Skip to content Skip to site navigation

Configuring Stunnel

If you want to set up stunnel on your computer to communicate securely with the MySQL server, University IT recommends that you download and install version 4 of stunnel, or have your system administrator do this for you. Debian users will want to be careful in selecting the package they download, because Debian defaults to the older version 3.

The configuration of stunnel is in /etc/stunnel/stunnel.conf (assuming this is the same for redhat and debian).

# Use it for client mode
client = yes

# Service-level configuration

[mysql]
accept  = 3306
connect = mysql-user.stanford.edu:3307

Note:  when you are using stunnel, either via the CGI service or a remote machine (e.g., cardinal) you must specify the host as "127.0.0.1" in your mysql client connection. This may also be true when running stunnel on your personal machine (like your desktop or laptop).

For example, with a non-stunnel connection and the use of the command-line mysql client one specifies:

mysql -h MySQL_host_name -u my_database_user_name -p

With a stunnel connection "my_host_name" would be the value "127.0.0.1". For example:

mysql -h 127.0.0.1 -u my_database_user_name -p

Do not use "localhost" in place of 127.0.0.1, because that has a different context when using the mysql client, and it will not work with stunnel.

With the use of stunnel, in your connection scripts use hostname=127.0.0.1.

Last modified December 1, 2017