Skip to content

Commit

Permalink
added documentation for psk auth
Browse files Browse the repository at this point in the history
  • Loading branch information
alexgarel authored and migibert committed Aug 27, 2019
1 parent 25c31d0 commit ea02988
Showing 1 changed file with 35 additions and 5 deletions.
40 changes: 35 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Stunnel
=========
[![Galaxy](http://img.shields.io/badge/ansible--galaxy-stunnel-blue.svg)](https://galaxy.ansible.com/list#/roles/3502)
[![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org)
[![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org)


Ansible role to install stunnel in order to achieve SSL Termination on Linux machines.
Expand All @@ -13,6 +13,8 @@ Role Variables
--------------

```
stunnel_use_cert (default True) : determines if we use certificates
stunnel_use_psk (default False) : determines if we use psk
stunnel_certificate_generation (default False) : determines if this role has to generate a self signed certificate
stunnel_certificate_duration: (optional, if stunnel_certificate_generation is True, default 365) : self signed certificate validity duration
stunnel_certificate_domain: (optional, if stunnel_certificate_generation is True, default www.domain.com) : self signed certificate domain field
Expand All @@ -22,12 +24,16 @@ stunnel_certificate_state_name: (optional, if stunnel_certificate_generation is
stunnel_certificate_locality: (optional, if stunnel_certificate_generation is True, default locality) : self signed certificate locality field
stunnel_certificate_file: certificate file to generate or use, depends on stunnel_certificate_generation value. Default is /tmp/certificate.pem
stunnel_key_file: key file to generate or use, depends on stunnel_certificate_generation value. Default is /tmp/key.pem
stunnel_psks: a list of psk. This look like this:
- name: client1
psk: AEO/WE+pBCn3+WBy3FJoyJF/HEBZqMym
stunnel_services: list of services. They look like this:
- service:
name: https
accept: 443
connect: 80
name: https
accept: 443
connect: 80
```

Dependencies
Expand Down Expand Up @@ -59,6 +65,30 @@ Example Playbook
connect: 80
```

you may also use [PSK (Pre Shared Keys)](https://www.stunnel.org/auth.html)
which allow faster communication
at the cost of knowing clients in advance.

```
- hosts: all
roles:
- role: stunnel-role
stunnel_use_cert: false
stunnel_use_psk: true
stunnel_psk:
- name: client1
psk: ATJX7VOAMIF2nhaknNVmSqSQGrCvMyPt
- name: client2
psk: enNezGQMkZmSyjTDjpndjrBEXhJ9ki3v
stunnel_services:
- service:
name: postfix
accept: 12221
connect: 21
```


License
-------

Expand Down

0 comments on commit ea02988

Please sign in to comment.