[squid-users] Youtube wont work on squid

Yuri Voinov yvoinov at gmail.com
Wed Mar 2 06:04:05 UTC 2016 


02.03.16 2:34, Baselsayeh пишет:
> Yuri Voinov wrote
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>   
>> Did you read
>>
>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>
>> this first?
>>
>> Look once more to examples.
>>
>> 02.03.16 2:15, Baselsayeh пишет:
>>> Yuri Voinov wrote
>>> Seems to some else misconfiguration in peek-n-splice section.
>>>
>>> Where is your at_step peek definition?
>>>
>>> 02.03.16 2:08, Baselsayeh пишет:
>>>>>> Yuri Voinov wrote
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA256
>>>>>>>
>>>>>>> Aha.
>>>>>>>
>>>>>>> You must know, that stare is client initiated handshake. This is
>> a bit
>>>>>>> specific option, which is useless in most usecases (IMHO).
>>>>>>>
>>>>>>> More reliable configuration is peek then bump.
>>>>>>>
>>>>>>> Did you client (android) contains your cache CA public key?
>>>>>>> _______________________________________________
>>>>>>> squid-users mailing list
>>>>>>> squid-users at .squid-cache
>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>
>>>>>>>
>>>>>>> 0x613DEC46.asc (2K)
>>>>>>>
>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc>
>>>>>> now new error after changing config to peek then bump
>>>>>>
>>>>>> access.log :  http://pastebin.com/j97k953r
>>> <http://pastebin.com/j97k953r>
>>>>>> cache.log :  http://pastebin.com/2jF6nqeM
>>>>>> <http://pastebin.com/2jF6nqeM>
>>>>>>
>>>>>> squid.config :  http://pastebin.com/FDuHtCDD
>>> <http://pastebin.com/FDuHtCDD>
>>>>>> and now youtube works but when i enter a video it loads for a
>> little bit
>>>>>> then says
>>>>>> "Connection to the server lost"
>>>>>> "tap to retry"
>>>>>>
>>>>>> i tried more than 10 videos and none of them worked
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html
>>>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>>> _______________________________________________
>>>>>> squid-users mailing list
>>>>>>
>>> squid-users at .squid-cache
>>>
>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at .squid-cache
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>>>
>>>> 0x613DEC46.asc (2K)
>>>>
>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc>
>>> what do you mean?
>>>
>>> this?
>>>
>>> http_port 3428 intercept
>>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>>> key=/home/basel/squid/rootCAkey.key
>>> ssl_bump peek all
>>> ssl_bump bump all
>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>>> sslcrtd_children 3 startup=1 idle=1
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html
>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>> _______________________________________________
>>> squid-users mailing list
>>>
>> squid-users at .squid-cache
>>> http://lists.squid-cache.org/listinfo/squid-users
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>   
>> iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6
>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8
>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/
>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj
>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT
>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=
>> =WmcI
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at .squid-cache
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>> 0x613DEC46.asc (2K)
>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc>
> it works now
>
> http_port 3428 intercept
> https_port 3429 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
> key=/home/basel/squid/rootCAkey.key
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl step3 at_step SslBump3
> ssl_bump peek step1
> ssl_bump bump all
> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
> sslcrtd_children 3 startup=1 idle=1
>
> is it correct?
Seems correct.
>
> do i need sslproxy_cafile?
Not at all cases. By default openssl can take it own CA bundle installed 
with it.
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list