Shulou(Shulou.com)06/03 Report--

one。 Environment introduction

Usually I use ss here, today I will test squid+stunnel to implement the proxy service.

1. Server: CVM, server squid

two。 Local intranet PC, as long as you can access the Internet, client stunnel

two。 Server installs squid

1. Install squid

Yum install squid openssl openssl-devel-y

two。 Generate encryption proxy certificate

Cd / etc/squid

Openssl req-new > tank.csr / / requires a password and confirmation password, and the last step is to write the server hostname

Openssl rsa-in privkey.pem-out tank.key / / enter the password entered above

Openssl x509-in tank.csr-out tank.crt-req-signkey tank.key-days 3650

3. Configure squid

Vi / etc/squid/squid.conf

New optimized configuration

Acl OverConnLimit maxconn 10 / / limit a maximum of 10 connections per IP

Minimum_object_size 1 KB / / minimum file request body size

Maximum_object_size 1 MB / / allow noon maximum file request body size

Cache_swap_low 10 / / minimum swap 10% allowed

Cache_swap_high 25 / / maximum allowed swap 25%

Cache_mem 300MB / / available memory

Cache_dir ufs / var/spool/squid 2048 16256 / / 2048 storage space, 16 first-level directories and 256 second-level directories

The https_port 4430 cert=/etc/squid/tank.crt key=/etc/squid/tank.key / / port is customizable

Http_access allow all

4. Start squid and view

Systemctl restart squid

Check the port startup status. The following is normal.

Remember to configure the server firewall, or turn it off.

three。 Client installation configuration stunnel

1.linux installation

Linux machine yum install stunnel-y of intranet

New configuration / etc/stunnel/stunnel.conf

Client = yes

Fips = no

[https]

Accept = 7071

Connect = the public network IP:4430 of the server

Start stunnel and view

[root@server1 ~] # stunnel

Stunnel/ / startup, default profile path / etc/stunnel/stunnel.conf

Install it here, set up the browser proxy, fill in the local area network IP and port, and you can access it. What is used on my computer is to configure the address and open the agent.

The test is normal

Note: if this linux host wants to access the outside, you also need to set the environment variable, as shown below

[root@server1 ~] # vi / etc/profile

Add at the bottom:

Export http_proxy= http://127.0.0.1:7071

Export https_proxy= http://127.0.0.1:7071

Export ftp_proxy= http://127.0.0.1:7071 # ftp may not be used

Export no_proxy= "localhost, 127.0.0.1,:: 1"

[root@server1 ~] # source / etc/profile

2.windows installation

Install the ftp://ftp.stunnel.org/stunnel/stunnel-5.56-win64-installer.exe client

Configure connection

Configuration,reload configuration after configuration

Then the browser plug-in connects and the test is normal.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.