#!/bin/bash

# need to be run as root
 ]]; then
    echo "must to be run as root"
    exit
fi

# giving user passwordless sudo privileges
who=`whoami`
myhomepath=$(cat /etc/passwd|grep $who|awk -F: '{print $6}')

# receive specific port from cmd,
PORT=${:-}

#install package
sudo apt-get install -y squid stunnel

# generate key, including client & server
cd /etc/stunnel

openssl req -new -x509 -days  -batch -nodes -config /usr/share/doc/stunnel4/examples/stunnel.cnf -out server.pem -keyout server.pem
openssl req -new -x509 -days  -batch -nodes -config /usr/share/doc/stunnel4/examples/stunnel.cnf -out client.pem -keyout client.pem

# modify (if not exist, will create) stunnel config
sudo cat <<EOF >/etc/stunnel/stunnel.conf
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
debug =
output = stunnel.log

cert = /etc/stunnel/server.pem
#sslVersion = SSLv3

verify =
CAfile = /etc/stunnel/client.pem

socket = r:TCP_NODELAY=
socket = l:TCP_NODELAY=

[squid]
accept = $PORT
connect =
EOF

# config squid
sudo sed -i -r "s/^#acl localnet src 10.0.0.0/acl localnet src 10.0.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src 172.16.0.0/acl localnet src 172.16.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src 192.168.0.0/acl localnet src 192.168.0.0/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src fc00::/acl localnet src fc00::/g" /etc/squid3/squid.conf
sudo sed -i -r "s/^#acl localnet src fe80::/acl localnet src fe80::/g" /etc/squid3/squid.conf
sudo sed -i -r "/acl Safe_ports port 777/a acl SSL_ports port 443 6667 7709 143 993 585 5223 29418 \\n" /etc/squid3/squid.conf
sudo sed -i -r "/acl CONNECT method CONNECT/a acl irc_port port 6667\\nacl irc dstdomain irc.freenode.net\\nhttp_access allow irc irc_port \\n" /etc/squid3/squid.conf

# important...
sed -i -r "s/ENABLED=0/ENABLED=1/g" /etc/default/stunnel4

# restart service
sudo service stunnel4 restart