[squid-users] Squid configuration cache_peer does not take effect?
Amos Jeffries
squid3 at treenet.co.nz
Tue Feb 4 09:48:18 UTC 2020
On 4/02/20 9:58 pm, yohan83942 wrote:
> There is nothing wrong now, I use Squid 5.0.1.
> The problem I have is that I want to let Squid access the Internet through
> an https proxy. The address is
> (http://192.168.1.101:10809 or https://192.168.1.101:10809 or
> socket5://192.168.1.101:10808),
>
> And Squid can cache https content, how to configure it? Hope to give a
> complete configuration.
An "HTTPS proxy" is very different from HTTPS traffic.
To send traffic over TLS to another proxy all you need is the "tls"
option (or any beginning with "tls-") on the cache_peer line. All
traffic to that peer will be encrypted now.
For extra security use the tls-cacert option to tell Squid exactly which
root CA should be used to verify that peer's server certificate, and
"tls-default-ca=off" to prevent other CAs being accepted.
Amos
More information about the squid-users
mailing list