Shulou(Shulou.com)06/01 Report--

This article shows you how to achieve Squid+stunnel agent intranet access, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

The ultimate goal of cloud computing is to provide computing, services, and applications to the public as a public facility, enabling people to use computer resources like water, electricity, gas and telephones. Cloud computing mode is the centralized power supply mode of power plant. In the cloud computing model, users' computers will become very simple, perhaps not large memory, do not need hard drives and a variety of application software, can meet our needs. Next, let's share some cloud computing development technologies. Today, we share Squid + stunnel to implement proxy intranet access to http https.

Environment:

Machine ip 10.25.241.188 is not available in the external network (you can connect the public network to the private network of the Ali CVM)

Machine BRV 10.81.48.156 (intranet only)

Implementation: http and https can be accessed on machine B.

1) install squid

The yum command installs squid directly online

[root@openstack] # yum install-y gcc openssl openssl-devel # dependent software should be installed in advance

[root@openstack ~] # yum install squid

After the installation is complete, modify the contents of the squid.conf file. You can back up the file before you modify it.

[root@openstack ~] # cd / etc/squid/

[root@openstack squid] # cp squid.conf squid.conf_bak

[root@openstack squid] # vim squid.conf

Http_access allow all # change deny to allow

Http_port 3128

Cache_dir ufs / var/spool/squid 10016 256 Open this comment to ensure that this directory exists

2) start squid, test and initialize before startup

[root@openstack squid] # squid-k

[root@openstack squid] # squid-z # initialization

[root@openstack squid] # systemctl start squid

Security group opens port 3128

3) install stunnel server

[root@dev-new-test1 ~] # cd / usr/local/src/

[root@dev-new-test1 src] # pwd

/ usr/local/src

Download from the official website: http://www.stunnel.org/downloads.html

[root@dev-new-test1 ~] # yum install-y openssl openssl-devel gcc

[root@dev-new-test1 src] # ls

Stunnel-5.45.tar.gz

[root@dev-new-test1 src] # tar-zvxf stunnel-5.45.tar.gz

[root@dev-new-test1 src] # ls

Stunnel-5.45 stunnel-5.45.tar.gz

[root@dev-new-test1 src] # cd stunnel-5.45

[root@dev-new-test1 stunnel-5.45] #. / configure

[root@dev-new-test1 stunnel-5.45] # make & & make install

After the installation is complete, configure stunnel.conf

[root@dev-new-test1 stunnel-5.45] # cd / usr/local/etc/stunnel/

[root@dev-new-test1 stunnel] # ls

Stunnel.conf-sample

[root@dev-new-test1 stunnel] # cp stunnel.conf-sample stunnel.conf

[root@dev-new-test1 stunnel] # ls

Stunnel.conf stunnel.conf-sample

[root@dev-new-test1 stunnel] # vim stunnel.conf # empty the original content and write:

Cert = / usr/local/etc/stunnel/1.pem

Client = no

[squid]

Accept = 8088

Connect = 127.0.0.1 connect 3128 # run native stunnel port 8088 to connect to port 3128 of squid server 192.168.1.5, and then configure native port 8088 proxy in / etc/profile (as below)

Cert = / usr/local/etc/stunnel/1.pem

Generate a certificate:

Openssl req-new-x509-days 365-nodes-out stunnel.pem-keyout 1.pem

Openssl gendh 512 > > 1.pem

Cat stunnel.pem > > 1.pem

4) start the stunnel service

[root@dev-new-test1 stunnel] # / usr/local/bin/stunnel / usr/local/etc/stunnel/stunnel.conf

[root@dev-new-test1 stunnel] # ps-ef | grep stunnel

Root 20281 1 0 02:23? 00:00:00 / usr/local/bin/stunnel / usr/local/etc/stunnel/stunnel.conf

Root 20283 13002 13002 pts/0 00:00:00 grep-color stunnel

[root@dev-new-test1 stunnel] # lsof-iRu 8088

Client private network server configuration:

1) install stunnel client

[root@dev-new-test1 ~] # cd / usr/local/src/

[root@dev-new-test1 src] # pwd

/ usr/local/src

Download from the official website: http://www.stunnel.org/downloads.html

[root@dev-new-test1 ~] # yum install-y openssl openssl-devel gcc

[root@dev-new-test1 src] # ls

Stunnel-5.45.tar.gz

[root@dev-new-test1 src] # tar-zvxf stunnel-5.45.tar.gz

[root@dev-new-test1 src] # ls

Stunnel-5.45 stunnel-5.45.tar.gz

[root@dev-new-test1 src] # cd stunnel-5.45

[root@dev-new-test1 stunnel-5.45] #. / configure

[root@dev-new-test1 stunnel-5.45] # make & & make install

After the installation is complete, configure stunnel.conf

[root@dev-new-test1 stunnel-5.45] # cd / usr/local/etc/stunnel/

[root@dev-new-test1 stunnel] # ls

Stunnel.conf-sample

[root@dev-new-test1 stunnel] # cp stunnel.conf-sample stunnel.conf

[root@dev-new-test1 stunnel] # ls

Stunnel.conf stunnel.conf-sample

[root@dev-new-test1 stunnel] # vim stunnel.conf # empty the original content and write:

Client = yes

[https]

Accept = 127.0.0.1pur8099

Connect = 10.25.241.188 8088 # Port 8099 of the local service connects to port 8088 of the server

2) configure / etc/profile system environment variables

Add the following two lines at the bottom

[root@dev-new-test1 stunnel] # vim / etc/profile

.

Export http_proxy= http://10.25.241.188:3128

Export https_proxy= http://127.0.0.1:8099

[root@dev-new-test1 stunnel] # source / etc/profile

Test:

[root@dev-new-test1 stunnel] # curl http://www.baidu.com

[root@dev-new-test1 stunnel] # curl https://www.baidu.com

The above content is how to achieve agent private network access by Squid+stunnel. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.