Chinaunix首页 | 论坛 | 博客

强龙ygl23.blog.chinaunix.net

首页 |  博文目录 |  关于我

ygl23

  • 博客访问: 1676997
  • 博文数量: 391
  • 博客积分: 8464
  • 博客等级: 中将
  • 技术积分: 4589
  • 用 户 组: 普通用户
  • 注册时间: 2008-12-13 15:12
个人简介

狮子的雄心,骆驼的耐力,孩子的执著!

文章分类

全部博文(391)

文章存档

2023年(4)

2018年(9)

2017年(13)

2016年(18)

2014年(7)

2013年(29)

2012年(61)

2011年(49)

2010年(84)

2009年(95)

2008年(22)

我的朋友
最近访客
推荐博文
相关博文
国外vps+squid+stunnel实现加密自由翻墙

分类: 系统运维

2017-01-05 18:49:50

squid安装配置
首先安装squid
yum install squid
安装完成,接下来就是修改配置文件以符合我们的要求:
vim /etc/squid/squid.conf
将http_access deny all
改为http_access allow all
  1. http_access allow localnet
  2. http_access allow localhost
修改默认的监听端口:
因为我要访问google,facebook等网站,主要作用是访问web页面,所以我要将监听端口设为80以起到代理缓存加速功能:
http_port 80
在squid.conf 添加主机地址:
  1. acl manager proto cache_object
  2. acl localhost src 127.0.0.1/32 ::1
  3. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
添加代理端口:
  1. acl SSL_ports port 995
  2. acl SSL_ports port 993
  3. acl SSL_ports port 465
  4. acl SSL_ports port 443
如果想要代理所有端口的话可以添加
acl SSL_ports port 1-65535
全部代理
这是测试的配置文件:
  1. #
  2. # Recommended minimum configuration:
  3. #
  4. acl manager proto cache_object
  5. acl localhost src 127.0.0.1/32 ::1
  6. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
  7.  
  8. # Example rule allowing access from your local networks.
  9. # Adapt to list your (internal) IP networks from where browsing
  10. # should be allowed
  11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  12. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  14. acl localnet src fc00::/7 # RFC 4193 local private network range
  15. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  16.  
  17. acl SSL_ports port 995
  18. acl SSL_ports port 993
  19. acl SSL_ports port 465
  20. acl SSL_ports port 443
  21. acl Safe_ports port 80 # http
  22. acl Safe_ports port 21 # ftp
  23. acl Safe_ports port 443 # https
  24. acl Safe_ports port 70 # gopher
  25. acl Safe_ports port 210 # wais
  26. acl Safe_ports port 1025-65535 # unregistered ports
  27. acl Safe_ports port 280 # http-mgmt
  28. acl Safe_ports port 488 # gss-http
  29. acl Safe_ports port 591 # filemaker
  30. acl Safe_ports port 777 # multiling http
  31. acl CONNECT method CONNECT
  32.  
  33. #
  34. # Recommended minimum Access Permission configuration:
  35. #
  36. # Only allow cachemgr access from localhost
  37. http_access allow manager localhost
  38. http_access deny manager
  39.  
  40. # Deny requests to certain unsafe ports
  41. http_access deny !Safe_ports
  42.  
  43. # Deny CONNECT to other than secure SSL ports
  44. http_access deny CONNECT !SSL_ports
  45.  
  46. # We strongly recommend the following be uncommented to protect innocent
  47. # web applications running on the proxy server who think the only
  48. # one who can access services on "localhost" is a local user
  49. #http_access deny to_localhost
  50. #
  51. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  52. #
  53.  
  54. # Example rule allowing access from your local networks.
  55. # Adapt localnet in the ACL section to list your (internal) IP networks
  56. # from where browsing should be allowed
  57. http_access allow localnet
  58. http_access allow localhost
  59.  
  60. # And finally deny all other access to this proxy
  61. http_access allow all
  62.  
  63. # Squid normally listens to port 3128
  64. #http_port 3128
  65. http_port 80
  66. # We recommend you to use at least the following line.
  67. hierarchy_stoplist cgi-bin ?
  68.  
  69. # Uncomment and adjust the following to add a disk cache directory.
  70. #cache_dir ufs /var/spool/squid 100 16 256
  71.  
  72. # Leave coredumps in the first cache dir
  73. coredump_dir /var/spool/squid
  74.  
  75. # Add any of your own refresh_pattern entries above these.
  76. refresh_pattern ^ftp: 1440 20% 10080
  77. refresh_pattern ^gopher: 1440 0% 1440
  78. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  79. refresh_pattern . 0 20% 4320
下面是squid常用命令作用:
使用squid命令启动
squid -s后台启动
squid -z初始化
squid -k reconfigure 重新加载配置文件
squid -k shutdown 停止squid
然后netstat -anp看一下端口

tcp        0      0 :::80                       :::*                        LISTEN      3625/(squid)

squid安装配置完毕。
安装stunnel server 为了方便直接用yum 安装,当然也可以使用源代码安装,具体安装就不多说了

yum install stunnel
yum install stunnel
安装完成后生成一个证书,要填一下,就是城市,公司等等,可以随便填需要openssl提前请安装好
 修改配置文档:
/usr/share/doc/stunnel-4.29/stunnel.conf
这是测试的stunnel.conf 文件,可以直接复制
  1. #sion=zlib
  2. fips=no
  3. syslog=yes
  4. debug=7
  5. output=/var/log/stunnel.log
  6. setuid=root
  7. setgid=root
  8. pid=/var/run/stunnel.pid
  9. cert=/opt/stunnel/stunnel.pem
  10. key=/opt/stunnel/stunnel.pem
  11. client=no
  12. [squid]
  13. accept=443
  14. connect=127.0.0.1:80
accept是stunnel的监听端口
connect是我转发的端口,也就是squid的端口
我将证书放在了/opt/stunnel下面了,pid 和cert指向证书
保存,退出
启动stunnel

/usr/bin/stunnel /usr/share/doc/stunnel-4.29/stunnel.conf

如果是二进制安装的话
/usr/local/bin/stunnel   
看一下端口
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      11589/stunnel
stunnel安装完成
stunnel客户端安装配置
下载stunnel windows客户端,网上一大片,
在stunnel安装路径下
修改stunnel.conf
  1. ;Enable support for the insecure SSLv3 protocol 默认使用SSL23
  2. options = -NO_SSLv3
  3. client = yes
  4. [squid]
  5. accept = 8088
  6. connect = stunnel server ip:443
打开桌面stunnel启动ok了
在IE浏览器里面设置代理,127.0.0.1 端口是:8088
ok可以打开google facebook等网站了。









阅读(2043) | 评论(0) | 转发(0) |
0

上一篇:novnc安装与使用

下一篇:valgrind 的使用简介

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6