Package: stunnel4
Followup-For: Bug #782030
Here's a patch adding systemd Type=notify support:
--- a/src/ui_unix.c
+++ b/src/ui_unix.c
@@ -107,6 +107,9 @@
if(signal(SIGINT, SIG_IGN)!=SIG_IGN)
signal(SIGINT, signal_handler); /* fatal */
#endif
+#ifdef USE_SYSTEMD
+ sd_notify(1,"READY=1");
+#endif
daemon_loop();
} else { /* inetd mode */
CLI *c;
This enables using a systemd service file like
[Unit]
Documentation=man:stunnel4
Description=TLS tunnels for network daemons
[Service]
Type=notify
Restart=always
ExecStart=/usr/bin/stunnel4
[Install]
WantedBy=multi-user.target
after setting foreground = yes in /etc/stunnel/stunnel.conf.
This does not need a PID file (so it's best to remove the patch
creating one by default), which is also useful if one wants to use
systemd directives to manage privileges, for example
User=stunnel4
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecReload=/bin/kill -HUP $MAINPID
enables reloading of a mostly unprivileged stunnel process with
low-port bindings. Socket activation could do even better, running
the stunnel process fully unprivileged, but requires splitting the
configuration between the socket unit and stunnel.conf, which is
inconvenient. The above ExecReload is rudimentary, too, because it
does not wait for the reload to finish. But you get the idea.
--
Regards,
Feri.
