Equipment: need two servers
An external server belonging to the external network ip 47.106.8.100
1, the installation software squid
2, we /etc/squid/squid.conf
acl localnet src 192.168.0.0/16 # 根据实际情况修改,添加允许 stunnel-client 的ip地址
http_port 3128 # squid监听端口
3, configure stunnel
yum -y install stunnel openssl openssl-devel
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel #生成证书
openssl gendh 512>> stunnel.pem #不是必须的
4, modify the configuration file
we /etc/stunnel/stunnel.conf
cert = /etc/stunnel/stunnel.pem
CAfile = /etc/stunnel/stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
pid = /tmp/stunnel.pid
verify = 3
fips=no
setuid = root
setgid = root
client=no
compression = zlib
delay = no
sslVersion = SSLv3
debug = 4
syslog = no
output = stunnel.log
[sproxy]
accept =0.0.0.0:7765
connect =172.18.162.195:3128 #外部服务器的内网地址
Second, the local server ip is 192.168.3.35
1, install stunnel software (for example to centos7.3)
yum -y install stunnel openssl openssl-devel
2, modify the configuration file
= /etc/stunnel/stunnel.pem CERT
-CAfile = /etc/stunnel/stunnel.pem
Socket = L: =. 1 the TCP_NODELAY
Socket = R & lt: the TCP_NODELAY. 1 =
Verify = 2
Client = Yes
FIPS = NO
ciphers the AES256 = the SHA-
Delay = NO
failover = PRIO
sslVersion = SSLv3
#debug. 4 =
#syslog = NO
Output = /etc/stunnel/stunnel.log
[SPROXY]
Accept = 192.168.3.35: 6666
Connect = 47.106.8.100: # 7765 selects an idle port, both sides a need to
3, the external server-generated copy of the certificate to the / etc / stunnel / lower
4, start stunnel service
# stunnel
Third, use, configure your browser's proxy server
Note, for reference only, such as to reprint, please indicate the source, if in doubt, I can communicate