#生成密钥 stunnel.pem,生成过程需要填写地域、邮箱等信息
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
#Diffie-Hellman密钥创建
openssl gendh 512 >> stunnel.pem [old]
openssl dhparam 2048 >> stunnel.pem
[new]
#rehash 证书directory
c_rehash .
c_rehash . [old]
openssl rehash . [new]
useradd -d /etc/stunnel -s /bin/false -r stunnel
mkdir /var/run/stunnel
mkdir /var/log/stunnel
chown stunnel:stunnel /var/log/stunnel
chown stunnel:stunnel /var/run/stunnel
chmod -R +r /etc/stunnel
/etc/stunnel/stunnel.conf
cert=/etc/stunnel/stunnel.pem
key=/etc/stunnel/stunnel.pem
CApath=/etc/stunnel/clients/
#pid=/var/run/stunnel.pid
output=/var/log/stunnel/access.log
setuid=stunnel
setgid=stunnel
verifyChain=no
verifyPeer=yes
syslog=yes
#debug=7
compression=zlib
client=no
[squid]
accept=8080
connect=127.0.0.1:3128
client /etc/stunnel/stunnel.conf
[https]
client = yes
cert=/etc/stunnel/stunnel.pem
accept = 127.0.0.1:7080
connect = 192.168.1.1:8080
TIMEOUTclose = 0
Add new comment