云计算的最终目标是将计算、服务和应用作为一种公共设施提供给公众,使人们能够像使用水、电、煤气和电话那样使用计算机资源。云计算模式即为电厂集中供电模式。在云计算模式下,用户的计算机会变的十分简单,或许不大的内存、不需要硬盘和各种应用软件,就可以满足我们的需求。下面讲给大家分享一些云计算的开发技术,今天分享Squid + stunnel 实现代理内网访问http https。
环境:
机器A:10.25.241.188 外网ip就不提供了 (可以连接外网和阿里云服务器内网)
机器B:10.81.48.156 (只有内网)
实现:在机器B上面可以访问http和https
1)安装squid
yum命令直接在线安装squid
[root@openstack ~]# yum install -y gcc openssl openssl-devel #依赖软件要先提前安装
[root@openstack ~]# yum install squid
安装完成后,修改squid.conf 文件中的内容,修改之前可以先备份该文件
[root@openstack ~]# cd /etc/squid/
[root@openstack squid]# cp squid.conf squid.conf_bak
[root@openstack squid]# vim squid.conf
http_access allow all #修改deny为allow
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256 打开这个注释 保证这个目录存在
2)启动squid,启动前进行测试和初始化
[root@openstack squid]# squid -k
[root@openstack squid]# squid -z #初始化
[root@openstack squid]# systemctl start squid
安全组打开3128端口
3)安装stunnel服务端
[root@dev-new-test1 ~]# cd /usr/local/src/
[root@dev-new-test1 src]# pwd
/usr/local/src
官网下载:http://www.stunnel.org/downloads.html
[root@dev-new-test1 ~]#yum install -y openssl openssl-devel gcc
[root@dev-new-test1 src]# ls
stunnel-5.45.tar.gz
[root@dev-new-test1 src]# tar -zvxf stunnel-5.45.tar.gz
[root@dev-new-test1 src]# ls
stunnel-5.45 stunnel-5.45.tar.gz
[root@dev-new-test1 src]# cd stunnel-5.45
[root@dev-new-test1 stunnel-5.45]# ./configure
[root@dev-new-test1 stunnel-5.45]# make && make install
安装完成后,配置stunnel.conf
[root@dev-new-test1 stunnel-5.45]# cd /usr/local/etc/stunnel/
[root@dev-new-test1 stunnel]# ls
stunnel.conf-sample
[root@dev-new-test1 stunnel]# cp stunnel.conf-sample stunnel.conf
[root@dev-new-test1 stunnel]# ls
stunnel.conf stunnel.conf-sample
[root@dev-new-test1 stunnel]#vim stunnel.conf #把原来内容清空,写入:
cert = /usr/local/etc/stunnel/1.pem
client = no
[squid]
accept = 8088
connect = 127.0.0.1:3128 #运行本机stunnel端口8088连接squid服务端192.168.1.5的3128端口,然后在/etc/profile里配置本机8088端口代理(如下)
cert = /usr/local/etc/stunnel/1.pem
生成证书:
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout 1.pem
openssl gendh 512 >> 1.pem
cat stunnel.pem >> 1.pem
4)启动stunnel服务
[root@dev-new-test1 stunnel]# /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
[root@dev-new-test1 stunnel]# ps -ef|grep stunnel
root 20281 1 0 02:23 ? 00:00:00 /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
root 20283 13002 0 02:23 pts/0 00:00:00 grep --color stunnel
[root@dev-new-test1 stunnel]# lsof -i:8088
客户端内网服务器配置:
1)安装stunnel客户端
[root@dev-new-test1 ~]# cd /usr/local/src/
[root@dev-new-test1 src]# pwd
/usr/local/src
官网下载:http://www.stunnel.org/downloads.html
[root@dev-new-test1 ~]#yum install -y openssl openssl-devel gcc
[root@dev-new-test1 src]# ls
stunnel-5.45.tar.gz
[root@dev-new-test1 src]# tar -zvxf stunnel-5.45.tar.gz
[root@dev-new-test1 src]# ls
stunnel-5.45 stunnel-5.45.tar.gz
[root@dev-new-test1 src]# cd stunnel-5.45
[root@dev-new-test1 stunnel-5.45]# ./configure
[root@dev-new-test1 stunnel-5.45]# make && make install
安装完成后,配置stunnel.conf
[root@dev-new-test1 stunnel-5.45]# cd /usr/local/etc/stunnel/
[root@dev-new-test1 stunnel]# ls
stunnel.conf-sample
[root@dev-new-test1 stunnel]# cp stunnel.conf-sample stunnel.conf
[root@dev-new-test1 stunnel]# ls
stunnel.conf stunnel.conf-sample
[root@dev-new-test1 stunnel]#vim stunnel.conf #把原来内容清空,写入:
client = yes
[https]
accept = 127.0.0.1:8099
connect = 10.25.241.188:8088 #本地服务的8099端口连接服务端的8088端口
2)配置/etc/profile系统环境变量
底部添加下面两行
[root@dev-new-test1 stunnel]# vim /etc/profile
…
export http_proxy=http://10.25.241.188:3128
export https_proxy=http://127.0.0.1:8099
[root@dev-new-test1 stunnel]# source /etc/profile
测试:
[root@dev-new-test1 stunnel]# curl http://www.baidu.com
[root@dev-new-test1 stunnel]# curl https://www.baidu.com
