Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Squid+Stunnel to build proxy server on CentOS". In daily operation, I believe that many people have doubts about how to use Squid+Stunnel to build proxy server on CentOS. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubt of "how to use Squid+Stunnel to build proxy server on CentOS". Next, please follow the editor to study!

Proxy server, there is no need to introduce, briefly talk about the installation process. At the beginning, it was installed on hosting24, but the installation was not successful. Instead of linode, it was done in half an hour. It is speculated that hosting24 has imposed restrictions on the agent.

One, server description

A foreign vps (recommended linode), server squid

A company's internal PC, can access the external network on the line, client stunnel

To achieve the goal, the company's internal personnel, connect the company's internal PC, connect the remote squid through the stunnel channel, check the information on the external network, Google, the public to find you thousands of degrees, suddenly look back on you outside the high wall. Yeah.

Second, the server installs squid

1, install squid

The code is as follows:

# yum install squid openssl openssl-devel

2, generate encryption proxy certificate

The code is as follows:

# cd / etc/squid

# openssl req-new > tank.csr / / requires a password and confirmation password

# openssl rsa-in privkey.pem-out tank.key / / enter the password entered above

# openssl x509-in tank.csr-out tank.crt-req-signkey tank.key-days 3650

3, configure squid

The code is as follows:

# vim / etc/squid/squid.conf

Acl OverConnLimit maxconn 10 / / limit a maximum of 10 connections per IP to prevent attacks

Minimum_object_size 1 KB / / minimum file request body size

Maximum_object_size 1 MB / / allow noon maximum file request body size

Cache_swap_low 10 / / minimum swap 10% allowed

Cache_swap_high 25 / / maximum allowed swap 25%

Cache_mem 300MB / / available memory

/ * the above is added, and the following is modified * /

Cache_dir ufs / var/spool/squid 2048 16256 / / 2048 storage space, 16 first-level directories and 256 second-level directories

The https_port 4430 cert=/etc/squid/tank.crt key=/etc/squid/tank.key / / port is customizable

Http_access allow all

Vps hard disk, memory is not rich, so the memory and hard disk occupied by squid should be controlled.

4, start squid and view

The code is as follows:

# / etc/init.d/squid start

# ps aux | grep squid

Root 15984 0.0 103256 844 pts/0 S + 17:31 0:00 grep squid

Root 16585 0.0 0.0 72484 4176? Ss 15:27 0:00 squid-f / etc/squid/squid.conf

Squid 16587 0.0 0.3 93064 29468? S 15:27 0:03 (squid)-f / etc/squid/squid.conf

Squid 16589 0.0 0.0 48632 2100? S 15:27 0:00 (ncsa_auth) / etc/squid/passwd

Squid 16590 0.0 0.0 48632 1788? S 15:27 0:00 (ncsa_auth) / etc/squid/passwd

Squid 16591 0.0 0.0 48632 1784? S 15:27 0:00 (ncsa_auth) / etc/squid/passwd

Squid 16592 0.0 0.0 48632 1788? S 15:27 0:00 (ncsa_auth) / etc/squid/passwd

Squid 16593 0.0 0.0 48632 1784? S 15:27 0:00 (ncsa_auth) / etc/squid/passwd

Squid 16594 0.0 0.0 20084 1112? S 15:27 0:00 (unlinkd)

VPS is rare, self-boot to turn on the firewall, if there is first turn off, and so on are all configured, in the open port.

Third, install and configure stunnel on the client side

1, install

The code is as follows:

# yum install stunnel

2. Add new configuration / etc/stunnel/stunnel.conf, and add the following inner spaces

The code is as follows:

Client = yes

Fips = no

[https]

Accept = 7071

Connect = IP:4430 of the public network VPS

If reported, add fips = no to the FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does not match,stunnel.conf configuration file

3, start stunnel and view

The code is as follows:

# stunnel/ / Startup, default profile path / etc/stunnel/stunnel.conf

# ps aux | grep stunnel / / View

Root 15972 0.0 103256 848 pts/0 S + 17:30 0:00 grep stunnel

Root 21099 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 stunnel

Root 21100 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 stunnel

Root 21101 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 stunnel

Root 21102 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 stunnel

Root 21103 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 stunnel

Root 21104 0.0 0.0 2077984 6824? Ss 15:42 0:00 stunnel

Installed here, set up the browser proxy, fill in the local area network IP and port, you can access the external network, this is not very secure, if you can add user authentication, a little more secure.

Fourth, user authentication

1. Add authenticated user test123

The code is as follows:

# htpasswd-c / etc/squid/passwd test123

2. Configure agent and user authentication

The code is as follows:

# vim / etc/squid/squid.conf / / add the following

Auth_param basic program / usr/lib64/squid/ncsa_auth / etc/squid/passwd / / Authentication method is basic, authentication program path and password file path

Auth_param basic children 5 / / the number of processes of the authentication program

Auth_param basic credentialsttl 1 hours / / valid time of certification

Auth_param basic realm my test prosy / / browser displays what is displayed when entering a user / password dialog box

Acl test123 proxy_auth REQUIRED

Http_access allow test123 / / ordinary users need to be authenticated to access

Http_access deny all / / bottom, matching is from top to bottom

3. Restart squid

The code is as follows:

# / etc/init.d/squid restart

In this way, the squid proxy is set up. If the proxy IP and port are set up in the browser, the authentication box will pop up and the user name and password will be entered.

4Magi php can also use proxy server.

The code is as follows:

Function testCurl ($url) {

$ch = curl_init ()

Curl_setopt ($ch, CURLOPT_URL, $gurl)

Curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1)

Curl_setopt ($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE)

Curl_setopt ($ch, CURLOPT_PROXY, "192.168.1.18 CURLOPT_PROXY 7071"); / / ip/ port

Curl_setopt ($ch, CURLOPT_PROXYUSERPWD, 'test123:123456'); / / authenticated user and password

$result=curl_exec ($ch)

Curl_close ($ch)

Return $result

}

Echo testCurl ("google.com")

At this point, the study on "how to use Squid+Stunnel to build a proxy server on CentOS" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.