CentOS上使用Squid+Stunnel搭建代理服务器
一、网络环境
主机A------->主机B------->google.com
本地主机 香港主机
主机A :192.168.99.11 CentOS 6.9 在公司局域网,这台服务器安装stunnel客户端 stunnel client
主机B: 47.75.77.179 CentOS 7.2.1511 香港服务器,可以访问google等国外网站 squid服务端和stunnel server服务端
主机A和B互通,主机A不可以访问google,B主机可以访问google 可以通过stunnel+squid代理跳转访问。
二、在主机B上配置squid 安装配置
squid和stunnel可以在主机B上配置,也可在不同主机配置实现网络跳转。这里squid和stunnel server在主机B配置 , stunnel client 在客户端主机A配置
· 安装 yum install squid
· 配置 vim /etc/squid/squid.conf,主要配置如下两处
acl localnet src 66.0.0.6/32 # 根据实际情况修改,添加允许 stunnel-client 的ip地址,也可以不配置,允许所有的访问
http_access allow all #允许所有的访问
http_port 6100 # squid监听端口
access_log /var/log/squid/access.log #定义访问日志
visible_hostname localhost
acl localnet src 23.89.144.124 #允许23.89.144.124访问
acl proxy_124 src 23.89.144.124 #一个主机有多个出口IP,从23.89.144.124过来的流量,再从23.89.144.124返回,客户显示的IP为23.89.144.124
tcp_outgoing_address 23.89.144.124 proxy_124
启动服务 service squid start
防火墙打开:6100
[root@47_75_77_179_c7 squid]# pwd
/var/log/squid
[root@47_75_77_179_c7 squid]# ls
access.log:访问日志文件 cache.log squidGuard.log
三、在主机B上配置stunnel服务端 配置
· 安装yum -y install stunnel openssl openssl-devel
1、stunnel server 配置
cd /etc/stunnel
· 生成证书认证文件
· openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
Generating a 2048 bit RSA private key
..................+++
...............+++
writing new private key to '/etc/stunnel4/stunnel.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:fj
Locality Name (eg, city) [Default City]:xm
Organization Name (eg, company) [Default Company Ltd]:hexin
Organizational Unit Name (eg, section) []:hexincorp
Common Name (eg, your name or your server's hostname) []:rscpass
Email Address []:rscpass@163.com
openssl gendh 512>> stunnel.pem #不是必须的
[root@47_75_77_179_c7 stunnel]# pwd
/etc/stunnel
[root@47_75_77_179_c7 stunnel]# ls
stunnel.conf:配置文件 stunnel.log:日志文件 stunnel.pem #认证文件,客户端和服务端一样
· 配置
vim /etc/stunnel/stunnel.conf (;;; 注释形式)
cert = /etc/stunnel/stunnel.pem ;;;# 认证文件
CAfile = /etc/stunnel/stunnel.pem ;;;# 认证文件
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
pid = /var/lib/stunnel4/stunnel.pid
verify = 3
setuid = root
setgid = root
client= no ;;;# 服务端
delay = no
sslVersion = TLSv1
debug = 7
syslog = yes
output = stunnel.log
[sproxy]
accept = 0.0.0.0:4567 ;;;# 监听端口
connect = 47.75.77.179:6100 ;;;# squid服务连接端口
[root@47_75_77_179_c7 stunnel]# ls
stunnel.conf stunnel.log stunnel.pem
· 启动服务 stunnel /etc/stunnel/stunnel_ser.conf
防火墙开启端口:4567
2、在主机A上配置stunnel client 客户端安装配置
yum -y install stunnel openssl openssl-devel
复制sever端的stunnel.pem到本地的/etc/stunnel目录下
vim /etc/stunnel/stunnel.conf
cert = /etc/stunnel/stunnel.pem ;;;#步骤1中生成的stunnel.pem,文件从服务器复制过来
CAfile = /etc/stunnel/stunnel.pem ;;;#步骤1中生成的stunnel.pem,文件从服务器复制过来
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
pid = stunnel.pid
verify = 3
setuid = root
setgid = root
client= yes ;;;# 客户端
delay = no
sslVersion = TLSv1
debug = 7
syslog = yes
output = stunnel.log ;;;访问日志文件
[sproxy]
accept = 0.0.0.0:8001 ;;;# 监听地址
connect = 47.75.77.179:4567 ;;;# stunnel 服务端地址
启动服务 stunnel /etc/stunnel/stunnel.conf
service iptables stop
chkconfig iptables off
防火墙开启8001端口
局域网其它电脑通过配置代理服务器(A主机)IP地址和端口就可以上国外网站:
如果需要远程服务的客官,可以添加我的微信:
