[squid-users] squid mitm

Niels Hofmans hello at ironpeak.be
Wed Nov 18 15:48:09 UTC 2020

Hi guys,

I am trying to setup squid with TLS intercaption on Docker in an alpine linux image.

My configuration is as follows:

access_log /dev/stdout

https_port \
  intercept \
  ssl-bump \
  cert=/ca.pem \
  generate-host-certificates=on \

sslcrtd_program /usr/lib/squid/security_file_certgen -s /cache/ssl.db -M 100MB
sslcrtd_children 5

ssl_bump server-first all
sslproxy_cert_error allow all

And the Dockerfile:

FROM alpine

RUN apk add -U --no-cache squid 
COPY cmd/config/ca.pem cmd/config/squid.conf /
RUN mkdir -p /cache \
    && /usr/lib/squid/security_file_certgen -c -s /cache/ssl.db -M 100MB

ENTRYPOINT ["/usr/sbin/squid”, “-f”, "/squid.conf”]

However, this always exits with following error:

proxy_1       | [00] 2020/11/18 15:38:27| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
proxy_1       | [00] 2020/11/18 15:38:27| FATAL: No valid signing certificate configured for HTTPS_port
proxy_1       | [00] 2020/11/18 15:38:27| Squid Cache (Version 4.13): Terminated abnormally.
proxy_1       | [00] CPU Usage: 0.036 seconds = 0.021 user + 0.014 sys
proxy_1       | [00] Maximum Resident Size: 42256 KB
proxy_1       | [00] Page faults with physical i/o: 0

And cmd/config <http://config.ca/>/ca.pem was created with the command from the wiki on macOS: openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout ca.pem -out ca.pem
Any ideas? Thanks!

Met vriendelijke groeten,
Niels Hofmans

SITE   https://ironpeak.be
BTW   BE0694785660
BANK BE76068909740795

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201118/ec8d5419/attachment.htm>

More information about the squid-users mailing list