stunnel-server

#!/bin/bash

# need to be run as root
if [[ $EUID -ne 0 ]]; then
    echo "must to be run as root"
    exit 1
fi

# giving user passwordless sudo privileges
who=`whoami`
myhomepath=$(cat /etc/passwd|grep $who|awk -F: ‘{print $6}‘)

# receive specific port from cmd, if no, default 8888
PORT=${1:-8888}

#install package
sudo apt-get install -y squid stunnel


# generate key, including client & server
cd /etc/stunnel

openssl req -new -x509 -days 3650 -batch -nodes -config /usr/share/doc/stunnel4/examples/stunnel.cnf -out server.pem -keyout server.pem
openssl req -new -x509 -days 3650 -batch -nodes -config /usr/share/doc/stunnel4/examples/stunnel.cnf -out client.pem -keyout client.pem

# modify (if not exist, will create) stunnel config
sudo cat <<EOF >/etc/stunnel/stunnel.conf
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
debug = 7
output = stunnel.log

cert = /etc/stunnel/server.pem
#sslVersion = SSLv3

verify = 4
CAfile = /etc/stunnel/client.pem

socket = r:TCP_NODELAY=1
socket = l:TCP_NODELAY=1

[squid]
accept = $PORT
connect = 127.0.0.1:3128
EOF

# config squid
sudo sed -i -r "s/^#acl localnet src 10.0.0.0/acl localnet src 10.0.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src 172.16.0.0/acl localnet src 172.16.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src 192.168.0.0/acl localnet src 192.168.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src fc00::/acl localnet src fc00::/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src fe80::/acl localnet src fe80::/g" /etc/squid3/squid.conf
sudo sed -i -r "/acl Safe_ports port 777/a acl SSL_ports port 443 6667 7709 143 993 585 5223 29418 \\n" /etc/squid3/squid.conf
sudo sed -i -r "/acl CONNECT method CONNECT/a acl irc_port port 6667\\nacl irc dstdomain irc.freenode.net\\nhttp_access allow irc irc_port \\n" /etc/squid3/squid.conf


# important...
sed -i -r "s/ENABLED=0/ENABLED=1/g" /etc/default/stunnel4

# restart service
sudo service stunnel4 restart