X-Git-Url: https://feistymeow.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=infobase%2Fconfiguration%2Fstunnel%2Fetc%2Fstunnel%2Fstunnel.conf;fp=infobase%2Fconfiguration%2Fstunnel%2Fetc%2Fstunnel%2Fstunnel.conf;h=ed8de2fb14e33b75fcd33bdfc52a90f515d58fff;hb=0f49452f40415efb2a62048397ed8514a1058bb7;hp=0000000000000000000000000000000000000000;hpb=dfe6c3aedd3487a00acf94683163be7ed0baa6da;p=feisty_meow.git

diff --git a/infobase/configuration/stunnel/etc/stunnel/stunnel.conf b/infobase/configuration/stunnel/etc/stunnel/stunnel.conf
new file mode 100644
index 00000000..ed8de2fb
--- /dev/null
+++ b/infobase/configuration/stunnel/etc/stunnel/stunnel.conf
@@ -0,0 +1,75 @@
+; Sample stunnel configuration file by Michal Trojnara 2002-2009
+; Some options used here may not be adequate for your particular configuration
+; Please make sure you understand them (especially the effect of the chroot jail)
+
+; Certificate/key is needed in server mode and optional in client mode
+cert = /etc/ssl/certs/stunnel.pem
+;key = /etc/stunnel/mail.key
+
+; Protocol version (all, SSLv2, SSLv3, TLSv1)
+sslVersion = SSLv3
+
+; Some security enhancements for UNIX systems - comment them out on Win32
+chroot = /var/run/stunnel/
+setuid = nobody
+setgid = nobody
+; PID is created inside the chroot jail
+pid = /stunnel.pid
+
+; Some performance tunings
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+;compression = zlib
+
+; Workaround for Eudora bug
+;options = DONT_INSERT_EMPTY_FRAGMENTS
+
+; Authentication stuff
+;verify = 2
+; Don't forget to c_rehash CApath
+; CApath is located inside chroot jail
+;CApath = /certs
+; It's often easier to use CAfile
+;CAfile = /etc/stunnel/certs.pem
+;CAfile = /etc/pki/tls/certs/ca-bundle.crt
+; Don't forget to c_rehash CRLpath
+; CRLpath is located inside chroot jail
+;CRLpath = /crls
+; Alternatively you can use CRLfile
+;CRLfile = /etc/stunnel/crls.pem
+
+; Some debugging stuff useful for troubleshooting
+debug = 7
+output = stunnel.log
+
+; Use it for client mode
+;client = yes
+
+; Service-level configuration
+
+; [pop3s]
+;accept  = 995
+;connect = 110
+
+;[imaps]
+;accept  = 993
+;connect = 143
+
+;[ssmtp]
+;accept  = 465
+;connect = 25
+
+;[https]
+;accept  = 443
+;connect = 80
+;TIMEOUTclose = 0
+
+; vim:ft=dosini
+
+[tracd]
+; port offering ssl trac visibility to the web.
+accept = 8042
+; port on localhost for service.
+connect = localhost:10042
+
+