|
在第一個網誌寫了安裝stunnel + tinyproxy的流程,竟然有數百網友圍觀,出乎意料,
於是有了動力,決定編寫一鍵安裝腳本,方便需要的網友,也正好自己更換/新購vps
不用每次重複勞動,一舉两得 :) 代碼如下
[code]
#! /bin/bash
# author: twfcc@twitter
# $PROG: install_sslproxy.sh
# $Usage: $0 -s|--standard -n|--nat
# description: install stunnel+tinyproxy on NAT IPv4 Share VPS(OpenVZ) or Standard VPS(OpenVZ)
# Public Domain use as your own risk!
Usage="$0 -s|--standard -n|--nat"
msg1="-s or --standard install https proxy on standard openvz vps."
msg2="-n or --nat install https proxy on nat ipv4 share openvz vps"
argu=$1
# Are you root?
if [ $UID -ne 0 ] ; then
echo "You must be root to execute this script." >&2
exit 5
fi
# Check argument
case "$argu" in
-s|--standard) flag=0 ;;
-n|--nat) flag=1 ;;
*) printf "\n$Usage\n$msg1\n$msg2\n\n" >& 2
exit 6
;;
esac
# First, we need to install some component and update OS
apt-get update && apt-get upgrade -y
apt-get install build-essential -y
if ! which openssl &> /dev/null ; then
apt-get install openssl -y
fi
if ! which curl &> /dev/null ; then
apt-get install curl -y
fi
# get vps public IPv4
myip=$(curl -s v4.ifconfig.co)
# what is the type of this vps?
if [ $flag -ne 0 ] ; then
internal_ip=$(ifconfig venet0:0 \
| awk -F: '$2 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/{print $2}' \
| cut -d" " -f1)
port=$(echo -e ${internal_ip##*.})20 #nat-vps we use the last fixed port
else
pick=($(for i in {19901..19999} ;do echo $i ;done)) #ports from 19901-19999
count=${#pick[@]} #how many ports
port=${pick[$((RANDOM%count-1))]} #pick a random port
fi
# install stunnel and tinyproxy
apt-get install stunnel tinyproxy -y
# edit /etc/tinyproxy.conf ; just listen local port
tinyconf="/etc/tinyproxy.conf"
mv -f "$tinyconf" "$tinyconf".bak # backup orginal conf
sed 's/#Listen 192.168.0.1/Listen 127.0.0.1/' $tinyconf.bak > $tinyconf
service tinyproxy restart # restart tinyproxy
# setup stunnel ; generate self-signed certificate first
openssl genrsa -out privatekey.pem 2048
openssl req -new -x509 -key privatekey.pem -subj \
"/C=CN/ST=MyTunnel/L=Mytunnel/O=$myip/CN=$myip" \
-out publickey.pem -days 1095
#copy both pem together and make a crt for browser
if [ -e privatekey.pem ] && [ -e publickey.pem ] ; then
cat privatekey.pem publickey.pem > /etc/stunnel/stunnel.pem
cat publickey.pem > publickey.crt
fi
# we create stunnel.conf
cat >stunnel.conf<<EOF
client = no
debug = 7
output = /var/log/stunnel4/stunnel.log
[tinyproxy]
accept = $port
connect = 127.0.0.1:8888
cert = /etc/stunnel/stunnel.pem
EOF
mv -f stunnel.conf /etc/stunnel/
# set stunnel as a deamon
cp -f /etc/default/stunnel4 /etc/default/stunnel4.bak
sed -i 's/^ENABLED=0$/ENABLED=1/' /etc/default/stunnel4
service stunnel4 restart
if netstat -nlp | grep -i 'tinyproxy' &> /dev/null \
&& netstat -nlp | grep -i 'stunnel4' &> /dev/null
then
printf "HTTPS/SSL Proxy is running.\nCopy publickey.crt to browser.\n"
printf "\nYour IPv4:${myip}\n Port:${port}\nEnjoy!\n"
else
printf "Failed to install HTTPS/SSL proxy.\n" >&2
exit 1
fi
exit 0
[/code]
已在nat ipv4 share vps的debian 7/8 x86_64,ubuntu 14.04 x86,普通的vps
ubunbu 1404 x86,debian 8 x86_64成功通過測試,失敗的只有ubuntu 15.05,
這腳本會在nat-vps會選用供應商分配給你的20個端口最後一個:XXX20,前面的三
個數字是你的內網ip最後一組數字,腳本會自動找到,標準vps它會在19901-19999
之間隨機選一個端口,這避免太多人使用腳本安裝變成固定端口(其實沒幾人用,多餘
的做法),安裝前兼查一下該端口/該一段端口有否被佔用中,不然會錯誤
最後付上腳本下載連結
礙於編程功力,代碼非常難看,歡迎散播,改進,詢問和建議
我的twitter id: @twfcc
来自http://victor-notes.blogspot.com/2016/04/stunneltinyproxy_9.html
|
