[squid-users] Youtube wont work on squid

Wed Mar 2 11:54:34 UTC 2016

I'm not sure if this can solve the problem, but, in my squid.conf I deny
youtube to cache using "cache_deny"

2016-03-02 3:04 GMT-03:00 Yuri Voinov <yvoinov at gmail.com>:

>
>
> 02.03.16 2:34, Baselsayeh пишет:
>
>> Yuri Voinov wrote
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>   Did you read
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>>
>>> this first?
>>>
>>> Look once more to examples.
>>>
>>> 02.03.16 2:15, Baselsayeh пишет:
>>>
>>>> Yuri Voinov wrote
>>>> Seems to some else misconfiguration in peek-n-splice section.
>>>>
>>>> Where is your at_step peek definition?
>>>>
>>>> 02.03.16 2:08, Baselsayeh пишет:
>>>>
>>>>> Yuri Voinov wrote
>>>>>>>
>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>> Hash: SHA256
>>>>>>>>
>>>>>>>> Aha.
>>>>>>>>
>>>>>>>> You must know, that stare is client initiated handshake. This is
>>>>>>>>
>>>>>>> a bit
>>>
>>>> specific option, which is useless in most usecases (IMHO).
>>>>>>>>
>>>>>>>> More reliable configuration is peek then bump.
>>>>>>>>
>>>>>>>> Did you client (android) contains your cache CA public key?
>>>>>>>> _______________________________________________
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users at .squid-cache
>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>
>>>>>>>>
>>>>>>>> 0x613DEC46.asc (2K)
>>>>>>>>
>>>>>>>> <
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc&gt
>>> ;
>>>
>>>> now new error after changing config to peek then bump
>>>>>>>
>>>>>>> access.log :  http://pastebin.com/j97k953r
>>>>>>>
>>>>>> <http://pastebin.com/j97k953r>
>>>>
>>>>> cache.log :  http://pastebin.com/2jF6nqeM
>>>>>>> <http://pastebin.com/2jF6nqeM>
>>>>>>>
>>>>>>> squid.config :  http://pastebin.com/FDuHtCDD
>>>>>>>
>>>>>> <http://pastebin.com/FDuHtCDD>
>>>>
>>>>> and now youtube works but when i enter a video it loads for a
>>>>>>>
>>>>>> little bit
>>>
>>>> then says
>>>>>>> "Connection to the server lost"
>>>>>>> "tap to retry"
>>>>>>>
>>>>>>> i tried more than 10 videos and none of them worked
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>>
>>>>>>
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html
>>>
>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>>>> _______________________________________________
>>>>>>> squid-users mailing list
>>>>>>>
>>>>>>> squid-users at .squid-cache
>>>>
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at .squid-cache
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>
>>>>>
>>>>> 0x613DEC46.asc (2K)
>>>>>
>>>>> <
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc&gt
>>> ;
>>>
>>> what do you mean?
>>>>
>>>> this?
>>>>
>>>> http_port 3428 intercept
>>>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>>>> key=/home/basel/squid/rootCAkey.key
>>>> ssl_bump peek all
>>>> ssl_bump bump all
>>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>>>> sslcrtd_children 3 startup=1 idle=1
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>>
>>>
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html
>>>
>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>> _______________________________________________
>>>> squid-users mailing list
>>>>
>>>> squid-users at .squid-cache
>>>
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>   iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6
>>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8
>>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/
>>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj
>>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT
>>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=
>>> =WmcI
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at .squid-cache
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>> 0x613DEC46.asc (2K)
>>> <
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc&gt
>>> ;
>>>
>> it works now
>>
>> http_port 3428 intercept
>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>> key=/home/basel/squid/rootCAkey.key
>> acl step1 at_step SslBump1
>> acl step2 at_step SslBump2
>> acl step3 at_step SslBump3
>> ssl_bump peek step1
>> ssl_bump bump all
>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>> sslcrtd_children 3 startup=1 idle=1
>>
>> is it correct?
>>
> Seems correct.
>
>>
>> do i need sslproxy_cafile?
>>
> Not at all cases. By default openssl can take it own CA bundle installed
> with it.
>
>
>>
>>
>>
>> --
>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160302/2467eb29/attachment-0001.html>