很高兴能够帮助您配置Squid+Stunnel。以下是一些基本步骤:
安装Squid和Stunnel 首先,您需要在服务器上安装Squid和Stunnel。这可以通过运行以下命令来完成:
apt-get update apt-get install squid stunnel配置Squid 编辑Squid配置文件,通常位于/etc/squid/squid.conf。确保以下设置已启用或添加到文件中: “` http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem key=/etc/squid/ssl_cert/myCA.key acl localnet src 192.168.0.0/16 # your local network subnet acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
HTTPS interception settings
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
Cache settings
cache_dir ufs /var/spool/squid3 10000 16 256
Log settings
access_log /var/log/squid3/access.log squid
3. 生成证书
运行以下命令来生成SSL证书:
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout /etc/squid/ssl_cert/myCA.key -out /etc/squid/ssl_cert/myCA.pem
您需要输入一些信息以生成证书。
4. 配置Stunnel
编辑Stunnel配置文件,通常位于/etc/stunnel/stunnel.conf。确保以下设置已启用或添加到文件中:
[https] accept = 443 connect = 127.0.0.1:3128
cert=/etc/squid/ssl_cert/myCA.pem key=/etc/squid/ssl_cert/myCA.key
[http] accept = 80 connect = 127.0.0.1:3128
cert=/etc/squid/ssl_cert/myCA.pem key=/etc/squid/ssl_cert/myCA.key
5. 启动服务并测试连接。
运行以下命令启动Squid和Stunnel服务:
service stunnel4 start service squid start “`
现在您应该可以通过HTTPS连接到Squid代理服务器。请注意,浏览器可能会显示一个警告,因为您使用的是自签名的SSL证书。
