Linux squid stunnel Proxy Server Installation configuration tutorial

Proxy server, there is no need to introduce, simply say the installation process. At the beginning of the hosting24 above, installation, how the installation has not been successful, replaced by Linode, half an hour on the deal, Guess hosting24 the agent made restrictions.

One, server description

A foreign VPS (recommended Linode), service-side squid

A company's internal PC, can access the external network on the line, the client Stunnel
To achieve the purpose, the company's internal staff, connecting the company's internal PC, through the Stunnel channel connection to the remote squid, the external network to check information, Google, the public find you 1100 degrees, suddenly looking back at you but in the walls outside. Alas.

Second, the service side installation Squid

1, install Squid

# yum Install squid OpenSSL openssl-devel

2, generate the encryption agent certificate

# Cd/etc/squid
# OpenSSL req-new > TANK.CSR/Request password and Confirm password
# OpenSSL rsa-in privkey.pem-out tank.key//Enter the password entered above
# OpenSSL x509-in tank.csr-out tank.crt-req-signkey tank.key-days 3650

3, configure Squid

# vim/etc/squid/squid.conf

ACL overconnlimit maxconn 10//Limit maximum allowed 10 connections per IP to prevent attack
Minimum_object_size 1 KB//min. minimum file request body size
Maximum_object_size 1 MB//afternoon maximum file request body size
Cache_swap_low 10//min allow to use swap 10%
Cache_swap_high 25//maximum allowable use of swap 25%
Cache_mem MB//memory available

/***************** above is new, the following is modified ************************/

Cache_dir ufs/var/spool/squid 2048 16 256//2048 storage space size, level 16, two level 256
Https_port 4430 CERT=/ETC/SQUID/TANK.CRT key=/etc/squid/tank.key//Port customizable
Http_access Allow all
VPS hard disk, memory is not rich, so the squid occupied by the memory and hard drive to be controlled.

4, start squid, and view

#/etc/init.d/squid Start

# PS aux |grep squid
Root 15984 0.0 0.0 103256 844 pts/0 s+ 17:31 0:00 grep squid
Root 16585 0.0 0.0 72484 4176? Ss 15:27 0:00 squid-f/etc/squid/squid.conf
Squid 16587 0.0 0.3 93064 29468? S 15:27 0:03 (squid)-f/etc/squid/squid.conf
Squid 16589 0.0 0.0 48632 2100? S 15:27 0:00 (Ncsa_auth)/etc/squid/passwd
Squid 16590 0.0 0.0 48632 1788? S 15:27 0:00 (Ncsa_auth)/etc/squid/passwd
Squid 16591 0.0 0.0 48632 1784? S 15:27 0:00 (Ncsa_auth)/etc/squid/passwd
Squid 16592 0.0 0.0 48632 1788? S 15:27 0:00 (Ncsa_auth)/etc/squid/passwd
Squid 16593 0.0 0.0 48632 1784? S 15:27 0:00 (Ncsa_auth)/etc/squid/passwd
Squid 16594 0.0 0.0 20084 1112? S 15:27 0:00 (UNLINKD)

VPS rarely have, since the start of the firewall, if there is a first turn off, and so are configured well in the open port.

Third, client installation configuration Stunnel

1, installation
# yum Install Stunnel
2, new configuration/etc/stunnel/stunnel.conf, add the following empty
Client = yes
[HTTPS]
Accept = 7071
Connect = ip:4430 of external network VPS

3, start Stunnel and view

# Stunnel//boot, default profile path/etc/stunnel/stunnel.conf

# PS aux |grep stunnel/view
Root 15972 0.0 0.0 103256 848 pts/0 s+ 17:30 0:00 grep stunnel
Root 21099 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 Stunnel
Root 21100 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 Stunnel
Root 21101 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 Stunnel
Root 21102 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 Stunnel
Root 21103 0.0 0.0 41532 1060 pts/0 S 15:42 0:00 Stunnel
Root 21104 0.0 0.0 2077984 6824? Ss 15:42 0:00 Stunnel

Here is installed, set the browser agent, fill out the LAN IP and port, you can access the extranet, this is not very safe, if you can add user certification will be a little safer