stunnel+squid搭建代理服务器
2018-01-22 15:32
453 查看
一、网络环境
主机A :192.168.0.11主机B:66.0.0.6
主机C:4.2.2.2
主机A和B互通,B和C互通,A访问C网络较慢或不通,可以通过stunnel+squid代理跳转访问。
二、squid 安装配置
squid和stunnel可以在主机B上配置,也可在不同主机配置实现网络跳转。这里squid和stunnel server在主机B配置,stunnel client 在客户端主机A配置安装
yum install squid
配置
vim /etc/squid/squid.conf,主要配置如下两处
acl localnet src 66.0.0.6/32 # 根据实际情况修改,添加允许 stunnel-client 的ip地址 http_port 3128 # squid监听端口
启动服务
service squid start
三、stunnel 配置
安装yum -y install stunnel openssl openssl-devel
1、stunnel server 配置
生成证书认证文件openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem openssl gendh 512>> stunnel.pem #不是必须的
配置
vim /etc/stunnel/stunnel_ser.conf (;;; 注释形式) cert = /etc/stunnel/stunnel.pem ;;;# 认证文件 CAfile = /etc/stunnel/stunnel.pem ;;;# 认证文件 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;;;chroot = /var/run/stunnel pid = /tmp/stunnel_server.pid verify = 3 ;;; CApath = certs ;;; CRLpath = crls ;;; CRLfile = crls.pem setuid = web setgid = web ;;; client=yes compression = zlib ;;; taskbar = no delay = no ;;; failover = rr ;;; failover = prio ;;; sslVersion = TLSv1 ;;; fips=no sslVersion = all ;;; options = NO_SSLv2 ;;; options = NO_SSLv3 debug = 7 syslog = no output = /var/logs/stunnel_server.log client = no ;;;# 服务端 [sproxy] accept = 44550 ;;;# 监听端口 connect = 66.0.0.6:3128 ;;;# squid服务连接端口
启动服务
stunnel /etc/stunnel/stunnel_ser.conf
2、squid client 安装配置
yum -y install stunnel openssl openssl-devel vim /etc/stunnel/stunnel_cli.conf cert = /usr/local/etc/stunnel/stunnel_cli.pem ;;;#步骤1中生成的stunnel.pem,改了名字而已 CAfile = /usr/local/etc/stunnel/stunnel_cli.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;;;chroot = /var/run/stunnel pid = /tmp/stunnel.pid verify = 3 ;;; CApath = certs ;;; CRLpath = crls ;;; CRLfile = crls.pem setuid = web setgid = web ;;; client=yes compression = zlib ;;; taskbar = no delay = no ;;; failover = rr ;;; failover = prio ;;; fips=no sslVersion = all ;;; options = NO_SSLv2 ;;; options = NO_SSLv3 debug = 7 syslog = no output = /data/logs/stunnel.log client = yes ;;;# 客户端 [sproxy] accept = 0.0.0.0:44550 ;;;# 监听地址 connect = 66.0.0.6:44550 ;;;# stunnel 服务端地址
四、测试及错误解决
测试:配置代理服务器地址:192.168.0.11,端口44550后,可以访问主机C错误解决:
stunnel 报错:CERT: Verification error: certificate has expired
stunnel客户端连不上服务端,连上几秒就断开了,具体报错信息如下
# stunnel 客户端: 2017.09.25 10:16:19 LOG7[13955:140155381970688]: Starting certificate verification: depth=0, /C=CN/L=Default City/O=Default Company Ltd 2017.09.25 10:16:19 LOG4[13955:140155381970688]: CERT: Verification error: certificate has expired 2017.09.25 10:16:19 LOG4[13955:140155381970688]: Certificate check failed: depth=0, /C=CN/L=Default City/O=Default Company Ltd 2017.09.25 10:16:19 LOG7[13955:140155381970688]: SSL alert (write): fatal: certificate expired 2017.09.25 10:16:19 LOG3[13955:140155381970688]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 2017.09.25 10:16:19 LOG5[13955:140155381970688]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2017.09.25 10:16:19 LOG7[13955:140155381970688]: Remote socket (FD=13) closed 2017.09.25 10:16:19 LOG7[13955:140155381970688]: Local socket (FD=3) closed 2017.09.25 10:16:19 LOG7[13955:140155381970688]: Service [sproxy] finished (0 left) # stunnel 服务端: 2017.09.25 10:13:24 LOG7[15546:140344803059456]: SSL state (accept): SSLv3 flush data 2017.09.25 10:13:24 LOG7[15546:140344803059456]: SSL alert (read): fatal: certificate expired 2017.09.25 10:13:24 LOG3[15546:140344803059456]: SSL_accept: 14094415: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired 2017.09.25 10:13:24 LOG5[15546:140344803059456]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2017.09.25 10:13:24 LOG7[15546:140344803059456]: sproxy finished (0 left)
需要安装上面的证书生成命令,重新生成证书后手动更新
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
相关文章推荐
- CentOS上使用Squid+Stunnel搭建代理服务器教程
- 编译 Squid3 搭建HTTPS代理服务器
- 如何在fedora20上用squid搭建代理服务器
- 在虚拟机上搭建代理服务器,使用squid
- 如何在Linux上用Squid搭建代理服务器
- 正向代理/反向代理/透明代理/透明模式 squid XP搭建代理服务器方法
- liunx 系统下 squid 搭建HTTP 代理服务器
- 使用squid在阿里云服务器上搭建自己的代理服务器
- squid搭建http/https代理服务器
- squid+stunnel为docker配置代理服务器
- vps搭建加密squid+stunnel
- Linux下使用Squid搭建代理服务器
- 如何在linux上用squid搭建代理服务器_足够详细
- 用Squid3搭建缓存代理服务器
- Linux下使用Squid搭建代理服务器
- 如何在linux上用squid搭建代理服务器