From f130e6c8c0b4dd6b4e59ded722445a3864333057 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 24 Aug 2017 13:21:11 +0000
Subject: Add manifests to install and configure stunnel

Some services (such as Redis) can't use mod_proxy as a TLS proxy,
since they're not HTTP services. So stunnel is necessary for these.

Thus, we add manifests to configure it as such.

bp tls-via-certmonger

Change-Id: Ic4a2dac7b3831e4780105e3b05e9c5afcf15c79c
(cherry picked from commit f85199c77826017e383534051ada57ef1ea4ddcc)
---
 files/stunnel.service | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 files/stunnel.service

(limited to 'files/stunnel.service')

diff --git a/files/stunnel.service b/files/stunnel.service
new file mode 100644
index 0000000..dce2366
--- /dev/null
+++ b/files/stunnel.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=SSL tunnel for network daemons
+After=network.target
+After=syslog.target
+
+[Install]
+WantedBy=multi-user.target
+Alias=stunnel.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
+ExecStop=/usr/bin/killall -9 stunnel
+
+# Give up if ping don't get an answer
+TimeoutSec=600
+
+Restart=always
+PrivateTmp=false
-- 
cgit 1.2.3-korg