Total Pageviews

Friday, 8 March 2013

在linux VPS创建加密的squid代理,客户机器使用stunnel实现翻墙

(本文有问题,请参见
http://briteming.blogspot.com/2015/08/squidchrome.html来搭建加密的squid代理
 

wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.13.tar.bz2
tar jxvf squid-3.5.13.tar.bz2  
cd squid-3.5.13 
./configure --enable-ssl --enable-auth-basic=DB --enable-basic-auth-helpers="NCSA,PAM,SASL,DB"
make  (此步骤耗时15分钟)
make install)

首先现在服务器上配置squid:
wget http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.4.tar.gz
tar zxvf squid-3.2.4.tar.gz
cd  squid-3.2.4
./configure --enable-ssl --enable-auth-basic=DB --enable-basic-auth-helpers="NCSA,PAM,SASL,DB"
make
make install


注:如果make时,有错误提示:

ext_file_userip_acl.cc:254: error: ‘errno’ was not declared in this scope



修改

helpers/external_acl/file_userip/ext_file_userip_acl.cc


#include "util.h"
下面加一行
#include <cerrno>即可解决。(参考http://www.zhaokunyao.com/archives/3974)



安装完成后生成加密代理证书:


cd /usr/local/squid/etc/


openssl req -new > lidongbest5.csr
openssl rsa -in privkey.pem -out lidongbest5.key
openssl x509 -in lidongbest5.csr -out lidongbest5.crt -req -signkey lidongbest5.key -days 3650


在/usr/local/squid/etc/squid.conf 中将http_port 3128注释掉,并加入下面一行:
https_port 443 cert=/usr/local/squid/etc/lidongbest5.crt key=/usr/local/squid/etc/lidongbest5.key

并且在文件中,将http_access deny all改为 http_access allow all


注:如果文件路径有问题,还请自行whereis查找
。

启动squid:


# /usr/local/squid/sbin/squid


# ps aux|grep squid (查看一下squid是否在运行)


(运行squid时,如果提示 :


FATAL: getpwnam failed to find userid for effective user 'squid',解决方法:


useradd -s /bin/false squid


如果运行squid,又遇到提示:


WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied,解决方法:


chmod 777 /var/logs/)


 


 接下来在WINDOWS中下载stunnel,地址:ftp://ftp.stunnel.org/stunnel/

安装后启动。把c:\program files\stunnel中的stunnel.conf的内容清空,写入:
client = yes
[https]
accept = 127.0.0.1:7777
connect = server的IP:443


保存。然后设置浏览器的 HTTP Proxy:127.0.0.1 Port:7777,即可翻墙。


 


看看文字还行,看youtube基本没戏,不能跟SSH TUNNEL相比。


 




参考:http://lidongbest5.com/blog/6/


-------------------------------------------------------


 



搭建squid加密代理服务器






参考文章:
http://www.linuxidc.com/Linux/2009-09/21934.htm



步骤: 下载squid源码:http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.2-20121013-r11676.tar.gz



解压:


tar zxvf squid-3.2.2-20121013-r11676.tar.gz




cd到目录:


cd squid-3.2.2-20121013-r11676




执行configure


cd squid-3.2.2-20121013-r11676
./configure --enable-ssl --enable-auth-basic=DB --enable-basic-auth-helpers="NCSA"
make && make install




安装完成后,生成证书:


openssl req -new > codeif.csr
openssl rsa -in privkey.pem -out codeif.key
openssl x509 -in codeif.csr -out codeif.crt -req -signkey codeif.key -days 3650




在/usr/local/squid/etc/squid.conf 中将http_port 3128注释掉,并加入下面:


visible_hostname zhxy
#http_port 3128
https_port 443 cert=/usr/local/squid/etc/codeif.crt key=/usr/local/squid/etc/codeif.key




将http_access deny all改为 http_access allow all



启动squid:


cd /usr/local/squid
./sbin/squid -z
./sbin/squid reload
./sbin/squid restart




windows上下载stunnel安装,现在地址: ftp://ftp.stunnel.org/stunnel/



安装后配置stunnel.conf
把原来的内容都删掉,粘贴下面的内容


client = yes
[https]
accept = 127.0.0.1:8080
connect = server的IP:443




启动客户端,本地浏览器设置http代理为127.0.0.1 8080就可以了



我们只是做一个代理的作用,需要把cache关闭掉,可以在squid.conf中加入下面的语句:


cache deny all




如果还有问题,可以找到日志文件所在的目录:/usr/local/squid/var/logs, 找到对应的提示就知道原因了 比如我这就有日志文件缺失和没有写权限的问题.




from http://www.codeif.com/post/839/


------------------------------- 


 


如果要编译普通的 squid代理(即不加密的squid代理),可参看


http://briteming.blogspot.com/2013/03/http-proxy-squidpacketix-vpn.html












Posted by



at



























Labels: