stunnel

Submitted by lepton on Tue, 01/03/2017 - 10:07

#生成密钥 stunnel.pem,生成过程需要填写地域、邮箱等信息

openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

#Diffie-Hellman密钥创建

openssl gendh 512 >> stunnel.pem [old]

openssl dhparam 2048 >> stunnel.pem [new]


#rehash 证书directory
c_rehash .

c_rehash . [old]

openssl rehash . [new]

 

useradd -d /etc/stunnel -s /bin/false -r stunnel

mkdir /var/run/stunnel

mkdir /var/log/stunnel

chown stunnel:stunnel  /var/log/stunnel

chown stunnel:stunnel  /var/run/stunnel

chmod -R +r /etc/stunnel

/etc/stunnel/stunnel.conf

cert=/etc/stunnel/stunnel.pem
key=/etc/stunnel/stunnel.pem
CApath=/etc/stunnel/clients/
#pid=/var/run/stunnel.pid
output=/var/log/stunnel/access.log

setuid=stunnel
setgid=stunnel

verifyChain=no
verifyPeer=yes

syslog=yes
#debug=7
compression=zlib
client=no

[squid]
accept=8080
connect=127.0.0.1:3128

 

 

client /etc/stunnel/stunnel.conf

[https]
client = yes
cert=/etc/stunnel/stunnel.pem
accept  = 127.0.0.1:7080
connect = 192.168.1.1:8080
TIMEOUTclose = 0

Comments

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.