# Sample stunnel configuration file
# Copyright by Michal Trojnara 2002-2004
# --with changes for SuSE package

# client = yes | no
# client mode (remote service uses SSL)
# default: no (server mode)
client = no

#
# chroot + user (comment out to disable)
#
chroot = /var/lib/stunnel/
setuid = stunnel
setgid = nogroup
# note about the chroot feature and the "exec" keyword to start other services...
# while the init script /etc/init.d/stunnel will copy the binaries and libraries 
# into the chroot jail, more files might be needed in the jail (configuration 
# files etc.)

pid = /var/run/stunnel.pid

#
# debugging
#
#debug = 7
#output = stunnel.log

#
# Some performance tunings
#
# disable Nagle algorithm (a.k.a. tinygram prevention, see man 7 tcp)
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
#compression = rle

# Workaround for Eudora bug
#options = DONT_INSERT_EMPTY_FRAGMENTS

# Authentication stuff
#verify = 2
# Don't forget to c_rehash CApath;  CApath is located inside chroot jail:
#CApath = /certs
# It's often easier to use CAfile:
#CAfile = /etc/stunnel/certs.pem
# Don't forget to c_rehash CRLpath;  CRLpath is located inside chroot jail:
#CRLpath = /crls
# Alternatively you can use CRLfile:
#CRLfile = /etc/stunnel/crls.pem

cert = /etc/stunnel/stunnel.pem


#
# Examples for service-level configuration:
#

# [pop3s]
# accept  = 995
# connect = 110

# [imaps]
# accept  = 993
# connect = 143

# [imaps]
# accept = 993
# exec = /usr/sbin/imapd
# execargs = imapd
# pty = no

# [ssmtp]
# accept  = 465
# connect = 25

# [s1]
# accept  = 5000
# connect = mail.example.com:110
# delay = yes

# [s2] 
# accept  = 5001
# connect = mail.example.com:25

# [https]
# accept  = 443
# connect = 80
# TIMEOUTclose = 0

# [swat]
# accept  = 902
# connect = 901

#
# mysql over stunnel example:
#
# [mysqls]                                 <-- on the server
#         accept = 3307
#         connect = localhost:mysql
#
# client = yes                             <-- on the client
# [mysqls]
#         accept = 3307
#         connect = remote-mysql-server.example.com:3307
#
# Hint. Use the mysql client with "-h 127.0.0.1", not "-h localhost", because
# "localhost" will mean it will go through the local socket and ignore the port.

#
# pppd over stunnel example:
# (note: read http://sites.inka.de/sites/bigred/devel/tcp-tcp.html , and 
# look for better alternatives like cipe or openvpn.)
#
# [ppp]                                    <-- on the server
# accept = 2020
# exec = /usr/sbin/pppd
# execargs = pppd local
# # the pty option doesn't work in chroot jail without further efforts
# #pty = yes
#
#
# [ppp]                                    <-- on the "client"
# connect = host.example.com:2020
# exec = /usr/sbin/pppd
# execargs = pppd local nodeflate nobsdcomp 192.168.20.20:192.168.20.21
# # the pty option doesn't work in chroot jail without further efforts
# #pty = yes