A
adrhc
Guest
Hi, I'm trying to setup a inetd & stunnel configuration which would allow me to securely access the following sites:
no-ssl ... : 9091 / transmission over ssl port 91
no-ssl ... : 32400 / web / index.html over ssl port 324
The configuration below works fine when only one (plex or transmission) item in inetd.conf is active. Anyway I also learn that they do not create the stunnel.pid and stunnel.log files in the allocated folder (stunnel-transmission respective plex-transmission) which seems to me strange.
When both items are active than both secured urls (192 . 168 . 1 . 31:91/transmission and 192 . 168 . 1 . 31:324/web/index.html) will work but will present the same site (plex or transmission) -> it seems to be the last site used when configuring inetd to use only on item.
Before running inetd daemon I'l running killall stunnel in order to be sure there's no trace of it left on the system.
Why is this happening when using inetd with both items (plex and transmission) ?
inetd.conf:
# [ssl plex]
# ssl ... : 324 / web / index.html
plex stream tcp nowait root /ffp/bin/stunnel /ffp/etc/stunnel/stunnel-plex.conf
# [ssl transmission]
# ssl ... : 91 / transmission
transmission stream tcp nowait root /ffp/bin/stunnel /ffp/etc/stunnel/stunnel-transmission.conf
services:
... -> other lines with other services + ports
transmission 91/tcp
plex 324/tcp
stunnel-transmission.conf:
chroot = /usr/local/zy-pkgs/ffproot/ffp/var/lib/stunnel-transmission/
setuid = root
setgid = nobody
fips = no
service = stunnel-transmission
pid = stunnel.pid
debug = 4
output = stunnel.log
cert = /etc/service_conf/CA.cer
key = /etc/service_conf/CA_key.cer
verify = 3
CAfile = /usr/local/zy-pkgs/ffproot/home/root/.ssh/authorized_keys
options = NO_SSLv2
connect = 9091
stunnel-plex.conf:
chroot = /usr/local/zy-pkgs/ffproot/ffp/var/lib/stunnel-plex/
setuid = root
setgid = nobody
fips = no
service = stunnel-plex
pid = stunnel.pid
debug = 4
output = stunnel.log
cert = /etc/service_conf/CA.cer
key = /etc/service_conf/CA_key.cer
verify = 3
CAfile = /usr/local/zy-pkgs/ffproot/home/root/.ssh/authorized_keys
options = NO_SSLv2
connect = 32400
no-ssl ... : 9091 / transmission over ssl port 91
no-ssl ... : 32400 / web / index.html over ssl port 324
The configuration below works fine when only one (plex or transmission) item in inetd.conf is active. Anyway I also learn that they do not create the stunnel.pid and stunnel.log files in the allocated folder (stunnel-transmission respective plex-transmission) which seems to me strange.
When both items are active than both secured urls (192 . 168 . 1 . 31:91/transmission and 192 . 168 . 1 . 31:324/web/index.html) will work but will present the same site (plex or transmission) -> it seems to be the last site used when configuring inetd to use only on item.
Before running inetd daemon I'l running killall stunnel in order to be sure there's no trace of it left on the system.
Why is this happening when using inetd with both items (plex and transmission) ?
inetd.conf:
# [ssl plex]
# ssl ... : 324 / web / index.html
plex stream tcp nowait root /ffp/bin/stunnel /ffp/etc/stunnel/stunnel-plex.conf
# [ssl transmission]
# ssl ... : 91 / transmission
transmission stream tcp nowait root /ffp/bin/stunnel /ffp/etc/stunnel/stunnel-transmission.conf
services:
... -> other lines with other services + ports
transmission 91/tcp
plex 324/tcp
stunnel-transmission.conf:
chroot = /usr/local/zy-pkgs/ffproot/ffp/var/lib/stunnel-transmission/
setuid = root
setgid = nobody
fips = no
service = stunnel-transmission
pid = stunnel.pid
debug = 4
output = stunnel.log
cert = /etc/service_conf/CA.cer
key = /etc/service_conf/CA_key.cer
verify = 3
CAfile = /usr/local/zy-pkgs/ffproot/home/root/.ssh/authorized_keys
options = NO_SSLv2
connect = 9091
stunnel-plex.conf:
chroot = /usr/local/zy-pkgs/ffproot/ffp/var/lib/stunnel-plex/
setuid = root
setgid = nobody
fips = no
service = stunnel-plex
pid = stunnel.pid
debug = 4
output = stunnel.log
cert = /etc/service_conf/CA.cer
key = /etc/service_conf/CA_key.cer
verify = 3
CAfile = /usr/local/zy-pkgs/ffproot/home/root/.ssh/authorized_keys
options = NO_SSLv2
connect = 32400
