yudeMacBook-Air:~ brite$ brew install stunnel
会显示:
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/cask and homebrew/core).
==> New Formulae
php@7.2
==> Updated Formulae
arcade-learning-environment opencv
astrometry-net opencv@2
aubio pandoc-crossref
elasticsearch pgweb
fx php
gnuradio php@5.6
graph-tool php@7.1
kibana phpunit
knot-resolver rust
kubernetes-helm scipy
logstash shibboleth-sp
nss stunnel
numpy urh
nwchem xml-security-c
openblas xml-tooling-c
==> Deleted Formulae
php@7.0
==> Migrating HOMEBREW_REPOSITORY (please wait)...
Error: /usr/local/Homebrew already exists.
Please remove it manually or uninstall and reinstall Homebrew into a new
location as the migration cannot be done automatically.
==> Installing dependencies for stunnel: openssl
==> Installing stunnel dependency: openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2q.sierra.bottl
######################################################################## 100.0%
==> Pouring openssl-1.0.2q.sierra.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have openssl first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
For compilers to find openssl you may need to set:
export LDFLAGS="-L/usr/local/opt/openssl/lib"
export CPPFLAGS="-I/usr/local/opt/openssl/include"
For pkg-config to find openssl you may need to set:
export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"
==> Summary
🍺 /usr/local/Cellar/openssl/1.0.2q: 1,794 files, 12.3MB
==> Installing stunnel
==> Downloading https://homebrew.bintray.com/bottles/stunnel-5.50.sierra.bottle.
######################################################################## 100.0%
==> Pouring stunnel-5.50.sierra.bottle.tar.gz
==> Caveats
A bogus SSL server certificate has been installed to:
/usr/local/etc/stunnel/stunnel.pem
This certificate will be used by default unless a config file says otherwise!
Stunnel will refuse to load the sample configuration file if left unedited.
In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
==> Summary
🍺 /usr/local/Cellar/stunnel/5.50: 40 files, 651.4KB
==> Caveats
==> openssl
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have openssl first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
For compilers to find openssl you may need to set:
export LDFLAGS="-L/usr/local/opt/openssl/lib"
export CPPFLAGS="-I/usr/local/opt/openssl/include"
For pkg-config to find openssl you may need to set:
export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"
==> stunnel
A bogus SSL server certificate has been installed to:
/usr/local/etc/stunnel/stunnel.pem
This certificate will be used by default unless a config file says otherwise!
Stunnel will refuse to load the sample configuration file if left unedited.
In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
yudeMacBook-Air:~ brite$
-------------
我的补充说明
上面安装stunnel后,
然后运行:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.profile
echo 'export LDFLAGS="-L/usr/local/opt/openssl/lib"' >> ~/.profile
echo 'export CPPFLAGS="-I/usr/local/opt/openssl/include"' >> ~/.profile
echo 'export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"' >> ~/.profile
source ~/.profile
cd /usr/local/etc/stunnel/
我的补充说明
上面安装stunnel后,
然后运行:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.profile
echo 'export LDFLAGS="-L/usr/local/opt/openssl/lib"' >> ~/.profile
echo 'export CPPFLAGS="-I/usr/local/opt/openssl/include"' >> ~/.profile
echo 'export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"' >> ~/.profile
source ~/.profile
cd /usr/local/etc/stunnel/
yudeMacBook-Air:stunnel brite$ ls
stunnel.conf stunnel.conf-sample
stunnel.pem stunnel.conf-sample.default
yudeMacBook-Air:stunnel brite$ rm -rf stunnel.pem
(删除没用的stunnel.pem文件)
然后按此文https://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html替你的域名(yourdomain.com)申请免费证书。(当然yourdomain.com要先解析到你服务器的ip)
然后把服务器上的/etc/letsencrypt/live/yourdomain.com/fullchain.pem和/etc/letsencrypt/live/yourdomain.com/privkey.pem下载到mac机器上的/usr/local/etc/stunnel/里面。
yudeMacBook-Air:stunnel brite$ ls
fullchain.pem stunnel.conf-sample
privkey.pem stunnel.conf-sample.default
stunnel.conf
yudeMacBook-Air:stunnel brite$ nano stunnel.conf
yudeMacBook-Air:stunnel brite$ cat stunnel.conf
显示:
...
cert = /usr/local/etc/stunnel/fullchain.pem
key = /usr/local/etc/stunnel/privkey.pem
client = yes
[https]
accept = 127.0.0.1:10803
connect = vps-ip:440
...
yudeMacBook-Air:stunnel brite$ stunnel stunnel.conf
(这条命令stunnel stunnel.conf是运行在后台的,所以运行后,关闭该terminal窗口无妨。)
关于服务器端的搭建,详见https://briteming.blogspot.com/2012/01/vpsstunnel.html
然后设置你的浏览器的http代理为127.0.0.1,端口10803,浏览器即可翻墙。
(建议chrome+switchyomega或firefox+switchyomega下,设置http代理.如果直接在firefox下,设置http代理,是翻不了墙的,我也不知道为什么)
Mac OSX 上还可以使用 GoAgentX,附带的 Stunnel 功能可以转换 SSL proxy
--------------------------
(建议chrome+switchyomega或firefox+switchyomega下,设置http代理.如果直接在firefox下,设置http代理,是翻不了墙的,我也不知道为什么)
Mac OSX 上还可以使用 GoAgentX,附带的 Stunnel 功能可以转换 SSL proxy
--------------------------
相关帖子:
https://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html
https://briteming.blogspot.com/2012/01/vpsstunnel.html
No comments:
Post a Comment