Created
June 4, 2013 07:49
-
-
Save mk-qi/5704283 to your computer and use it in GitHub Desktop.
通过squid+stunnel翻墙
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Recommended minimum configuration: | |
| # | |
| acl manager proto cache_object | |
| acl localhost src 127.0.0.1/32 ::1 | |
| acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 | |
| # Example rule allowing access from your local networks. | |
| # Adapt to list your (internal) IP networks from where browsing | |
| # should be allowed | |
| acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
| acl localnet src 172.16.0.0/12 # RFC1918 possible internal network | |
| acl localnet src 192.168.0.0/16 # RFC1918 possible internal network | |
| acl localnet src fc00::/7 # RFC 4193 local private network range | |
| acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
| acl SSL_ports port 443 | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| # | |
| # Recommended minimum Access Permission configuration: | |
| # | |
| # Only allow cachemgr access from localhost | |
| http_access allow manager localhost | |
| http_access deny manager | |
| http_access deny to_localhost | |
| http_access allow localnet | |
| http_access allow localhost | |
| http_access allow CONNECT SSL_ports | |
| dns_nameservers 8.8.8.8 | |
| # auth by mysql | |
| auth_param basic program /usr/lib64/squid/squid_db_auth --user someuser --password ihaveyou --plaintext --persist | |
| auth_param basic children 5 | |
| auth_param basic realm Web-Proxy | |
| auth_param basic credentialsttl 1 minute | |
| auth_param basic casesensitive off | |
| acl db-auth proxy_auth REQUIRED | |
| http_access allow db-auth | |
| always_direct allow all | |
| ssl_bump allow all | |
| forwarded_for off | |
| request_header_access X-FORWARDED-FOR deny all | |
| request_header_access Via deny all | |
| request_header_access Cache-Control deny all | |
| http_access deny all | |
| cache_access_log /var/log/squid/access.log | |
| # listens port 13128 | |
| # build key file | |
| # openssl req -new -x509 -days 365 -keyout stunnel.pem -nodes -out stunnel.pem | |
| # | |
| https_port 13128 cert=/etc/squid/keys/stunnel.pem key=/etc/squid/keys/stunnel.pem | |
| # Leave coredumps in the first cache dir | |
| coredump_dir /tmp/squid | |
| #visible_hostname | |
| visible_hostname i.proxy.oozk.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # stunnel file used to decode https | |
| # | |
| pid = /tmp/stunnel.pid | |
| # change the debug live as you need | |
| debug = 7 | |
| output = /tmp/stunnel.log | |
| # | |
| cert = /etc/stunnel/stunnel.pem | |
| key = /etc/stunnel/stunnel.pem | |
| client = yes | |
| [ssl2http] | |
| accept = 127.0.0.1:3128 | |
| connect = remotesquidserver:13128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment