Pages

Friday, 7 December 2018

mac上,安装stunnel,然后运行可执行文件stunnel,用来翻墙


yudeMacBook-Air:~ brite$ brew install stunnel
会显示:
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/cask and homebrew/core).
==> New Formulae
php@7.2
==> Updated Formulae
arcade-learning-environment              opencv
astrometry-net                           opencv@2
aubio                                    pandoc-crossref
elasticsearch                            pgweb
fx                                       php
gnuradio                                 php@5.6
graph-tool                               php@7.1
kibana                                   phpunit
knot-resolver                            rust
kubernetes-helm                          scipy
logstash                                 shibboleth-sp
nss                                      stunnel
numpy                                    urh
nwchem                                   xml-security-c
openblas                                 xml-tooling-c
==> Deleted Formulae
php@7.0

==> Migrating HOMEBREW_REPOSITORY (please wait)...
Error: /usr/local/Homebrew already exists.
Please remove it manually or uninstall and reinstall Homebrew into a new
location as the migration cannot be done automatically.
==> Installing dependencies for stunnel: openssl
==> Installing stunnel dependency: openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2q.sierra.bottl
######################################################################## 100.0%
==> Pouring openssl-1.0.2q.sierra.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have openssl first in your PATH run:
  echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

For compilers to find openssl you may need to set:
  export LDFLAGS="-L/usr/local/opt/openssl/lib"
  export CPPFLAGS="-I/usr/local/opt/openssl/include"

For pkg-config to find openssl you may need to set:
  export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"

==> Summary
🍺  /usr/local/Cellar/openssl/1.0.2q: 1,794 files, 12.3MB
==> Installing stunnel
==> Downloading https://homebrew.bintray.com/bottles/stunnel-5.50.sierra.bottle.
######################################################################## 100.0%
==> Pouring stunnel-5.50.sierra.bottle.tar.gz
==> Caveats
A bogus SSL server certificate has been installed to:
  /usr/local/etc/stunnel/stunnel.pem

This certificate will be used by default unless a config file says otherwise!
Stunnel will refuse to load the sample configuration file if left unedited.

In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
==> Summary
🍺  /usr/local/Cellar/stunnel/5.50: 40 files, 651.4KB
==> Caveats
==> openssl
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

openssl is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have openssl first in your PATH run:
  echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

For compilers to find openssl you may need to set:
  export LDFLAGS="-L/usr/local/opt/openssl/lib"
  export CPPFLAGS="-I/usr/local/opt/openssl/include"

For pkg-config to find openssl you may need to set:
  export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"

==> stunnel
A bogus SSL server certificate has been installed to:
  /usr/local/etc/stunnel/stunnel.pem

This certificate will be used by default unless a config file says otherwise!
Stunnel will refuse to load the sample configuration file if left unedited.

In your stunnel configuration, specify a SSL certificate with
the "cert =" option for each service.
yudeMacBook-Air:~ brite$
-------------

我的补充说明

上面安装stunnel后,
然后运行:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.profile
echo 'export LDFLAGS="-L/usr/local/opt/openssl/lib"' >> ~/.profile
echo 'export CPPFLAGS="-I/usr/local/opt/openssl/include"' >> ~/.profile
echo 'export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"' >> ~/.profile
source ~/.profile

cd /usr/local/etc/stunnel/

yudeMacBook-Air:stunnel brite$ ls
stunnel.conf stunnel.conf-sample
stunnel.pem         stunnel.conf-sample.default

yudeMacBook-Air:stunnel brite$ rm -rf stunnel.pem
(删除没用的stunnel.pem文件)

然后按此文https://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html替你的域名(yourdomain.com)申请免费证书。(当然yourdomain.com要先解析到你服务器的ip)

然后把服务器上的/etc/letsencrypt/live/yourdomain.com/fullchain.pem和/etc/letsencrypt/live/yourdomain.com/privkey.pem下载到mac机器上的/usr/local/etc/stunnel/里面。
yudeMacBook-Air:stunnel brite$ ls
fullchain.pem stunnel.conf-sample
privkey.pem stunnel.conf-sample.default
stunnel.conf
yudeMacBook-Air:stunnel brite$ nano stunnel.conf
yudeMacBook-Air:stunnel brite$ cat stunnel.conf
显示:
...
cert = /usr/local/etc/stunnel/fullchain.pem
key = /usr/local/etc/stunnel/privkey.pem
client = yes

[https]
accept  = 127.0.0.1:10803
connect = vps-ip:440
...
yudeMacBook-Air:stunnel brite$ stunnel stunnel.conf
(这条命令stunnel stunnel.conf是运行在后台的,所以运行后,关闭该terminal窗口无妨。)

关于服务器端的搭建,详见https://briteming.blogspot.com/2012/01/vpsstunnel.html

然后设置你的浏览器的http代理为127.0.0.1,端口10803,浏览器即可翻墙。
(建议chrome+switchyomega或firefox+switchyomega下,设置http代理.如果直接在firefox下,设置http代理,是翻不了墙的,我也不知道为什么

Mac OSX 上还可以使用 GoAgentX,附带的 Stunnel 功能可以转换 SSL proxy



--------------------------

相关帖子:
https://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html
https://briteming.blogspot.com/2012/01/vpsstunnel.html

No comments:

Post a Comment