标签:请求 准备 tar 设置 delay gif stunnel ini des
1.浏览器设置代理,将请求发送给Stunnel A进行加密
2.加密的请求可以越过防火墙,发送给Stunnel B
3.Stunnel B接收到请求,再将请求解密后转发到Squid B监听的端口
4.Squid B会去请求资源,然后将具体获得的响应交给Stunnel B来加密
5.Stunnel B加密后将信息返回Stunnel A
6.Stunnel A再将消息解密后返回给请求端口。
服务器:CentOs7
客户端: Win7
yum install squid -y
# 启动squid,默认监听3128端口
service squid start
#安装stunnel yum install stunnel -y cd /etc/stunnel/ #生成密钥 stunnel.pem,生成过程需要填写地域、邮箱等信息 openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem #Diffie-Hellman密钥创建 openssl gendh 512>> stunnel.pem #在/etc/stunnel/文件夹下创建配置文件 vi stunnel.conf
#修改后启动,默认会读取/etc/stunnel/stunnel.conf文件,也可以自己指定
stunnel
#具体内容如下:
##########
cert = /etc/stunnel/stunnel.pem CAfile = /etc/stunnel/stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;;;chroot = /var/run/stunnel pid = /etc/stunnel/stunnel.pid verify = 3 ;;; CApath = certs ;;; CRLpath = crls ;;; CRLfile = crls.pem ;setuid = stunnel ;setgid = stunnel ;;; client=yes compression = zlib ;;; taskbar = no delay = no ;;; failover = rr ;;; failover = prio sslVersion = TLSv1 fips=no debug = 7 syslog = no output = /etc/stunnel/stunnel.log [sproxy] accept = 34567 connect = 127.0.0.1:3128
Win7 下载stunnel.exe安装即可
配置文件修改如下,其中stunnel.pem通过ftp从服务端弄下来就行
client = yes [https]
# accept为浏览器需要填写的代理端口号,代理ip写本机即可 accept = 9191
# connect stunnel将请求加密后会发送到该IP:Port connect = 47.88.26.158:34567
# 加密用的证书和key cert = E:\stunnel\stunnel.pem key = E:\stunnel\stunnel.pem TIMEOUTclose=0
标签:请求 准备 tar 设置 delay gif stunnel ini des
原文地址:http://www.cnblogs.com/zaixiuxing/p/6110557.html
