#!/bin/bash

# giving user passwordless sudo privileges
USER=`whoami`
MYPATH=$(cat /etc/passwd|grep $USER|awk -F: '{print $6}')

# need to be run as root
if [[ "$EUID" -ne 0 ]]; then
    echo "This script must be run as root"
    exit 1
fi

#parse args
while getopts "c:i:p:I:P:z:h" arg
do
    case $arg in
        c) CONFIG=$OPTARG
           if [[ ! -f "$CONFIG" ]]; then
               echo " unvalid arg for -c, ple make sure the config file is exist "
               exit 1
           fi
           ;;
        i) PROXY_IP=${OPTARG:-127.0.0.1} ;;
        p) PROXY_PORT=${OPTARG:-8888} ;;
        I) SERVER_IP=$OPTARG ;;
        P) SERVER_PORT=$OPTARG ;;
        z) ZTE_PROXY=${OPTARG:-proxysh.zte.com.cn}  ;;
        h)
           echo " -------------args for setting up stunnel--------------------"
           echo " -c: client certification"
           echo " -i: proxy ip, default to localhost
           echo " -p: proxy port, default to 8888"
           echo " -I: server ip
           echo " -P: server port listened in server"
           echo " -z: zte proxy, need to be consistent with system network set"
           echo "-------------------------------------------------------------"
           exit 0
           ;;
        ?) echo "unvalid arg"
           exit 1
           ;;
    esac
done

if [[ ! $CONFIG || ! $SERVER_IP || ! $SERVER_PORT ]]; then
    echo " need args, ple use -h for help..."
    exit 1
fi

HTTP_PROXY=http://$PROXY_IP:$PROXY_PORT
NO_PROXY=localhost,127.0.0.1,10.*.*.*/8

# use internal apt-source
INTER_APT_SOURCE=10.62.99.232

function use_internal_apt_source {
    sudo mv /etc/apt/sources.list /etc/apt/sources.list.bk
    sudo cat <<EOF >/etc/apt/sources.list
deb http://$INTER_APT_SOURCE/common/ubuntu trusty main restricted multiverse universe

deb http://$INTER_APT_SOURCE/common/ubuntu trusty-security main restricted multiverse universe

deb http://$INTER_APT_SOURCE/common/ubuntu trusty-updates main restricted multiverse universe

deb http://$INTER_APT_SOURCE/common/ubuntu trusty-proposed main restricted multiverse universe

deb http://$inter_apt_source/common/ubuntu trusty-backports main restricted multiverse universe
EOF

    sudo apt-get update
}

# if use internal apt-source to install stunnel,
# after install stunnel successfully, ple change back original apt-source
function change_back_apt_source {
    sudo mv /etc/apt/sources.list.bk /etc/apt/sources.list
}

# (optional) if can not connect to wwww, user internal apt-source
use_internal_apt_source

sudo apt-get install -y stunnel
# (optional) no matter if stunnel package is installed, change back to origin apt-source
change_back_apt_source

sudo cat << EOF > /etc/stunnel/client.conf
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4-client.pid
client = yes
cert = /etc/stunnel/client.pem
sslVersion = SSLv3

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[squid]
accept = $PROXY_PORT
protocol = connect
protocolHost = $SERVER_IP:$SERVER_PORT
connect = $ZTE_PROXY:80
EOF

sudo cp $CONFIG /etc/stunnel/client.pem
sudo sed -i -r "s/ENABLED=0/ENABLED=1/g" /etc/default/stunnel4

# restart stunnel
sudo service stunnel4 restart

#config proxy: append to $MYPATH/.profile
cat <<EOF >> /$MYPATH/.profile
export http_proxy=$HTTP_PROXY
export https_proxy=$HTTP_PROXY
export no_proxy=$NO_PROXY
EOF

sudo cat <<EOF > /etc/apt/apt.conf
Acquire::http::proxy \"$HTTP_PROXY/\";
Acquire::https::proxy \"$HTTP_PROXY/\";
EOF

source $MYPATH/.profile
sudo apt-get update

  

stunnel-client的更多相关文章

  1. Stunnel使用2

    1.首先测试一下stunnel.exe,是否能正常运行,正常的话,不会报错,在桌面右下角位置显示. 2.第一步完成后,打开stunnel.conf,对stunnel进行配置,需要修改一下几项:(mys ...

  2. squid+stunnel+用户密码认证的三种玩法

    没办法,应用越来越深入,就会越来越多要求. squid+stunnel+用户密码认证的场景至少以下三个,我会遇到. 1,标准玩法 在服务器上建一个SQUID,加密码认证,然后,其它人通过它上网.(不要 ...

  3. AWS + Stunnel + Squid ***

    [需求] 第一,能***. 第二,在企业网络要能突破端口限制. [原理] 利用AWS提供的一年免费EC2服务,搭建一台自己的VPS,在VPS中利用Stunnel与本机建立加密连接,将本地http请求通 ...

  4. stunnel-server

    #!/bin/bash # need to be run as root ]]; then echo "must to be run as root" exit fi # givi ...

  5. 【原】基于64位Centos6.2的mcrouter使用简介

    此文转载必须注明原文地址,请尊重作者的劳动成果!  http://www.cnblogs.com/lyongerr/p/5040071.html 目录 文档控制... 2 1 mcrouter简介.. ...

  6. 用ccproxy + stunnel做个加密代理

    https://www.stunnel.org/downloads.html ccproxy + stunnel做个加密http代理和socks5代理 目前国内用户无法访问某些国外网站,如http:/ ...

  7. stunnel+CCProxy,搭建加密代理

    总所周知,不可抗拒的特别有用心的原因,我们无法访问youtube,picasa,Twitter……国外优秀网站,很多人采用了代理服务器的方法访问. 如果您有一台放在海外的服务器,这个就好办了.下载一个 ...

  8. Windows系统Stunnel客户端的配置

    Stunnel官方就有Windows版本,到下面的地址下载: https://www.stunnel.org/downloads.html 选择”stunnel-X.XX-installer.exe“ ...

  9. Stunnel使用

     建立加密隧道 使用 Stunnel 建立加密隧道 附件中的 Server 和 Clinet 都是已经配置好了的,只需修改 Server 的 stunnel.conf 的 connect 为实际的ip ...

随机推荐

  1. java动手动脑和课后实验型问题

    1.以下代码的输出结果是什么?为什么会有这个结果? int[] a = { 5, 7, 20 }; System.out.println("a数组中的元素:"); // 循环输出a ...

  2. failed to open the runspace pool. the server manager winrm plug-in might be corrupted or missing

    添加对127.0.0.1的监听 netsh http add iplisten 127.0.0.01 添加完后的效果

  3. equals和“==”

    Integer a = new Integer("3"); Integer b = new Integer(3); System.out.println(a==b); System ...

  4. imx6 gpio irq

    /***************************************************************** * gpio irq * * 一直以来都没了解过gpio的irq, ...

  5. Linux学习 :移植U-boot_2016.09到JZ2440开发板

    一.下载源码:ftp://ftp.denx.de/pub/u-boot/ 二.初始化编译: ①新建一个单板: cd board/samsung/ cp smdk2410 smdk2440 -rf   ...

  6. powershell字符界面的,powershell加WPF界面的,2048游戏

    ------[序言]------ 1 2048游戏,有段时间很火,我在地铁上看有人玩过.没错,坐地铁很无聊,人家玩我就一直盯着看. 2 我在电脑上找了一个,试玩了以下,没几次格子就满了.我就气呼呼的放 ...

  7. 用ant组建测试框架

    有时候由于公司网络或其它原因,无法采用maven,这时ant是一个比较理想的选择.以下是以ant为例,搭建一个测试框架 项目结构如下图: build.properties代码如下: # The sou ...

  8. Linux 命令 find

    find命令的基本格式是:find [路径] [选项] [操作]路径是find命令所查找的范围,如用.来表示当前目录,用/来表示根目录,选项用于指定查找条件,如:可以指定按照文件的属主,更改时间文件类 ...

  9. 在非spring组件中注入spring bean

    1.在spring中配置如下<context:spring-configured/>     <context:load-time-weaver aspectj-weaving=&q ...

  10. JS刷新父窗口的几种方式

    浮层内嵌iframe及frame集合窗口,刷新父页面的多种方法   <script language=JavaScript>       parent.location.reload(); ...