Setup SSL Tunnel Using Stunnel on Ubuntu

The Stunnel program is designed to work as an SSL encryption wrapper between remote client and server. It can be used to add SSL functionality.

What Stunnel basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography.

1.Update & Upgrade Ubuntu

apt-get update && apt-get upgrade

2.Install Stunnel on VPS

apt-get install stunnel4 -y

3.Create SSL Certificate

openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

4.configure Stunnel on VPS

vim /etc/stunnel/stunnel.conf

So overall the stunnel.conf file must contain the lines below:

client = no
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

Note: The client = no part isn’t necessary, Stunnel by default is set to server mode.

Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file

ENABLED=1

Finally, restart Stunnel for configuration to take effect, using this command:

/etc/init.d/stunnel4 restart

5.Install Squid Proxy

apt-get install squid3 -y

Configure Stunnel in Client

Using a SFTP client such as Filezilla, connect to your server and download the stunnel.pem file located in “/etc/stunnel/” directory to the client.

Install Stunnel on your choice of OS. Then go to the Stunnel folder and move the downloaded certificate stunnel.pem to Stunnel folder.

So stunnel.conf file in the client should look like this:

cert = stunnel.pem
client = yes
[squid]
accept = 127.0.0.1:8080
connect = [Server’s Public IP]:8888

Save and close the file and run stunnel.exe.

That’s it. Now when we want to connect to Squid proxy on our cloud server, we must configure our client to connect to 127.0.0.1:8080, and Stunnel automatically connects us through a secure tunnel to the service specified for that port.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Check a Website Availability from the Linux Command Line
Viewed 6900 times since Mon, Feb 18, 2019
A Quick and Practical Reference for tcpdump
Viewed 12737 times since Fri, Jul 27, 2018
www.unixarena.com
Viewed 2638 times since Fri, Jul 27, 2018
BIND for the Small LAN
Viewed 3626 times since Sun, May 20, 2018
Use inotify-tools on CentOS 7 or RHEL 7 to watch files and directories for events
Viewed 14348 times since Fri, Jul 27, 2018
RHEL: Displaying system info (firmware, serial numbers... )
Viewed 12343 times since Sun, May 27, 2018
20 Linux Command Tips and Tricks That Will Save You A Lot of Time linux
Viewed 5052 times since Thu, Apr 18, 2019
RHEL: Rebuilding the initial ramdisk image
Viewed 8004 times since Sat, Jun 2, 2018
Linux An introduction to swap space on Linux systems
Viewed 2685 times since Thu, Jan 23, 2020
SSH: Execute Remote Command or Script – Linux
Viewed 2641 times since Mon, Feb 18, 2019