[stunnel-users] About stunnel 4.21 daemon mode

wei hu huwei.china at gmail.com
Wed Nov 28 05:50:56 CET 2007


Dear

 I had successfully installed stunnel 4.21 on my server, but after I
edited the file stunnel.conf and startup the stunnel, I can't find the
stunnel via the "ps -ef" command.Then I have found such error message
in the log file:

2007.11.27 07:42:28 LOG5[28550:3085354688]: stunnel 4.21 on
i686-pc-linux-gnu wi th OpenSSL 0.9.7f 22 Mar 2005
2007.11.27 07:42:28 LOG5[28550:3085354688]: Threading:PTHREAD SSL:ENGINE Sockets
:POLL,IPv6 Auth:LIBWRAP
2007.11.27 07:42:28 LOG6[28550:3085354688]: file ulimit = 1024 (can be
changed w ith 'ulimit -n')
2007.11.27 07:42:28 LOG6[28550:3085354688]: poll() used - no
FD_SETSIZE limit fo r file descriptors
2007.11.27 07:42:28 LOG5[28550:3085354688]: 500 clients allowed
2007.11.27 07:42:28 LOG7[28550:3085354688]: FD 9 in non-blocking mode
2007.11.27 07:42:28 LOG7[28550:3085354688]: FD 10 in non-blocking mode
2007.11.27 07:42:28 LOG7[28550:3085354688]: FD 11 in non-blocking mode
2007.11.27 07:42:28 LOG7[28550:3085354688]: SO_REUSEADDR option set on
accept so cket
2007.11.27 07:42:28 LOG7[28550:3085354688]: sproxy bound to 0.0.0.0:83
2007.11.27 07:42:28 LOG3[28556:3085354688]: Failed to get GID for group nobody

Do somebody knows how to get GID for group nobody? My nobody group is
sured to work correctly with Squid.

 The config file about group:

; Some security enhancements for UNIX systems - comment them out on
Win32 chroot = /usr/local/var/lib/stunnel/
 setuid = nobody
 setgid = nobody
; PID is created inside chroot jail
pid = /stunnel.pid

 The command "stunnel -version" response:

[root at vps stunnel]# /usr/local/bin/stunnel -version stunnel 4.21 on
i686-pc-linux-gnu with OpenSSL 0.9.7f 22 Mar 2005 Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
key             = /usr/local/etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

The command "/usr/local/bin/stunnel" response:

[root at vps stunnel]# /usr/local/bin/stunnel
2007.11.27 07:27:27 LOG7[13697:3085354688]: Snagged 64 random bytes
from /root/.rnd
2007.11.27 07:27:27 LOG7[13697:3085354688]: Wrote 1024 new random
bytes to /root/.rnd
2007.11.27 07:27:27 LOG7[13697:3085354688]: RAND_status claims
sufficient entropy for the PRNG
2007.11.27 07:27:27 LOG7[13697:3085354688]: PRNG seeded successfully
2007.11.27 07:27:27 LOG7[13697:3085354688]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2007.11.27 07:27:27 LOG7[13697:3085354688]: Certificate loaded
2007.11.27 07:27:27 LOG7[13697:3085354688]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2007.11.27 07:27:27 LOG7[13697:3085354688]: Private key loaded
2007.11.27 07:27:27 LOG7[13697:3085354688]: SSL context initialized
for service sproxy


  Best Regards,

  HuWei



More information about the stunnel-users mailing list