AWS EC2 builds scientific Internet (SQUID + stunnel)

Time:2019-12-9

1. Register AWS account and start EC2 example

Note for account registration:

##11. Email must be gmail,
##1.2 open the security group of the specified port

2. Schematic diagram of scientific Internet access

AWS EC2 builds scientific Internet (SQUID + stunnel)
Stunnel is mainly used to encrypt and decrypt data so that HTTPS can be accessed normally

3. Stunnel client installation

Installation address
Window: after the download is complete, start stunnel (a series of parameters will be filled in during installation, which can be filled in at will), and add them after the configuration file
Window to check whether the port is open:netstat -an |find "3130"

[https]
Accept = 3130 (turn on a 3130 agent locally)
Connect = xx.xx.xx.xx: 3129 (IP + port number to connect stunnel server)
CERT = C: \ users \ XXX \ documents \ stunnel.pem (the PEM is stunnel server consistent)
client = yes

Start success chart:
AWS EC2 builds scientific Internet (SQUID + stunnel)

3. Build squid and stunnel with stunnel server

3.1 squid building

On the stunnel server
yum install -y squid
vim /etc/squid/squid.confmodify

vim /etc/squid/squid.conf


# http_access deny all
http_access allow all

Start squid:systemctl start squid
To see if the squid port starts port 3128:netstat -ntpl |grep squid

3.2 setup of stunnel server

yum install -y stunnel

3.2.1 generate certificate

openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
OpenSSL gendh 512 > > stunnel.pem ා not required
PS: in this case, there is a file of stunnel.pem with private key and certificate (corresponding to the above stunnel client PEM)

3.2.2 modify stunnel configuration

vim /etc/stunnel/stunnel.confAdd the following:

cert = /root/stunnel.pem
CAfile = /root/stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

;;;chroot = /var/run/stunnel
pid = /tmp/stunnel.pid
verify = 3

;;; CApath = certs
;;; CRLpath = crls
;;; CRLfile = crls.pem

;setuid = stunnel
;setgid = stunnel

;;; client=yes
compression = zlib
;;; taskbar = no
delay = no
;;; failover = rr
;;; failover = prio
sslVersion = TLSv1
fips=no

debug = 7
syslog = no
output = stunnel.log

[sproxy]
Accept = 3129 (corresponding to the port of stunnel client connect)
Connect = 127.0.0.1:3128 (connect SQUID)

Start stunnel:stunnel
PS: configuration succeeded if there is no information
Check success:ps aux | grep stunnel

4. Set up agent

It is recommended to use the Chrome extension switchyomega as an agent

Proxy IP: 127.0.0.1:3130
AWS EC2 builds scientific Internet (SQUID + stunnel)

AWS EC2 builds scientific Internet (SQUID + stunnel)

This window is a scientific Internet access success.
Reference 1
Reference 2
Reference 3
Refer to windows MAC Linux