forked from tapstream/stunnel-formula
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathpillar.example
38 lines (33 loc) · 1.32 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
stunnel:
# These have defaults set by grains filtering in map.jinja
lookup:
package: stunnel4
service: stunnel4
user: stunnel4
group: stunnel4
home: /var/lib/stunnel4
conf_dir: /etc/stunnel
log_dir: /var/log/stunnel
pid: /var/run/stunnel.pid
config:
# These are MANDATORY. Managing these files is currently out of scope of this formula.
cert: /etc/stunnel/stunnel.crt
key: /etc/stunnel/stunnel.key
ca: /etc/stunnel/ca.crt
verify: 3
sslVersion: all
ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256'
options:
- NO_SSLv2
- NO_SSLv3
services:
- name: graphite-server
client: 'no'
accept: '12003'
connect: '127.0.0.1:2003'
nodelay: True # l:TCP_NODELAY=1 on server, r:TCP_NODELAY=1 on client
- name: graphite-client
client: 'yes'
accept: '127.0.0.1:2003'
connect: 'example.com:12003'
nodelay: True # l:TCP_NODELAY=1 on server, r:TCP_NODELAY=1 on client