1.更新软件包信息
apt-get update
2.下载stunnel
apt-get install stunnel
3.进入这个目录之后会看到有一个配置文件 /usr/share/doc/stunnel4/examples/stunnel.conf-sample
cd /etc/stunnel
4.将该配置文件备份
cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample stunnel.conf
5.修改当前的这个配置文件
首先指定 cert 和 key:
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
这个key文件(“stunnel.pem”)我们稍后生成。
然后注释掉所有的默认服务,而只保留[https]这一节,不过我这里把https里的connect端口设置为了8443,这里的意思就是,Stunnel会在这台主机上监听443端口,并将连接转到8443端口上。所以你的主机上需要在8443端口有一个服务。而这个服务,稍后我们将安装一个Squid来提供。
;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25 [https] accept = 443 connect = 8443 ;TIMEOUTclose = 0
其他配置方面,可以先打开详尽的日志记录以方便调试:
; Some debugging stuff useful for troubleshooting debug = 7 output = /var/log/stunnel4/stunnel.log
测试完毕后,建议将上面的 “debug = 7″ 注释掉(顺便提及,注释就是用‘;‘开头的行),或者修改为5以下的数值。保留在7会产生大量的日志,日志文件很快就会变的很大。
另外,默认配置文件是采用了chroot机制,如下所示,这段不需要修改,使用起来没有问题:
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid
这就是Stunnel的配置文件,本身就是很简单的一个配置文件,主要就是设置了一下key文件的路径,然后指定了服务端口。
不过除此之外,还要修改一个地方:
# cd /etc/default # vi stunnel4
这里要设置为ENABLED=1,默认是不使能stunnel服务的:
# Change to one to enable stunnel automatic startup ENABLED=1
5.生成key并启动Stunnel服务
启动stunnel服务之前,需要生成一组密钥:
# cd /etc/stunnel # openssl req -new -nodes -x509 -out stunnel.pem -keyout stunnel.pem
运行命令后,终端上会有几个问题需要你输入你的设定,基本没有什么意义,自己随便给吧:
root@czy-virtual-machine:/etc/stunnel# openssl req -new -nodes -x509 -out stunnel.pem -keyout stunnel.pem Generating a 2048 bit RSA private key ..............................................+++ ..........................................+++ writing new private key to 'stunnel.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:XM Locality Name (eg, city) []:XM Organization Name (eg, company) [Internet Widgits Pty Ltd]:XM Organizational Unit Name (eg, section) []:XM Common Name (e.g. server FQDN or YOUR name) []:Evelyn Email Address []:Evelyn@ursalink.com