Docker container of stunnel, a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code.
services:
stunnel:
hostname: stunnel
image: dockurr/stunnel
container_name: stunnel
environment:
LISTEN_PORT: "853"
CONNECT_PORT: "53"
CONNECT_HOST: "1.1.1.1"
volumes:
- ./privkey.pem:/private.pem
- ./certificate.pem:/cert.pem
ports:
- 853:853
restart: alwaysdocker run -it --rm --name stunnel -p 853:853 -e "LISTEN_PORT=853" -e "CONNECT_PORT=53" -e "CONNECT_HOST=1.1.1.1" -v "${PWD:-.}/privkey.pem:/private.pem" -v "${PWD:-.}/certificate.pem:/cert.pem" dockurr/stunnelStunnel can operate in two modes. The server mode works as a transparent proxy in front of a server, so that clients that connect negotiate an TLS connection while the traffic forwarded to the destination server will be unencrypted.
The client mode does the opposite thing. Clients connecting to stunnel running in client mode can establish a plain text connection and stunnel will create an encrypted TLS tunnel to the destination server.
By default it will run in server mode, but to switch modes you can set the CLIENT variable like this:
environment:
CLIENT: "yes"When running in server mode, a certificate is needed. By default, a self-signed certificate will be generated, but you can supply your own .pem certificates by adding:
volumes:
- ./privkey.pem:/private.pem
- ./certificate.pem:/cert.pemInstead of .pem files you can also use .crt/.key files:
volumes:
- ./privkey.key:/private.key
- ./certificate.crt:/cert.crtYou can set UID and GID environment variables to change the user and group ID.
environment:
UID: "1002"
GID: "1005"If you need more advanced features, you can completely override the default configuration by binding your custom config to the container like this:
volumes:
- ./custom.conf:/stunnel.conf