cleanstart/stunnel

Verified Publisher

By CleanStart

•Updated about 5 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Security
0

10K+

cleanstart/stunnel repository overview

Container Documentation for Stunnel

Enterprise-grade Stunnel container for secure SSL/TLS tunneling and encryption. Provides robust encryption capabilities for network services, enabling secure communication between clients and servers. Features FIPS compliance options, security hardening, and optimized performance for enterprise deployments.

šŸ“Œ Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from Cleanstart Registry.

Key Features Core capabilities and strengths of this container

  • SSL/TLS encryption for network services
  • FIPS 140-2 compliant encryption (when enabled)
  • Support for multiple SSL/TLS versions
  • Client and server certificate authentication

Common Use Cases Typical scenarios where this container excels

  • Secure legacy applications without native SSL/TLS
  • Create encrypted tunnels between network services
  • Add SSL/TLS support to non-SSL aware services
  • Implement secure client-server communication

Pull Latest Image Download the container image from the registry

docker pull cleanstart/stunnel:latest
docker pull cleanstart/stunnel:latest-dev

Basic Run Run the container with basic configuration

docker run -d --name stunnel \
  -v $(pwd)/stunnel.conf:/etc/stunnel/stunnel.conf \
  -p 8443:443 \
  cleanstart/stunnel:latest

Production Deployment Deploy with production security settings

  docker run -d --name stunnel-dev \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -v $(pwd):/etc/stunnel:ro \
  -p 8443:443 \
  cleanstart/stunnel:latest-dev

Volume Mount Mount configuration and certificate files

  docker run -v $(pwd):/etc/stunnel:ro \
  cleanstart/stunnel:latest

Port Forwarding Run with custom port mappings

docker run -p 8443:443 cleanstart/stunnel:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
STUNNEL_DEBUG7Debug level (0-7)
STUNNEL_FIPSnoEnable FIPS mode (yes/no)
STUNNEL_CONF/etc/stunnel/stunnel.confConfiguration file path
STUNNEL_CAFILE/etc/stunnel/certs/ca.crtCA certificate file path

Security Best Practices Recommended security configurations and practices

  • Use FIPS mode in regulated environments
  • Implement proper certificate management
  • Configure minimum required TLS version
  • Enable client certificate verification when needed
  • Use read-only filesystem mounts
  • Run as non-root user
  • Regular security updates and patches
  • Implement proper logging and monitoring

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
    add: ["NET_BIND_SERVICE"]

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/stunnel:latest
docker pull --platform linux/arm64 cleanstart/stunnel:latest

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:f8e020969…

Size

5.6 MB

Last updated

about 5 hours ago

docker pull cleanstart/stunnel:sha256-4441a61b4e3b3162225550c8e5d527e7b03c4f40e2cd216ef845e19a728a9991.att