Difference between revisions of "SSL Tunnel: Ubuntu Setup"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu Setup SSL Tunnel Using Stunnel on Ubuntu The Stunnel program is...")
 
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
  
Setup SSL Tunnel Using Stunnel on Ubuntu
+
stunnel di rancang untuk menjadi wrapper SSL encryption antara client dan server. Bisa digunakan untuk menambahkan fungi SSL dalam sebuah sambungan. Pad dasarnya, stunnel membuat sebuah TCP port yang tidak secure menjadi sebuah port encrypted yang secure menggunakan package cryptography OpenSSL.
  
The Stunnel program is designed to work as an SSL encryption wrapper between remote client and server. It can be used to add SSL functionality.
+
Dalam bahasa yang lebih sederhana stunnel adalah proxy server SSL untuk berbagai proxy traffic yang tidak secure, agar menjadis secure. Sekedar gambaran, proxy yang normal seperti Squid biasanya tidak akan mem-proxy traffic SSL.
  
What Stunnel basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography.
 
  
1.Update & Upgrade Ubuntu
+
==Instalasi==
  
apt-get update && apt-get upgrade
+
apt update
 +
apt install stunnel4 -y
  
2.Install Stunnel on VPS
+
==Buat SSL Certificate==
  
apt-get install stunnel4 -y
+
openssl genrsa -out key.pem 2048
 +
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
 +
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
  
3.Create SSL Certificate
+
==Konfigurasi==
  
openssl genrsa -out key.pem 2048
+
vi /etc/stunnel/stunnel.conf
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
 
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
 
  
4.configure Stunnel on VPS
+
Isi kira-kira
  
vim /etc/stunnel/stunnel.conf
+
client = no
 +
[squid]
 +
accept = 8888
 +
connect = 127.0.0.1:3128
 +
cert = /etc/stunnel/stunnel.pem
  
So overall the “stunnel.conf” file must contain the lines below:
+
Catatan:
 
+
* client = no sebetulnya tidak di perlukan
client = no
+
* stunnel default adalah server mode.
[squid]
 
accept = 8888
 
connect = 127.0.0.1:3128
 
cert = /etc/stunnel/stunnel.pem
 
 
 
Note: The client = no part isn’t necessary, Stunnel by default is set to server mode.
 
  
 
Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file
 
Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file
  
ENABLED=1
+
ENABLED=1
  
 
Finally, restart Stunnel for configuration to take effect, using this command:
 
Finally, restart Stunnel for configuration to take effect, using this command:
  
/etc/init.d/stunnel4 restart
+
/etc/init.d/stunnel4 restart
  
 
5.Install Squid Proxy
 
5.Install Squid Proxy
  
apt-get install squid3 -y
+
apt-get install squid3 -y
  
Configure Stunnel in Client
+
==Configure Stunnel in Client==
  
 
Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client.
 
Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client.
Line 55: Line 53:
 
So “stunnel.conf” file in the client should look like this:
 
So “stunnel.conf” file in the client should look like this:
  
cert = stunnel.pem
+
cert = stunnel.pem
client = yes
+
client = yes
[squid]
+
[squid]
accept = 127.0.0.1:8080
+
accept = 127.0.0.1:8080
connect = [Server’s Public IP]:8888
+
connect = [Server’s Public IP]:8888
  
 
Save and close the file and run “stunnel.exe”.
 
Save and close the file and run “stunnel.exe”.
Line 76: Line 74:
  
 
* [[SSL Tunnel]]
 
* [[SSL Tunnel]]
 +
* [[Ssl tunnel]]

Latest revision as of 06:28, 1 December 2018

sumber: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu

stunnel di rancang untuk menjadi wrapper SSL encryption antara client dan server. Bisa digunakan untuk menambahkan fungi SSL dalam sebuah sambungan. Pad dasarnya, stunnel membuat sebuah TCP port yang tidak secure menjadi sebuah port encrypted yang secure menggunakan package cryptography OpenSSL.

Dalam bahasa yang lebih sederhana stunnel adalah proxy server SSL untuk berbagai proxy traffic yang tidak secure, agar menjadis secure. Sekedar gambaran, proxy yang normal seperti Squid biasanya tidak akan mem-proxy traffic SSL.


Instalasi

apt update
apt install stunnel4 -y

Buat SSL Certificate

openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

Konfigurasi

vi /etc/stunnel/stunnel.conf

Isi kira-kira

client = no
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

Catatan:

  • client = no sebetulnya tidak di perlukan
  • stunnel default adalah server mode.

Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file

ENABLED=1

Finally, restart Stunnel for configuration to take effect, using this command:

/etc/init.d/stunnel4 restart

5.Install Squid Proxy

apt-get install squid3 -y

Configure Stunnel in Client

Using a SFTP client such as Filezilla, connect to your server and download the “stunnel.pem” file located in “/etc/stunnel/” directory to the client.

Install Stunnel on your choice of OS. Then go to the Stunnel folder and move the downloaded certificate “stunnel.pem” to Stunnel folder.

So “stunnel.conf” file in the client should look like this:

cert = stunnel.pem
client = yes
[squid]
accept = 127.0.0.1:8080
connect = [Server’s Public IP]:8888

Save and close the file and run “stunnel.exe”.

That’s it. Now when we want to connect to Squid proxy on our cloud server, we must configure our client to connect to 127.0.0.1:8080, and Stunnel automatically connects us through a secure tunnel to the service specified for that port.


Referensi


Pranala Menarik