diff --git a/diagnose/70_redis b/diagnose/70_redis
new file mode 100644
index 0000000..245ec1d
--- /dev/null
+++ b/diagnose/70_redis
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+if [ $(CreoleGet activer_redis) = "oui" ];then
+ . /usr/lib/eole/diagnose.sh
+
+ EchoGras "*** Service Redis"
+ nbIface=$(CreoleGet nombre_interfaces)
+ ssl=$(CreoleGet redisSSL non)
+ if [ ${nbIface} -eq 1 ]
+ then
+ TestService "Redis master iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisPort")
+ if [ ${ssl} = "oui" ]
+ then
+ TestService "Redis master SSL iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
+ fi
+ echo
+ else
+ for iface in $(seq 0 ${nbIface})
+ do
+ TestService "Redis master iface ${iface}" $(CreoleGet "adresse_ip_eth${iface}"):$(CreoleGet "redisPort")
+ if [ ${ssl} = "oui" ]
+ then
+ TestService "Redis master SSL iface ${iface}" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
+ fi
+ echo
+ done
+ fi
+fi
+
+exit 0
diff --git a/diagnose/70_stunnel b/diagnose/70_stunnel
new file mode 100644
index 0000000..5dc2b30
--- /dev/null
+++ b/diagnose/70_stunnel
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ $(CreoleGet activer_stunnel) = "oui" ];then
+ if [ $(CreoleGet stunnel_add_tunnels non ) = "oui" ];then
+ . /usr/lib/eole/diagnose.sh
+
+ EchoGras "*** Service Stunnel"
+ name=($(CreoleGet stunnel_name))
+ acc_ip=($(CreoleGet stunnel_accept_ip))
+ acc_port=($(CreoleGet stunnel_accept_port))
+ conn_ip=($(CreoleGet stunnel_connect_ip))
+ conn_port=($(CreoleGet stunnel_connect_port))
+
+ len=${#name[@]}
+ for (( i=0; i<$len; i++ ))
+ do
+ TestService "Tunnel ${name[$i]}: ${acc_ip}:${acc_port} => ${conn_ip}:${conn_port}" ${acc_ip}:${acc_port}
+ done
+ echo
+ fi
+fi
+
+exit 0
\ No newline at end of file
diff --git a/dicos/90_redis.xml b/dicos/90_redis.xml
index 8ed3d21..b6bb934 100644
--- a/dicos/90_redis.xml
+++ b/dicos/90_redis.xml
@@ -6,10 +6,12 @@
+
redis-server
redis2-server
redisPort
+ redisSSLPort
redisClPort
redisPortSlave
redisClPortSlave
@@ -29,6 +31,9 @@
Local
+
+ non
+
non
@@ -38,6 +43,12 @@
6379
+
+ 6380
+
+
+ TLSv1
+
512
@@ -127,6 +138,12 @@
svredis
+
+ non
+ redisSSLPort
+ saSSLRedis
+
+
non
redisSlave
diff --git a/dicos/90_stunnel.xml b/dicos/90_stunnel.xml
new file mode 100644
index 0000000..aaa2ff1
--- /dev/null
+++ b/dicos/90_stunnel.xml
@@ -0,0 +1,62 @@
+
+
+
+
+
+
+
+ stunnel4
+
+
+
+
+ oui
+
+
+
+
+
+ non
+
+
+
+
+
+
+
+ TLSv1
+
+
+
+
+
+ non
+ stunnel-custom
+ stunnel
+ stunnel
+ stunnel
+ saStunnel
+
+
+ non
+ stunnel-custom
+ stunnel_name
+ stunnel_accept_ip
+ stunnel_accept_port
+ stunnel_connect_ip
+ stunnel_connect_port
+ stunnel_ssl_version
+
+
+ stunnel_accept_ip
+ stunnel_accept_port
+ stunnel_connect_ip
+ stunnel_connect_port
+ stunnel_ssl_version
+
+
+
+
+ Activer le service mandataire SSL (stunnel)
+
+
diff --git a/tmpl/90-stunnel_dynamic_rules b/tmpl/90-stunnel_dynamic_rules
new file mode 100644
index 0000000..cc3d2c6
--- /dev/null
+++ b/tmpl/90-stunnel_dynamic_rules
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+%for %%tunnel in %%stunnel_name
+ %for %%int_idx in %%range(0, %%int(%%nombre_interfaces))
+/sbin/iptables -A eth%%{int_idx}-root -s 0.0.0.0/0.0.0.0 -p tcp -m tcp --dport %%tunnel.stunnel_accept_port --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
+ %end for
+%end for
diff --git a/tmpl/redis-ssl.conf b/tmpl/redis-ssl.conf
new file mode 100644
index 0000000..feafc20
--- /dev/null
+++ b/tmpl/redis-ssl.conf
@@ -0,0 +1,12 @@
+pid = /var/run/redis-stunnel.pid
+
+%if %%redisMode == "Local"
+[redis-local]
+cert = %%server_cert
+key = %%server_key
+CApath = %%os.path.dirname(%%server_cert)
+verify = 2
+SSLversion=%%redisSSLVersion
+accept = %%redisSSLPort
+connect = %%redisPort
+%end if
diff --git a/tmpl/stunnel.conf b/tmpl/stunnel.conf
new file mode 100644
index 0000000..6d9429e
--- /dev/null
+++ b/tmpl/stunnel.conf
@@ -0,0 +1,19 @@
+pid = /var/run/stunnel.pid
+%for %%tunnel in %%stunnel_name
+[%%tunnel]
+cert = %%server_cert
+key = %%server_key
+CApath = %%os.path.dirname(%%server_cert)
+verify = 2
+SSLversion=%%tunnel.stunnel_ssl_version
+ %if %%is_empty(%%tunnel.stunnel_accept_ip)
+accept = %%tunnel.stunnel_accept_port
+ %else
+accept = %%{tunnel.stunnel_accept_ip}:%%{tunnel.stunnel_accept_port}
+ %end if
+ %if %%is_empty(%%tunnel.stunnel_connect_ip)
+connect = %%tunnel.stunnel_connect_port
+ %else
+connect = %%{tunnel.stunnel_connect_ip}:%%{tunnel.stunnel_connect_port}
+ %end if
+%end for
diff --git a/tmpl/stunnel_default b/tmpl/stunnel_default
new file mode 100644
index 0000000..5daefcf
--- /dev/null
+++ b/tmpl/stunnel_default
@@ -0,0 +1,18 @@
+# /etc/default/stunnel
+# Julien LEMOINE
+# September 2003
+
+# Change to one to enable stunnel automatic startup
+ENABLED=1
+FILES="/etc/stunnel/*.conf"
+OPTIONS="%%stunnel_opts"
+
+# Change to one to enable ppp restart scripts
+PPP_RESTART=0
+
+# Change to enable the setting of limits on the stunnel instances
+# For example, to set a large limit on file descriptors (to enable
+# more simultaneous client connections), set RLIMITS="-n 4096"
+# More than one resource limit may be modified at the same time,
+# e.g. RLIMITS="-n 4096 -d unlimited"
+RLIMITS=""