overtls
install
prepare
准备公私钥对,申请证书,例如letsencrypt。
假设:
- server domain: xxx.example.com
- server host: xxx.xxx.xxx.xxx
- server port: 443
- server 私钥:/home/someusr/.cert/privkey.pem
- server 证书链: /home/someusr/.cert/fullchain.pem
- tunnel path: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- client port: 8888
生成 config.json
{
"tunnel_path": "/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/",
"server_settings": {
"certfile": "/home/someusr/.cert/fullchain.pem",
"keyfile": "/home/someusr/.cert/privkey.pem",
"forward_addr": "http://127.0.0.1:80",
"listen_host": "0.0.0.0",
"listen_port": 443
},
"client_settings": {
"server_host": "xxx.xxx.xxx.xxx",
"server_port": 443,
"server_domain": "xxx.example.com",
"listen_host": "127.0.0.1",
"listen_port": 8888
}
}
server
假设config.json存放路径为/etc/overtls/config.json
启动:
overtls -r server -c config.json
添加systemctl service
编辑 /etc/systemd/system/overtls.service:
[Unit]
Description=overtls
Documentation=overtls
After=network.target network-online.target nss-lookup.target
[Service]
Type=simple
StandardError=journal
ExecStart="overtls" -r server -c "/etc/overtls/config.json"
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=51200
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
启动:
systemctl daemon-reload
systemctl enable overtls.service
systemctl start overtls.service
client
overtls -r client -c config.json
