[squid-users] making proxy-int to talk to proxy-ext
Alex Rousskov
rousskov at measurement-factory.com
Tue Nov 26 16:59:37 UTC 2019
On 11/26/19 10:54 AM, robert k Wild wrote:
> as i have configured both internal proxy (non internet facing) and
> external proxy (internet facing) from source,
Please show the essential parts of both internal and external Squid
configurations for the broken setup (at least).
It is difficult to guess what went wrong because the guide you are
quoting does not talk about internal and external proxy instances _and_,
in most cases, simply adding a valid http_port line has no effect on
test cases that worked before -- the new port will be unused by the old
test traffic. It is not even clear which proxy you are adding the
SslBump configuration to.
Thank you,
Alex.
> followed this guide -
> https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>
> it works if i comment out the ssl lines -
>
> #SSL
> #http_port 3128 ssl-bump \
> #cert=/etc/squid/ssl_cert/myCA.pem \
> #generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> #sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
> /var/lib/ssl_db -M 4MB
> #acl step1 at_step SslBump1
> #ssl_bump peek step1
> #ssl_bump bump all
>
> but as soon as i uncomment them it breaks the link between both servers
>
> this is the error i get from the internal proxy when it tries to contact
> the external proxy
>
> https://i.postimg.cc/JzC29gh8/ssl.png
> --
> Regards,
>
> Robert K Wild.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list