Setup SSL Tunnel Using Stunnel on Ubuntu
The Stunnel program is designed to work as an SSL encryption wrapper between remote client and server. It can be used to add SSL functionality.
What Stunnel basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography.
1.Update & Upgrade Ubuntu
apt-get update && apt-get upgrade
2.Install Stunnel on VPS
apt-get install stunnel4 -y3.Create SSL Certificate
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem4.configure Stunnel on VPS
vim /etc/stunnel/stunnel.confSo overall the “stunnel.conf” file must contain the lines below:
client = no
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pemNote: The client = no part isn’t necessary, Stunnel by default is set to server mode.
Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file
ENABLED=1Finally, restart Stunnel for configuration to take effect, using this command:
/etc/init.d/stunnel4 restart5.Install Squid Proxy
apt-get install squid3 -yConfigure Stunnel in Client
Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client.
Install Stunnel on your choice of OS. Then go to the Stunnel folder and move the downloaded certificate “stunnel.pem” to Stunnel folder.
So “stunnel.conf” file in the client should look like this:
cert = stunnel.pem
client = yes
[squid]
accept = 127.0.0.1:8080
connect = [Server’s Public IP]:8888Save and close the file and run “stunnel.exe”.
That’s it. Now when we want to connect to Squid proxy on our cloud server, we must configure our client to connect to 127.0.0.1:8080, and Stunnel automatically connects us through a secure tunnel to the service specified for that port.
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word