Forge Home

stunnel

manages stunnel with PKI support

17,896 downloads

208 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 6.10.0 (latest)
  • 6.9.0
  • 6.8.0
  • 6.7.1
  • 6.7.0
  • 6.6.1
  • 6.6.0
  • 6.5.0
  • 6.4.2
  • 6.4.0
  • 6.3.3
  • 6.3.2
  • 6.3.1
  • 6.3.0
  • 6.2.1
  • 6.2.0
  • 6.1.0
  • 6.0.1
  • 4.2.9
  • 4.2.8
released Oct 12th 2023
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-stunnel', '6.10.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-stunnel
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-stunnel --version 6.10.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

simp/stunnel — version 6.10.0 Oct 12th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

  1. Overview
  2. Module Description - A Puppet module for managing stunnel
  3. Setup - The basics of getting started with pupmod-simp-stunnel
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.

  • All SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.

Module Description

This module sets up stunnel and allows the creation of stunnel connections for services.

IMPORTANT

| Please use the stunnel::connection define instead of including the | stunnel class directly. | | The main stunnel class is deprecated and will be removed in a future release. | | The main stunnel class manages the global stunnel configuration and | this was deemed to be too risky for use across services that are not related.

Setup

What simp stunnel affects

simp::stunnel will manage:

  • The latest version of stunnel
  • Ensure the service is running
  • Stunnel configuration files and daemons for each of your services
  • A stunnel chroot directory for each of your services
  • If $firewall is set to true, will manage the simp/iptables firewall settings required for stunnel.

Setup Requirements

There are no special requirements for using this module.

Beginning with stunnel

You can set up stunnel for a particular service using the following code:

stunnel::instance { 'service_name':
  accept => 873,
  connect => ['1.2.3.4:8730']
}

This will create /etc/stunnel/stunnel_service_name.conf and spawn a system service stunnel_service_name.

Usage

I want to add a connection to the stunnel server

stunnel::instance { 'my_service':
  connect => ['stunnel.server.int:8730'],
  accept  => '127.0.0.1:873'
}

I want to build a connection on the stunnel server

stunnel::connection { 'my_service':
  client  => false,
  connect => [873],
  accept  => 8730
}

Reference

Please see REFERENCE.md for a full reference.

Limitations

This module is only designed to work in RHEL or CentOS 6 and 7. Any other operating systems have not been tested and results cannot be guaranteed.

Development

Please read our Contribution Guide.

Visit the project homepage and look at our issues on JIRA.