1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-22 05:09:36 +02:00

stunnel

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code.

Overview

domain ip:port country services
master 1.2.3.4:4911 Japan openvpn-server, stunnel-server
bridge 5.6.7.8:1194 China stunnel-client
N/A 192.168/16 China openvpn-client

Server Setup (Cloud)

# master server (Japan)
docker-compose up -d master

Client Setup (Cloud)

# bridge server (China)
docker-compose up -d bridge

Client Setup (Local)

File: /etc/stunnel/stunnel.conf

foreground = yes
client = yes

[openvpn]
accept = 127.0.0.1:1194
connect = 1.2.3.4:4911

Pro Tip: Running stunnel locally is faster.

OpenVPN Setup (Partial)

# For Cloud Setup
...
remote 5.6.7.8 1194 tcp
route 192.168.0.0 255.255.0.0 net_gateway
...
# For Local Setup
...
remote 127.0.0.1 1194 tcp
route 1.2.3.4 255.255.255.255 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway
....

For Gmail Forwarding

;debug = info
;output = /var/log/stunnel.log
foreground = yes
setuid = stunnel
setgid = stunnel
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995

[gmail-imap]
client = yes
accept = 127.0.0.1:143
connect = imap.gmail.com:993

[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
stream {
    server {
        listen               995 ssl;
        ssl_certificate      ssl/easypi.crt;
        ssl_certificate_key  ssl/easypi.key;
        ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers          HIGH:!aNULL:!MD5;
        proxy_pass           127.0.0.1:110;
        proxy_buffer_size    16k;
    }
    server {
        listen               993 ssl;
        ssl_certificate      ssl/easypi.crt;
        ssl_certificate_key  ssl/easypi.key;
        ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers          HIGH:!aNULL:!MD5;
        proxy_pass           127.0.0.1:143;
        proxy_buffer_size    16k;
    }
    server {
        listen               465 ssl;
        ssl_certificate      ssl/easypi.crt;
        ssl_certificate_key  ssl/easypi.key;
        ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers          HIGH:!aNULL:!MD5;
        proxy_pass           127.0.0.1:25;
        proxy_buffer_size    16k;
    }
}