设备:需要两台服务器
一,外部服务器 属于外网 ip 为 47.106.8.100
1,安装squid软件
2,vi /etc/squid/squid.conf
acl localnet src 192.168.0.0/16 # 根据实际情况修改,添加允许 stunnel-client 的ip地址
http_port 3128 # squid监听端口
3,配置stunnel
yum -y install stunnel openssl openssl-devel
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel #生成证书
openssl gendh 512>> stunnel.pem #不是必须的
4,修改配置文件
vi /etc/stunnel/stunnel.conf
cert = /etc/stunnel/stunnel.pem
CAfile = /etc/stunnel/stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
pid = /tmp/stunnel.pid
verify = 3
fips=no
setuid = root
setgid = root
client=no
compression = zlib
delay = no
sslVersion = SSLv3
debug = 4
syslog = no
output = stunnel.log
[sproxy]
accept =0.0.0.0:7765
connect =172.18.162.195:3128 #外部服务器的内网地址
二,本地服务器 ip为192.168.3.35
1,安装stunnel软件(以centos7.3为例)
yum -y install stunnel openssl openssl-devel
2,修改配置文件
cert = /etc/stunnel/stunnel.pem
CAfile = /etc/stunnel/stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 2
client=yes
fips=no
ciphers=AES256-SHA
delay = no
failover=prio
sslVersion = SSLv3
#debug = 4
#syslog = no
output = /etc/stunnel/stunnel.log
[sproxy]
accept =192.168.3.35:6666
connect =47.106.8.100:7765 #任选一个空闲端口,两边需一至
3,将外部服务器端生成的证书复制到/etc/stunnel/ 下
4,启动stunnel服务
# stunnel
三,使用,配置浏览器的代理服务器
备注,内容仅供参考,如要转载,请标明出处,如有疑问,可以本人沟通