Hi,
This patch allows stunnel to be started in daemon mode by systemd's socket activation. This is superior to inetd mode, for all the reasons specified in the stunnel howto. Since systemd is now the default in most of the major Linux distros, it would be great to have this committed upstream.
https://gist.github.com/marktheunissen/7ce9426e66aa8f0ec2e1
Example systemd unit files:
### stunnel.socket
[Unit] Description=Stunnel socket After=network.target
[Socket] ListenStream=9999
### stunnel.service
[Unit] Description=Stunnel service After=network.target
[Service] Type=forking ExecStart=stunnel /etc/stunnel/stunnel.conf
Thanks, Mark Theunissen
This patch doesn't allow for multiple [service] lines. To use it, you must configure only one Listen= in your .socket file, and that one fd will be passed to stunnel, which must have only one [service].
I'm happy to work on allowing multiple fds to be passed from systemd to stunnel, if the patch will be accepted. What should the syntax be? Systemd simply passed through a file descriptor for each socket it's listening on, keeping the same order they're declared in the .socket. E.g.:
### stunnel.socket
ListenStream=9999 ListenStream=9998
### stunnel.conf
[foo service] accept=9999
[bar service] accept=9998
We can just enforce a rule that your services must be in the same order as the ListenStream= declarations. With the above configuration, a user could either start the stunnel service using `systemctl start stunnel.service` or `systemctl start stunnel.socket` and either must work without modification to stunnel.conf.
- Mark
-
Mark Theunissen