<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.yiv0837668946msonormal, li.yiv0837668946msonormal, div.yiv0837668946msonormal
{mso-style-name:yiv0837668946msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.yiv0837668946msochpdefault, li.yiv0837668946msochpdefault, div.yiv0837668946msochpdefault
{mso-style-name:yiv0837668946msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.yiv0837668946msohyperlink
{mso-style-name:yiv0837668946msohyperlink;}
span.yiv0837668946msohyperlinkfollowed
{mso-style-name:yiv0837668946msohyperlinkfollowed;}
span.yiv0837668946emailstyle17
{mso-style-name:yiv0837668946emailstyle17;}
p.yiv0837668946msonormal1, li.yiv0837668946msonormal1, div.yiv0837668946msonormal1
{mso-style-name:yiv0837668946msonormal1;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.yiv0837668946msohyperlink1
{mso-style-name:yiv0837668946msohyperlink1;
color:blue;
text-decoration:underline;}
span.yiv0837668946msohyperlinkfollowed1
{mso-style-name:yiv0837668946msohyperlinkfollowed1;
color:purple;
text-decoration:underline;}
span.yiv0837668946emailstyle171
{mso-style-name:yiv0837668946emailstyle171;
color:#1F497D;}
p.yiv0837668946msochpdefault1, li.yiv0837668946msochpdefault1, div.yiv0837668946msochpdefault1
{mso-style-name:yiv0837668946msochpdefault1;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello,
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yeah, that guide is for PFsense in particular, but you could run HAProxy by itself (say in a VM) and get the same result. Just fwd those ports from your router
to the HAProxy box. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>
Thanks!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> squid-users [mailto:squid-users-bounces@lists.squid-cache.org]
<b>On Behalf Of </b>j m<br>
<b>Sent:</b> Wednesday, May 03, 2017 3:14 PM<br>
<b>To:</b> squid-users@lists.squid-cache.org<br>
<b>Subject:</b> Re: [squid-users] HTTPS support<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div id="yui_3_16_0_ym19_1_1493838446403_5410">
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">Looks interesting, but it looks complex and sounds like I'd need more of a router than I have to do it.<o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5500">
<div id="yui_3_16_0_ym19_1_1493838446403_5499">
<div id="yui_3_16_0_ym19_1_1493838446403_5498">
<div id="yui_3_16_0_ym19_1_1493838446403_5666">
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">
<hr size="1" width="100%" align="center">
</span></div>
<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black"> "Craddock, Tommy" <<a href="mailto:Tommy.Craddock@bicgraphic.com">Tommy.Craddock@bicgraphic.com</a>><br>
<b>To:</b> "<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>" <<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>>
<br>
<b id="yui_3_16_0_ym19_1_1493838446403_5819">Sent:</b> Wednesday, May 3, 2017 2:04 PM<br>
<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5497">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div id="yiv0837668946">
<div id="yui_3_16_0_ym19_1_1493838446403_5496">
<div id="yui_3_16_0_ym19_1_1493838446403_5495">
<div id="yui_3_16_0_ym19_1_1493838446403_5664">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Hello,
</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5643">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5641">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Is this more in line with what your trying to do:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5640">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5520">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"><a href="http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate" target="_blank">http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate</a></span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5517">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5516">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">Tommy
</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5515">
<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div id="yiv0837668946yqt31524">
<div id="yui_3_16_0_ym19_1_1493838446403_5514">
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in" id="yui_3_16_0_ym19_1_1493838446403_5513">
<div id="yui_3_16_0_ym19_1_1493838446403_5512">
<p class="MsoNormal" style="background:white"><b><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Helvetica","sans-serif";color:black"> squid-users [<a href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>]
<b>On Behalf Of </b>j m<br>
<b>Sent:</b> Wednesday, May 03, 2017 2:44 PM<br>
<b id="yui_3_16_0_ym19_1_1493838446403_5821">To:</b> <a href="mailto:squid-users@lists.squid-cache.org">
squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5510">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_ym19_1_1493838446403_5494">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10881">
<div id="yui_3_16_0_ym19_1_1493838446403_5509">
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">In any case, I'm finding SSH through proxy is undesirable or not possible. I'm thinking shellinabox, which is insecure but run over
a secure proxy link, is my best bet.</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10900">
<div style="margin-bottom:12.0pt" id="yui_3_16_0_ym19_1_1493838446403_5507">
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> </span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10904">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10903">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10902">
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10901">
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-family:"Helvetica","sans-serif";color:black">
<hr size="1" width="100%" align="center">
</span></div>
<div id="yui_3_16_0_ym19_1_1493838446403_5504">
<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif";color:black"> Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
<b>To:</b> j m <<a href="mailto:acctforjunk@yahoo.com" target="_blank" id="yui_3_16_0_ym19_1_1493838446403_5502">acctforjunk@yahoo.com</a>>; "<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>" <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>>
<br>
<b id="yui_3_16_0_ym19_1_1493838446403_5823">Sent:</b> Wednesday, May 3, 2017 1:19 PM<br>
<b>Subject:</b> Re: [squid-users] HTTPS support</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10906">
<div id="yui_3_16_0_ym19_1_1493838446403_5501">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_10905">
<div id="yui_3_16_0_ym19_1_1493838446403_5493">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">On 05/03/2017 11:37 AM, j m wrote:<br>
> the plan was to use SSH through the proxy.<br>
<br>
If your SSH clients support SSH through an HTTP proxy, then do not<br>
authenticate them in Squid. Just do not let them go anywhere but the SSH<br>
server. It would be like running an exposed-to-the-world SSH server, no<br>
worse. Squid will still know nothing about SSH. Squid will just tunnel<br>
opaque bytes from your SSH clients to your SSH server. You will use an<br>
HTTP (not HTTPS) Squid port for this traffic because your SSH clients<br>
are unlikely to support HTTPS to the proxy.<br>
<br>
Your browsers will still use HTTPS to the proxy (and get authenticated).<br>
Thus, you will have two different http_ports, one for HTTP<br>
(unauthenticated SSH clients) and one for HTTPS (authenticated browsers).<br>
<br>
If SSH blocking is not based on _protocol_ but on port, then follow<br>
Antony Stone advice and change the SSH server port instead of<br>
HTTP-proxying SSH connections.<br>
<br>
Alex.<o:p></o:p></span></p>
</div>
<div id="yiv0837668946yqtfd64275">
<div style="margin-bottom:12.0pt">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
<br>
<br>
<br>
> ------------------------------------------------------------------------<br>
> *From:* Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
> *To:* "<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>"<br>
> <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" id="yiv0837668946yui_3_16_0_ym19_1_1493835252799_11003">squid-users@lists.squid-cache.org</a>><br>
> *Cc:* j m <<a href="mailto:acctforjunk@yahoo.com" target="_blank">acctforjunk@yahoo.com</a>><br>
> *Sent:* Wednesday, May 3, 2017 12:22 PM<br>
> *Subject:* Re: [squid-users] HTTPS support<br>
> <br>
> On 05/03/2017 10:57 AM, j m wrote:<br>
>> I wanted to set up a proxy on my home server for use from remote<br>
>> locations to use as a web proxy (of course) and also to run SSH over.<br>
> <br>
> The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.<br>
> <br>
> <br>
>> This means that basic auth is undesirable due to the login being sent<br>
>> in clear text. So, someone suggested digest auth, and I was happy.<br>
>> But, now I'm finding that PuTTY and WinSCP do not support digest auth.<br>
>> And consequently, I haven't found any other SSH clients that support<br>
>> digest. (sigh)<br>
> <br>
> These problems will go away if you stop mixing Squid and ssh. Squid is<br>
> HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use<br>
> the same authentication mechanism for both protocols in your use case.<br>
> <br>
> <br>
>> So, I'm back to plan b, and that is to have a secure proxy connection so<br>
>> all browser-to-server communication is encrypted.<br>
> <br>
> That is a good idea if all of your browsers support it. Popular browsers<br>
> support HTTPS-to-proxy on desktop, but I am not sure about their mobile<br>
> versions. You may have to jump through some hoops.<br>
> <br>
> <br>
> <br>
>> So the question is, does<br>
>> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?<br>
> <br>
> <br>
> Squid v3.5 supports secure connections to the proxy. See "TLS / SSL<br>
> Options" for the http_port directive (not the https_port directive!).<br>
> <br>
> You can install Squid v3.5 on Ubuntu. I do not know whether the official<br>
> Ubuntu Squid package is built with the required support.<br>
> <br>
> <br>
> HTH,<br>
> <br>
> Alex.<br>
> <br>
> <br>
> <br>
> <o:p></o:p></span></p>
</div>
</div>
</div>
<div style="margin-bottom:12.0pt">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email Security.cloud service.<br>
For more information please visit <a href="http://www.symanteccloud.com/" target="_blank">
http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email Security.cloud service.<br>
For more information please visit <a href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></span></p>
</div>
</div>
<div id="yqt93069">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email Security.cloud service.<br>
For more information please visit <a href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
</div>
<br clear="both">
______________________________________________________________________<BR>
This email has been scanned by the Symantec Email Security.cloud service.<BR>
For more information please visit http://www.symanteccloud.com<BR>
______________________________________________________________________<BR>
</body>
</html>