[squid-users] HTTPS time out

legacybear aidan.campbell at sap.com
Mon Feb 29 12:02:53 UTC 2016 

Hello

I'm trying to set up a caching proxy server which can be used to cache rpms
and python packages using pip.
I have been able to cache rpms from the fedora repository using HTTP however
I have not been able download from other repos which use HTTPS or pip.

I also got this error however I am not sure how to fix it. 

2016/02/26 13:49:04 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.122.222:8081 remote=192.168.122.222:42626 FD 12 flags=33: (92)
Protocol not available
2016/02/26 13:49:04 kid1| ERROR: NAT/TPROXY lookup failed to locate original
IPs on local=192.168.122.222:8081 remote=192.168.122.222:42626 FD 12
flags=33

Is there anything I have missed?

Here is my squid.conf:

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access allow manager


# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

http_port 8080 

https_port 8081 cert=/etc/squid/squid_certs/squid.cert
key=/etc/squid/squid_certs/squid.private ssl-bump intercept
generate-host-certificates=on options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

ssl_bump stare all
ssl_bump bump all

maximum_object_size 2 GB
cache_dir aufs /var/spool/squid 35000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               129600 100% 129600

sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db
-M 4MB

cache_peer proxy.example.com parent 8080 0 no-query no-digest default
never_direct allow all



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-time-out-tp4676315.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list