diff --git a/README.md b/README.md
index 735f713..83e7911 100644
--- a/README.md
+++ b/README.md
@@ -171,6 +171,7 @@ A collection of delicious docker recipes.
     - [x] shadowsocks-arm
     - [x] shadowsocks-libev-arm :+1:
 - [x] squid
+- [x] stunnel
 - [x] tor
 
 ## VPN
diff --git a/stunnel/Dockerfile b/stunnel/Dockerfile
new file mode 100644
index 0000000..1ff3cc2
--- /dev/null
+++ b/stunnel/Dockerfile
@@ -0,0 +1,15 @@
+#
+# Dockerfile for stunnel
+#
+
+FROM alpine
+
+MAINTAINER kev <noreply@easypi.info>
+
+RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing stunnel
+
+COPY docker-entrypoint.sh /entrypoint.sh
+
+VOLUME /etc/stunnel
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/stunnel/README.md b/stunnel/README.md
new file mode 100644
index 0000000..1a2437d
--- /dev/null
+++ b/stunnel/README.md
@@ -0,0 +1,94 @@
+stunnel
+=======
+
+### Overview
+
+domain | ip:port      | country | services
+-------| ------------ | ------- | ------------------------------
+master | 1.2.3.4:4911 | Japan   | openvpn-server, stunnel-server
+bridge | 5.6.7.8:1194 | China   | stunnel-client
+N/A    | 192.168/16   | China   | openvpn-client
+
+### docker-compose.yml
+
+```yaml
+# In Japan
+master:
+  image: vimagick/stunnel
+  ports:
+    - "4911:4911"
+  environment:
+    - CLIENT=no
+    - SERVICE=openvpn
+    - ACCEPT=0.0.0.0:4911
+    - CONNECT=server:1194
+  external_links:
+    - openvpn_server_1:server
+  restart: always
+
+# In China
+bridge:
+  image: vimagick/stunnel
+  ports:
+    - "1194:1194"
+  environment:
+    - CLIENT=yes
+    - SERVICE=openvpn
+    - ACCEPT=0.0.0.0:1194
+    - CONNECT=server:4911
+  extra_hosts:
+    - server:1.2.3.4
+  restart: always
+```
+
+### Server Setup (Cloud)
+
+```bash
+# master server (Japan)
+docker-compose up -d master
+```
+
+### Client Setup (Cloud)
+
+```bash
+# bridge server (China)
+docker-compose up -d bridge
+```
+
+### Client Setup (Local)
+
+File: /etc/stunnel/stunnel.conf
+
+```ini
+foreground = yes
+client = yes
+
+[openvpn]
+accept = 127.0.0.1:1194
+connect = 1.2.3.4:4911
+```
+
+> Pro Tip: Running stunnel locally is faster.
+
+### OpenVPN Setup (Partial)
+
+```ini
+# For Cloud Setup
+...
+remote 5.6.7.8 1194 tcp
+route 192.168.0.0 255.255.0.0 net_gateway
+...
+```
+
+```ini
+# For Local Setup
+...
+remote 127.0.0.1 1194 tcp
+route 1.2.3.4 255.255.255.255 net_gateway
+route 192.168.0.0 255.255.0.0 net_gateway
+....
+```
+
+### References
+
+- <https://community.openvpn.net/openvpn/wiki>
diff --git a/stunnel/docker-compose.yml b/stunnel/docker-compose.yml
new file mode 100644
index 0000000..6613e66
--- /dev/null
+++ b/stunnel/docker-compose.yml
@@ -0,0 +1,12 @@
+stunnel:
+  image: vimagick/stunnel
+  ports:
+    - "4911:4911"
+  environment:
+    - CLIENT=no
+    - SERVICE=openvpn
+    - ACCEPT=0.0.0.0:4911
+    - CONNECT=server:1194
+  external_links:
+    - openvpn_server_1:server
+  restart: always
diff --git a/stunnel/docker-entrypoint.sh b/stunnel/docker-entrypoint.sh
new file mode 100755
index 0000000..de0c8ef
--- /dev/null
+++ b/stunnel/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+cd /etc/stunnel
+
+cat > stunnel.conf <<_EOF_
+foreground = yes
+setuid = stunnel
+setgid = stunnel
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+cert = /etc/stunnel/stunnel.pem
+client = ${CLIENT:-no}
+
+[${SERVICE}]
+accept = ${ACCEPT}
+connect = ${CONNECT}
+_EOF_
+
+if ! [ -f stunnel.pem ]
+then
+    openssl req -x509 -nodes -newkey rsa:2048 -days 3650 -subj '/CN=stunnel' \
+                -keyout stunnel.pem -out stunnel.pem
+    chmod 600 stunnel.pem
+fi
+
+exec stunnel "$@"