diff --git a/README.md b/README.md
index 83e7911..d07b177 100644
--- a/README.md
+++ b/README.md
@@ -172,6 +172,7 @@ A collection of delicious docker recipes.
     - [x] shadowsocks-libev-arm :+1:
 - [x] squid
 - [x] stunnel
+- [x] stunnel-arm
 - [x] tor
 
 ## VPN
diff --git a/stunnel/arm/Dockerfile b/stunnel/arm/Dockerfile
new file mode 100644
index 0000000..a175e89
--- /dev/null
+++ b/stunnel/arm/Dockerfile
@@ -0,0 +1,15 @@
+#
+# Dockerfile for stunnel-arm
+#
+
+FROM easypi/alpine-arm
+
+MAINTAINER kev <noreply@easypi.info>
+
+RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing stunnel
+
+COPY docker-entrypoint.sh /entrypoint.sh
+
+VOLUME /etc/stunnel
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/stunnel/arm/docker-compose.yml b/stunnel/arm/docker-compose.yml
new file mode 100644
index 0000000..2df2b74
--- /dev/null
+++ b/stunnel/arm/docker-compose.yml
@@ -0,0 +1,12 @@
+bridge:
+  image: easypi/stunnel-arm
+  ports:
+    - "1194:1194"
+  environment:
+    - CLIENT=yes
+    - SERVICE=openvpn
+    - ACCEPT=0.0.0.0:1194
+    - CONNECT=server:4911
+  extra_hosts:
+    - server:1.2.3.4
+  restart: always
diff --git a/stunnel/arm/docker-entrypoint.sh b/stunnel/arm/docker-entrypoint.sh
new file mode 100755
index 0000000..de0c8ef
--- /dev/null
+++ b/stunnel/arm/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+cd /etc/stunnel
+
+cat > stunnel.conf <<_EOF_
+foreground = yes
+setuid = stunnel
+setgid = stunnel
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+cert = /etc/stunnel/stunnel.pem
+client = ${CLIENT:-no}
+
+[${SERVICE}]
+accept = ${ACCEPT}
+connect = ${CONNECT}
+_EOF_
+
+if ! [ -f stunnel.pem ]
+then
+    openssl req -x509 -nodes -newkey rsa:2048 -days 3650 -subj '/CN=stunnel' \
+                -keyout stunnel.pem -out stunnel.pem
+    chmod 600 stunnel.pem
+fi
+
+exec stunnel "$@"