[squid-users] Youtube wont work on squid

Baselsayeh Basel.sayeh at hotmail.com
Wed Mar 2 20:20:14 UTC 2016 

Thanks


Yuri Voinov wrote
> 02.03.16 2:34, Baselsayeh пишет:
>> Yuri Voinov wrote
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>   
>>> Did you read
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>>
>>> this first?
>>>
>>> Look once more to examples.
>>>
>>> 02.03.16 2:15, Baselsayeh пишет:
>>>> Yuri Voinov wrote
>>>> Seems to some else misconfiguration in peek-n-splice section.
>>>>
>>>> Where is your at_step peek definition?
>>>>
>>>> 02.03.16 2:08, Baselsayeh пишет:
>>>>>>> Yuri Voinov wrote
>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>> Hash: SHA256
>>>>>>>>
>>>>>>>> Aha.
>>>>>>>>
>>>>>>>> You must know, that stare is client initiated handshake. This is
>>> a bit
>>>>>>>> specific option, which is useless in most usecases (IMHO).
>>>>>>>>
>>>>>>>> More reliable configuration is peek then bump.
>>>>>>>>
>>>>>>>> Did you client (android) contains your cache CA public key?
>>>>>>>> _______________________________________________
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users at .squid-cache
>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>
>>>>>>>>
>>>>>>>> 0x613DEC46.asc (2K)
>>>>>>>>
>>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc>
>>>>>>> now new error after changing config to peek then bump
>>>>>>>
>>>>>>> access.log :  http://pastebin.com/j97k953r
>>>> <http://pastebin.com/j97k953r>
>>>>>>> cache.log :  http://pastebin.com/2jF6nqeM
>>>>>>> <http://pastebin.com/2jF6nqeM>
>>>>>>>
>>>>>>> squid.config :  http://pastebin.com/FDuHtCDD
>>>> <http://pastebin.com/FDuHtCDD>
>>>>>>> and now youtube works but when i enter a video it loads for a
>>> little bit
>>>>>>> then says
>>>>>>> "Connection to the server lost"
>>>>>>> "tap to retry"
>>>>>>>
>>>>>>> i tried more than 10 videos and none of them worked
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html
>>>>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>>>> _______________________________________________
>>>>>>> squid-users mailing list
>>>>>>>
>>>> squid-users at .squid-cache
>>>>
>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at .squid-cache
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>
>>>>>
>>>>> 0x613DEC46.asc (2K)
>>>>>
>>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc>
>>>> what do you mean?
>>>>
>>>> this?
>>>>
>>>> http_port 3428 intercept
>>>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>>>> key=/home/basel/squid/rootCAkey.key
>>>> ssl_bump peek all
>>>> ssl_bump bump all
>>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M
>>>> 200MB
>>>> sslcrtd_children 3 startup=1 idle=1
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html
>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>> _______________________________________________
>>>> squid-users mailing list
>>>>
>>> squid-users at .squid-cache
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>   
>>> iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6
>>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8
>>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/
>>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj
>>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT
>>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=
>>> =WmcI
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at .squid-cache
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>> 0x613DEC46.asc (2K)
>>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc>
>> it works now
>>
>> http_port 3428 intercept
>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>> key=/home/basel/squid/rootCAkey.key
>> acl step1 at_step SslBump1
>> acl step2 at_step SslBump2
>> acl step3 at_step SslBump3
>> ssl_bump peek step1
>> ssl_bump bump all
>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>> sslcrtd_children 3 startup=1 idle=1
>>
>> is it correct?
> Seems correct.
>>
>> do i need sslproxy_cafile?
> Not at all cases. By default openssl can take it own CA bundle installed 
> with it.
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>> _______________________________________________
>> squid-users mailing list
>> 

> squid-users at .squid-cache

>> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________
> squid-users mailing list

> squid-users at .squid-cache

> http://lists.squid-cache.org/listinfo/squid-users


Jorgeley wrote
> I'm not sure if this can solve the problem, but, in my squid.conf I deny
> youtube to cache using "cache_deny"
> 
> 2016-03-02 3:04 GMT-03:00 Yuri Voinov <

> yvoinov@

> >:
> 
>>
>>
>> 02.03.16 2:34, Baselsayeh пишет:
>>
>>> Yuri Voinov wrote
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>>   Did you read
>>>>
>>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>>>
>>>> this first?
>>>>
>>>> Look once more to examples.
>>>>
>>>> 02.03.16 2:15, Baselsayeh пишет:
>>>>
>>>>> Yuri Voinov wrote
>>>>> Seems to some else misconfiguration in peek-n-splice section.
>>>>>
>>>>> Where is your at_step peek definition?
>>>>>
>>>>> 02.03.16 2:08, Baselsayeh пишет:
>>>>>
>>>>>> Yuri Voinov wrote
>>>>>>>>
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> Hash: SHA256
>>>>>>>>>
>>>>>>>>> Aha.
>>>>>>>>>
>>>>>>>>> You must know, that stare is client initiated handshake. This is
>>>>>>>>>
>>>>>>>> a bit
>>>>
>>>>> specific option, which is useless in most usecases (IMHO).
>>>>>>>>>
>>>>>>>>> More reliable configuration is peek then bump.
>>>>>>>>>
>>>>>>>>> Did you client (android) contains your cache CA public key?
>>>>>>>>> _______________________________________________
>>>>>>>>> squid-users mailing list
>>>>>>>>> squid-users at .squid-cache
>>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 0x613DEC46.asc (2K)
>>>>>>>>>
>>>>>>>>> <
>>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc&gt
>>>> ;
>>>>
>>>>> now new error after changing config to peek then bump
>>>>>>>>
>>>>>>>> access.log :  http://pastebin.com/j97k953r
>>>>>>>>
>>>>>>> <http://pastebin.com/j97k953r>
>>>>>
>>>>>> cache.log :  http://pastebin.com/2jF6nqeM
>>>>>>>> <http://pastebin.com/2jF6nqeM>
>>>>>>>>
>>>>>>>> squid.config :  http://pastebin.com/FDuHtCDD
>>>>>>>>
>>>>>>> <http://pastebin.com/FDuHtCDD>
>>>>>
>>>>>> and now youtube works but when i enter a video it loads for a
>>>>>>>>
>>>>>>> little bit
>>>>
>>>>> then says
>>>>>>>> "Connection to the server lost"
>>>>>>>> "tap to retry"
>>>>>>>>
>>>>>>>> i tried more than 10 videos and none of them worked
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>>
>>>>>>>
>>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html
>>>>
>>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>>>>> _______________________________________________
>>>>>>>> squid-users mailing list
>>>>>>>>
>>>>>>>> squid-users at .squid-cache
>>>>>
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> squid-users mailing list
>>>>>> squid-users at .squid-cache
>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>
>>>>>>
>>>>>> 0x613DEC46.asc (2K)
>>>>>>
>>>>>> <
>>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc&gt
>>>> ;
>>>>
>>>> what do you mean?
>>>>>
>>>>> this?
>>>>>
>>>>> http_port 3428 intercept
>>>>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>>>>> dynamic_cert_mem_cache_size=200MB
>>>>> cert=/home/basel/squid/rootCAcert.pem
>>>>> key=/home/basel/squid/rootCAkey.key
>>>>> ssl_bump peek all
>>>>> ssl_bump bump all
>>>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M
>>>>> 200MB
>>>>> sslcrtd_children 3 startup=1 idle=1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>>
>>>>
>>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html
>>>>
>>>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>>
>>>>> squid-users at .squid-cache
>>>>
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v2
>>>>   iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6
>>>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8
>>>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/
>>>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj
>>>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT
>>>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=
>>>> =WmcI
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at .squid-cache
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>>>
>>>> 0x613DEC46.asc (2K)
>>>> <
>>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc&gt
>>>> ;
>>>>
>>> it works now
>>>
>>> http_port 3428 intercept
>>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>>> key=/home/basel/squid/rootCAkey.key
>>> acl step1 at_step SslBump1
>>> acl step2 at_step SslBump2
>>> acl step3 at_step SslBump3
>>> ssl_bump peek step1
>>> ssl_bump bump all
>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>>> sslcrtd_children 3 startup=1 idle=1
>>>
>>> is it correct?
>>>
>> Seems correct.
>>
>>>
>>> do i need sslproxy_cafile?
>>>
>> Not at all cases. By default openssl can take it own CA bundle installed
>> with it.
>>
>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html
>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>> _______________________________________________
>>> squid-users mailing list
>>> 

> squid-users at .squid-cache

>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>
>> _______________________________________________
>> squid-users mailing list
>> 

> squid-users at .squid-cache

>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 
> 
> 
> --
> 
> _______________________________________________
> squid-users mailing list

> squid-users at .squid-cache

> http://lists.squid-cache.org/listinfo/squid-users





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676391.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list