ID #1384

How can I encrypt the rsync connection to the BackupHD with stunnel ?

Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".

Then click on the button "Ändern". Your BackupHD will be activated within 24 hours for rsync.

If you want to encrypt the rsync-connection to your BackupHD, you have the possibility to set an stunnel.

By that the connection to your BackupHD will be encrypted via SSL.

This instruction describes the setup of stunnel under Linux and Windows.




Zunächst müssen Sie stunnel auf Ihrem System installieren. Dazu sollte ein Paket für Ihren Paketmanager verfügbar sein.


 aptitude install stunnel



 yum install centos



 emerge stunnel



 zypper install stunnel


Nun muss die stunnel Konfigurationsdatei erstellt bzw. aufgerufen


 vi /etc/stunnel/stunnel.conf


und die folgenden Änderungen vorgenommen werden:


; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem

; PID is created inside the chroot jail
pid = /

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 5
output = /var/log/stunnel/stunnel.log

; Use it for client mode
client = yes

Service-level configuration

accept  = 995
connect = 110

accept  = 993
connect = 143

accept  = 465
connect = 25

;accept  = 443
;connect = 80
;TIMEOUTclose = 0

accept = 873
connect =


Erstellen Sie das benötigte stunnel-Zertifikat und den Schlüssel (pem):


 openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem


Geben Sie hier die notwendigen Informationen an:


Country Name:
State or Province name:
Organization Name:
Organizational Unit Name:
Common Name (FQDN):


Bearbeiten Sie schließlich die folgende Datei:


 vi /etc/default/stunnel


und ändern die folgende Zeile:


# Change to one to enable stunnel automatic startup


Jetzt können Sie stunnel mit dem folgenden Befehl starten:


 stunnel /etc/stunnel/stunnel.conf


Die Nutzung von rsync:

Für eine durch stunnel verschlüsselte rsync-Verbindung können Sie nun localhost als Server angeben.



 rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234


Beenden von stunnel:


 killall stunnel

Setting up stunnel under Windows


You can also set stunnel manually in Windows.

The necessary program can be downloaded at

Now you just have to edit the configuration file. You can find a link in the start menu .

Ensure that the option client=yes is not commented out.


client = yes

accept = 873

connect =


Now you can start stunnel from the start menu.

You can use Rsync under Windows e.g. with the free tool DeltaCopy.

More information on the use of rsync (under linux) can be found here:

How can I save files with rsync on my BackupHD?

Tags: BackupHD, rsync, ssl, stunnel, tls

Related entries:

You cannot comment on this entry