel service. Valid options are synonymous with the service type name parameter. https://docs.puppetlabs.com/references/latest/type.html#service-attribute-name

###Sample Hiera Yaml

stunnel::global_options:
  cert: '/etc/stunnel/keys/global.pem'
  chroot: '/var/stunnel4'
  pid: '/stunnel.pid' # Relative to chroot
  setuid: 'stunnel4'
  setgid: 'stunnel4'
  sslVersion: 'all'
  socket:
    - 'l:TCP_NODELAY=1'
    - 'r:TCP_NODELAY=1'
  ciphers: 'HIGH:!AECDH:!ADH:!aNULL:!eNULL:!NULL'
  options:
    - 'DONT_INSERT_EMPTY_FRAGMENTS'
    - 'NO_SSLv2'
    - 'NO_SSLv3'
stunnel::tunnels:
  smtp-tls-tunnel:
    options:
      accept: '2525'
      client: 'yes'
      connect: 'email-smtp.us-west-2.amazonaws.com:465'
      delay: 'yes'
  pop3:
    options:
      accept: '127.168.11.10:995'
      connect: '127.0.0.1:110'

##Limitations

This module has been tested on:

  • Ubuntu 12.04, 14.04
  • CentOS 6.0, 7.0

##Development

Submit a pull request, and unit tests for any new functionality.

##Contributors

  • srozzo