-

2025-12-11 16:41:12 +01:00
parent 807492e364
commit 81e48b555a
9 changed files with 92 additions and 23 deletions
--- a/stunnel/README.md
+++ b/stunnel/README.md
@@ -0,0 +1,66 @@
+# stunnel
+
+## download
+
+`docker pull chainguard/stunnel:latest`
+or
+`docker pull cgr.dev/ORGANIZATION/stunnel:latest`
+
+## run
+
+`docker run cgr.dev/chainguard/stunnel`
+or
+`docker run cgr.dev/chainguard/stunnel:latest`
+
+
+## Options
+
+```
+
+Global options:
+chroot                 = directory to chroot stunnel process
+EGD                    = path to Entropy Gathering Daemon socket
+engine                 = auto|engine_id
+engineCtrl             = cmd[:arg]
+engineDefault          = TASK_LIST
+foreground             = yes|quiet|no foreground mode (don't fork, log to stderr)
+log                    = append|overwrite log file
+output                 = file to append log messages
+pid                    = pid file
+RNDbytes               = bytes to read from random seed files
+RNDfile                = path to file with random seed data
+RNDoverwrite           = yes|no overwrite seed datafiles with new random data
+syslog                 = yes|no send logging messages to syslog
+
+Service-level options:
+accept                 = [host:]port accept connections on specified host:port
+CAengine               = engine-specific CA certificate identifier for 'verify' option
+CApath                 = CA certificate directory for 'verify' option
+CAfile                 = CA certificate file for 'verify' option
+cert                   = certificate chain
+checkEmail             = peer certificate email address
+checkHost              = peer certificate host name pattern
+checkIP                = peer certificate IP address
+ciphers                = permitted ciphers for TLS 1.2 or older
+ciphersuites           = permitted ciphersuites for TLS 1.3
+client                 = yes|no client mode (remote service uses TLS)
+config                 = command[:parameter] to execute
+connect                = [host:]port to connect
+CRLpath                = CRL directory
+CRLfile                = CRL file
+curves                 = ECDH curve names
+debug                  = [facility].level (e.g. daemon.info)
+delay                  = yes|no delay DNS lookup for 'connect' option
+engineId               = ID of engine to read the key from
+engineNum              = number of engine to read the key from
+exec                   = file execute local inetd-type program
+execArgs               = arguments for 'exec' (including $0)
+failover               = rr|prio failover strategy
+ident                  = username for IDENT (RFC 1413) checking
+include                = directory with configuration file snippets
+key                    = certificate private key
+local                  = IP address to be used as source for remote connections
+logId                  = connection identifier type
+OCSP                   = OCSP responder URL
+```
+