1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00
dockerfiles/stunnel/README.md

125 lines
2.6 KiB
Markdown
Raw Normal View History

2016-07-11 07:14:59 +02:00
stunnel
=======
2016-07-11 07:57:48 +02:00
[Stunnel][1] is a proxy designed to add TLS encryption functionality to
existing clients and servers without any changes in the programs' code.
2016-07-11 07:14:59 +02:00
### Overview
domain | ip:port | country | services
-------| ------------ | ------- | ------------------------------
master | 1.2.3.4:4911 | Japan | openvpn-server, stunnel-server
bridge | 5.6.7.8:1194 | China | stunnel-client
N/A | 192.168/16 | China | openvpn-client
### Server Setup (Cloud)
```bash
# master server (Japan)
docker-compose up -d master
```
### Client Setup (Cloud)
```bash
# bridge server (China)
docker-compose up -d bridge
```
### Client Setup (Local)
File: /etc/stunnel/stunnel.conf
```ini
foreground = yes
client = yes
[openvpn]
accept = 127.0.0.1:1194
connect = 1.2.3.4:4911
```
> Pro Tip: Running stunnel locally is faster.
### OpenVPN Setup (Partial)
```ini
# For Cloud Setup
...
remote 5.6.7.8 1194 tcp
route 192.168.0.0 255.255.0.0 net_gateway
...
```
```ini
# For Local Setup
...
remote 127.0.0.1 1194 tcp
route 1.2.3.4 255.255.255.255 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway
....
```
2024-05-08 05:46:59 +02:00
-----------------------------------------
### For Gmail Forwarding
```ini
;debug = info
;output = /var/log/stunnel.log
foreground = yes
setuid = stunnel
setgid = stunnel
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
[gmail-imap]
client = yes
accept = 127.0.0.1:143
connect = imap.gmail.com:993
[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
```
```nginx
stream {
server {
listen 995 ssl;
ssl_certificate ssl/easypi.crt;
ssl_certificate_key ssl/easypi.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_pass 127.0.0.1:110;
proxy_buffer_size 16k;
}
server {
listen 993 ssl;
ssl_certificate ssl/easypi.crt;
ssl_certificate_key ssl/easypi.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_pass 127.0.0.1:143;
proxy_buffer_size 16k;
}
server {
listen 465 ssl;
ssl_certificate ssl/easypi.crt;
ssl_certificate_key ssl/easypi.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_pass 127.0.0.1:25;
proxy_buffer_size 16k;
}
}
```
2016-07-11 07:57:48 +02:00
[1]: https://www.stunnel.org/index.html