Quoting Peter Pentchev via stunnel-users <stunnel-users@stunnel.org>:
On Wed, Feb 25, 2026 at 09:04:49AM -0900, Mike wrote:
Quoting Peter Pentchev <roam@ringlet.net>: <snip>
You did not answer this question. However, I just realized something after reading Jochen Bern's reply: did you set `foreground = yes` in your config file? (as the last part of the per-config-file service section says you have to do)
Sorry, about not answering the question. It was the same output as what my previous e-mail had.
Hm, I would have expected at least some "Starting ...service" and "Stopping ...service" in the output of journalctl (not systemctl), but whatever, it seems the issue was resolved.
That aside, adding foreground=yes in the myconffile.conf fixed the issue.
I did read that in the README.Debian, but stupidly dismissed that because I wasn't intending to create a per config-file setup.
However, I think that file needs updating, and my assumption is that it isn't part of the original package.
If you mean README.Debian, it is part of the Debian/Ubuntu package of stunnel, it is not part of the upstream source, true.
I'd like to make a PR or some suggestions for changes, what is the best way to go about that?
The best way would be, on your Ubuntu system, to run the following command:
reportbug stunnel4
...and then follow the prompts and answer the questions.
For anyone following, the final solution for me to get systemd and disable the initd on Ubuntu was to do the following:
in my config file for stunnel, make these changes:
foreground=yes
As noted in the other messages, this is essential if you run stunnel via the per-config-file systemd service. If you start it as a daemon, foreground=yes would be bad.
setuid = stunnel4 setgid = stunnel4
You do not *need* to activate these, so they are not set by default. There are some situations in which stunnel might need to run as root, e.g. to start other programs from different user accounts instead of only forwarding connections.
BTW in your first message you mentioned that you were not sure whether those were the default values or not. That's... interesting, since at the very top of the file there is a header :)
; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2025 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options
That said, they are not default values because different people use stunnel for different purposes; in some cases it may need access to private keys created (and maybe even used by) other pieces of software, in other cases it may need to be started and stopped by other pieces of software, so there is no "one size fits all" configuration.
pid = /var/run/stunnel4/stunnel4.pid
So first, you do not need that at all if you run stunnel in foreground mode in a systemd file that uses the "simple" run mode, and second, if you use per-config-file systemd services, you *certainly* do not want them all to use the same PID file - if you need a PID file at all. Only the SysV init script still needs the PID file, and as discussed elsewhere in this thread, the Debian/Ubuntu SysV init script for stunnel is... not perfect and is on its way out.
in /etc/default/stunnel4, change ENABLED=1 to ENABLED=0 so that the initd won't start at boot.
The default Debian/Ubuntu policy for such services is to install them enabled by default. The only change I am going to make to the Debian package in that direction would be, as outlined my other message, to drop the single stunnel4 service at all.
Maybe we can provide a sample conf to work for Debian/Ubuntu and make good default choices?
The default choices are good enough for many people.
G'luck, Peter
-- Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
This is all great feedback. Thanks so much. Mike