Simple construction of httpsproxy Server

Among various Internet access methods, httpsproxy may be the simplest, most convenient, and fast. It saves the trouble of vpn dial-up connections and installation of various clients, at the same time, the software used for building has a long history of great stability. Tucao: If you ask why such a good method is rarely used, the answer may be that it requires a lot of ￥ m

Among various Internet access methods, https proxy may be the simplest, most convenient, and fast. It saves the trouble of vpn dial-up connections and installation of various clients, at the same time, the software used for building has a long history of great stability. Tucao: If you ask why such a good method is rarely used, the answer may be that it requires a lot of ￥ m

Among various Internet access methods, https proxy may be the simplest, most convenient, and fast. It saves the trouble of vpn dial-up connections and installation of various clients, at the same time, the software used for building has a long history of great stability.

Tucao: If you ask why such a good method is rarely used, the answer may be that it requires a lot of $ money and a dual-currency/multi-currency credit card to buy these items: A virtual server vps, a domain name, and an SSL certificate. I recommend linode for vps. It is not because you can stamp this link and return 1.0 yuan to me after successful purchase, but because linode is quite generous, it will upgrade your CPU, memory, hard disk, bandwidth, and so on for free. For domain names and SSL certificates, refer to my previous article "how to buy cheap SSL certificates". All of them are thrown to the shopping cart for more than $150 a year. If the shopping cart is too slow, you can consider combining multiple users.

Let's get back to the point. There are a lot of server-side software for implementing https proxy. You can use the squid, which is quite stable, or you can use a lightweight http proxy program to match the stunnel, or try new talent? Node-spdyproxy is also supported.

The following describes a simple scheme: lightweight http proxy program? Tinyproxy + stunnel.

1. Install tinyproxy and stunnel

Install tinyproxy and stunnel using the package manager of each Linux release, for example:

$ Sudo yum install tinyproxy stunnel // For centos linux $ sudo pacman-S tinyproxy stunnel // for arch linux

After the installation is complete, set them to start with startup (optional ).

2. Set stunnel

Put your certificate private key and purchased certificate into/etc/stunnel, edit the file stunnel. conf, and specify the private key and Certificate file name first:

Cert =/etc/stunnel/mycert. pem
Key =/etc/stunnel/mykey. pem

It should be noted that the certificate purchased from the certificate service provider is usually a few small files, probably: a certificate for your domain name, a certificate chain, a root certificate. Open them in a text editor and copy and paste them into a file in the above order. This file is the file required in the above line of "cert =.

Then specify the port conversion. For example, bind the port 443 (default port of https) to the default port 8888 of tinyproxy:

[Https]
Accept = 443
Connect = 127.0.0.1: 8888

The name bound to the https item can be started at will. accept indicates the port listened on the local machine, and connect indicates the conversion location. The complete meaning is to add an SSL encryption layer for 127.0.0.1: 8888, and then provide external services through port 443.

3. Client settings

Currently, only google chrome browsers support https/spdy proxy by default (other browsers need to run stunnel on the client to translate https to http ). What's strange is that chrome does not set proxy independently, the global https settings of the system cannot be used (because the system's https Proxy refers to the http Proxy channel used when you access the https website, so you have to install the plug-in chrome? TunnelSwitch, and then set the https proxy to "your website Domain Name: 443" in this plug-in so that all the work is complete and you can directly access the internet.

4. A money-saving solution for a tough person

If you want to save the cost of purchasing an SSL certificate, you can generate a "self-signed" Certificate by yourself. However, if your proxy wants to share it with others, consider this method with caution, because it will make people who don't like it very hard.

Run the following command to generate a self-signed certificate:

openssl genrsa -out key.pem 1024openssl req -new -key key.pem -subj "/CN=localhost" -out req.pemopenssl x509 -req -days 365 -in req.pem -signkey key.pem -out cert.pem

Note that the above localhost should be changed to your domain name, and the key of the private key file will be used in the end. pem and Certificate file cert. pem, replace the two files with the location mentioned in step 2 above.

Then you need to import this cert. pem on the client to use the https proxy service you set up. The methods for importing certificates for each operating system are not the same.

• Is it troublesome in linux, and libnss3 is required? The command is as follows:

$ certutil -d "sql:$HOME/.pki/nssdb" -A -n dummy -i cert.pem -t C

• Use the keychain tool in mac osx to drag the certificate into the "certificate" column.
• Double-click the Certificate file in windows and select "root Trust" in the "Import to location" step.

Restart your chrome browser.

Original article address: Set up an https proxy Server. Thank you for sharing it.