This blog post will guide you through setting up stunnel on Ubuntu and performing basic user management tasks. Stunnel provides a secure tunnel between a client and a server, often used to add SSL/TLS encryption to non-SSL services. We’ll also cover creating, deleting, and modifying user accounts on your Ubuntu system.
Installing and Configuring stunnel
- Installation: Open your terminal and update the package list:
sudo apt update
Then, install stunnel:
sudo apt install stunnel
- Configuration: Create a configuration file for stunnel. A common location is
/etc/stunnel/stunnel.conf. You’ll need to tailor this to your specific needs. Here’s an example for wrapping a hypothetical service running on localhost port 8080 with SSL on port 8443:
[my-service]
accept = 8443
connect = 127.0.0.1:8080
cert = /etc/ssl/certs/stunnel.pem # Path to your certificate
key = /etc/ssl/private/stunnel.key # Path to your private key
- Generate Certificate and Key: You’ll need a certificate and key. You can generate a self-signed one for testing:
sudo openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/ssl/private/stunnel.key -out /etc/ssl/certs/stunnel.pem -days 365
Answer the prompts during certificate generation.
- Start stunnel:
sudo systemctl enable stunnel # Enable on boot
sudo systemctl start stunnel # Start now
sudo systemctl status stunnel # Check status
User Management in Ubuntu
- Creating a User:
sudo adduser newuser # Replace 'newuser' with the desired username
You’ll be prompted to set a password and other information.
- Deleting a User:
sudo deluser username # Replace 'username' with the user to delete. Use --remove-home to delete the user's home directory as well.
sudo deluser --remove-home username
- Modifying User Information:
sudo usermod -aG groupname username # Add user to a group
sudo usermod -m -d /path/to/new/home username # Change the home directory
sudo passwd username # Change the user's password
Example: Securing a Web Server with stunnel
Let’s say you have a simple web server running on port 8080. Using the stunnel configuration above, all traffic to port 8443 will be SSL encrypted and forwarded to your web server on port 8080. Clients would connect to https://your-server-ip:8443.
Enabling stunnel on Ubuntu and Managing Users (F.A.Q)
What if my service isn't on localhost?
Change the connect line in your stunnel.conf to the correct IP address and port.
How do I troubleshoot stunnel?
Check the system logs (/var/log/syslog or similar) for error messages. stunnel -f can be useful for testing the configuration file.
Can I use stunnel for other services?
Absolutely! Just adjust the port numbers and paths in the configuration file.
How do I manage user groups?
Use the groupadd, groupdel, and gpasswd commands.
