Difference between revisions of "SSL Tunnel: Ubuntu Setup"
Onnowpurbo (talk | contribs) (Created page with "sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu Setup SSL Tunnel Using Stunnel on Ubuntu The Stunnel program is...") |
Onnowpurbo (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu | sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu | ||
| − | + | stunnel di rancang untuk menjadi wrapper SSL encryption antara client dan server. Bisa digunakan untuk menambahkan fungi SSL dalam sebuah sambungan. Pad dasarnya, stunnel membuat sebuah TCP port yang tidak secure menjadi sebuah port encrypted yang secure menggunakan package cryptography OpenSSL. | |
| − | + | Dalam bahasa yang lebih sederhana stunnel adalah proxy server SSL untuk berbagai proxy traffic yang tidak secure, agar menjadis secure. Sekedar gambaran, proxy yang normal seperti Squid biasanya tidak akan mem-proxy traffic SSL. | |
| − | |||
| − | + | ==Instalasi== | |
| − | apt | + | apt update |
| + | apt install stunnel4 -y | ||
| − | + | ==Buat SSL Certificate== | |
| − | + | openssl genrsa -out key.pem 2048 | |
| + | openssl req -new -x509 -key key.pem -out cert.pem -days 1095 | ||
| + | cat key.pem cert.pem >> /etc/stunnel/stunnel.pem | ||
| − | + | ==Konfigurasi== | |
| − | + | vi /etc/stunnel/stunnel.conf | |
| − | |||
| − | |||
| − | + | Isi kira-kira | |
| − | + | client = no | |
| + | [squid] | ||
| + | accept = 8888 | ||
| + | connect = 127.0.0.1:3128 | ||
| + | cert = /etc/stunnel/stunnel.pem | ||
| − | + | Catatan: | |
| − | + | * client = no sebetulnya tidak di perlukan | |
| − | client = no | + | * stunnel default adalah server mode. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file | Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file | ||
| − | ENABLED=1 | + | ENABLED=1 |
Finally, restart Stunnel for configuration to take effect, using this command: | Finally, restart Stunnel for configuration to take effect, using this command: | ||
| − | /etc/init.d/stunnel4 restart | + | /etc/init.d/stunnel4 restart |
5.Install Squid Proxy | 5.Install Squid Proxy | ||
| − | apt-get install squid3 -y | + | apt-get install squid3 -y |
| − | Configure Stunnel in Client | + | ==Configure Stunnel in Client== |
Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client. | Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client. | ||
| Line 55: | Line 53: | ||
So “stunnel.conf” file in the client should look like this: | So “stunnel.conf” file in the client should look like this: | ||
| − | cert = stunnel.pem | + | cert = stunnel.pem |
| − | client = yes | + | client = yes |
| − | [squid] | + | [squid] |
| − | accept = 127.0.0.1:8080 | + | accept = 127.0.0.1:8080 |
| − | connect = [Server’s Public IP]:8888 | + | connect = [Server’s Public IP]:8888 |
Save and close the file and run “stunnel.exe”. | Save and close the file and run “stunnel.exe”. | ||
| Line 76: | Line 74: | ||
* [[SSL Tunnel]] | * [[SSL Tunnel]] | ||
| + | * [[Ssl tunnel]] | ||
Latest revision as of 06:28, 1 December 2018
sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
stunnel di rancang untuk menjadi wrapper SSL encryption antara client dan server. Bisa digunakan untuk menambahkan fungi SSL dalam sebuah sambungan. Pad dasarnya, stunnel membuat sebuah TCP port yang tidak secure menjadi sebuah port encrypted yang secure menggunakan package cryptography OpenSSL.
Dalam bahasa yang lebih sederhana stunnel adalah proxy server SSL untuk berbagai proxy traffic yang tidak secure, agar menjadis secure. Sekedar gambaran, proxy yang normal seperti Squid biasanya tidak akan mem-proxy traffic SSL.
Instalasi
apt update apt install stunnel4 -y
Buat SSL Certificate
openssl genrsa -out key.pem 2048 openssl req -new -x509 -key key.pem -out cert.pem -days 1095 cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
Konfigurasi
vi /etc/stunnel/stunnel.conf
Isi kira-kira
client = no [squid] accept = 8888 connect = 127.0.0.1:3128 cert = /etc/stunnel/stunnel.pem
Catatan:
- client = no sebetulnya tidak di perlukan
- stunnel default adalah server mode.
Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file
ENABLED=1
Finally, restart Stunnel for configuration to take effect, using this command:
/etc/init.d/stunnel4 restart
5.Install Squid Proxy
apt-get install squid3 -y
Configure Stunnel in Client
Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client.
Install Stunnel on your choice of OS. Then go to the Stunnel folder and move the downloaded certificate “stunnel.pem” to Stunnel folder.
So “stunnel.conf” file in the client should look like this:
cert = stunnel.pem client = yes [squid] accept = 127.0.0.1:8080 connect = [Server’s Public IP]:8888
Save and close the file and run “stunnel.exe”.
That’s it. Now when we want to connect to Squid proxy on our cloud server, we must configure our client to connect to 127.0.0.1:8080, and Stunnel automatically connects us through a secure tunnel to the service specified for that port.
Referensi
- https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
- https://raiyanlive.wordpress.com/2017/08/21/set-up-ssl-tunnel-using-stunnel-on-ubuntu/