[squid-users] Establishing secure conection problems (Chrome)
William Ivanski
william.ivanski at gmail.com
Thu Jun 2 13:35:10 UTC 2016
Thank you for your quick response.
First of all forgive me for the lack of information in the first
email. I've tried to disable QUIC a few minutes ago and the problem
persists. Follow the information requested:
-> Compilation:
I've installed squid using the following commands:
cd /usr/src
apt-get install squid3
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.15-20160330-r14015.tar.gz
tar xvzf squid-3.5.15-20160330-r14015.tar.gz
cd squid-3.5.15-20160330-r14015
apt-get build-dep squid3 && apt-get install build-essential libssl-dev
./configure --enable-icap-client --enable-ssl --enable-ssl-crtd
--prefix=/usr --includedir=/usr/include --mandir=/usr/share/man
--infodir=/usr/share/info --sysconfdir=/etc --localstatedir=/var
--libexecdir=/lib/squid3 --srcdir=. --datadir=/usr/share/squid3
--sysconfdir=/etc/squid3 --mandir=/usr/share/man
--with-default-user=squid --with- cppunit-config-basedir=/usr
--with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid
--with-openssl --disable-optimizations --disable-arch-native
service squid3 stop
make all && make install
useradd squid && chown -R squid:squid /var/log/squid3
mv /usr/sbin/squid3 /usr/sbin/squid3.old && mv/usr/sbin/squid
/usr/sbin/squid3
/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db -M 4 MB
chown -R squid:squid /var/lib/ssl_db
service squid3 restart && service squid3 stop && chmod 777
/var/spool/squid3 && squid3 -z && service squid3 restart
OBS: We're not using ssl_crtd/ssl_db anymore. Our previous squid conf
was using intercept, but the actual one isn't configured as
transparent proxy.
-> Platform of the gateway:
Distributor ID: Debian
Description: Debian GNU/Linux 8.4 (jessie)
Release: 8.4
Codename: jessie
-> Squid:
Squid Cache: Version 3.5.15-20160324-r14011
Service Name: squid
configure options: '--enable-icap-client' '--enable-ssl'
'--enable-ssl-crtd' '--prefix=/usr' '--includedir=/usr/include'
'--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=/lib/squid3' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
'--with-default-user=squid' '--with-cppunit-config-basedir=/usr'
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid'
'--with-openssl' '--disable-arch-native'
-> Squid.conf:
http_port 3128
visible_hostname gateway
cache_mgr william at planningservice.com.br
error_directory /usr/share/squid3/errors/Portuguese
access_log /var/log/squid3/access.log
hierarchy_stoplist cgi-bin ?
cache_mem 2048 MB
maximum_object_size_in_memory 100 MB
cache_dir ufs /var/spool/squid3 307200 16 256
maximum_object_size 4096 MB
minimum_object_size 0 MB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 360 20% 2280
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 2280
cache_log /var/log/squid3/cache.log
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24
acl localnetd dst 192.168.0.0/24
acl manager proto cache_object
http_access allow manager localhost
http_access deny manager
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 80
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 443
acl Safe_ports port 488
acl Safe_ports port 563
acl Safe_ports port 591
acl Safe_ports port 631
acl Safe_ports port 777
acl Safe_ports port 873
acl Safe_ports port 901
acl Safe_ports port 1025-65535
http_access deny !Safe_ports
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 873
acl connect method CONNECT
http_access deny connect !SSL_ports
acl FTP proto FTP
always_direct allow FTP
acl reqliberacaotmp src "/etc/firewall/ips_liberados_tmp.txt"
acl reqliberacaofixo src "/etc/firewall/ips_liberados_fixo.txt"
http_access allow reqliberacaotmp reqliberacaofixo
acl sitesliberadosfixo dstdom_regex -i "/etc/firewall/sites_liberados_fixo.txt"
acl sitesliberadostmp dstdom_regex -i "/etc/firewall/sites_liberados_tmp.txt"
acl almoco time MTWHF 11:50-13:30
acl manha time MTWHF 00:01-08:30
acl noite time MTWHF 18:00-23:59
http_access allow localhost sitesliberadosfixo
http_access allow localhost sitesliberadostmp
http_access allow localnet sitesliberadosfixo
http_access allow localnet sitesliberadostmp
http_access allow localhost almoco
http_access allow localnet almoco
http_access allow localhost manha
http_access allow localnet manha
http_access allow localhost noite
http_access allow localnet noite
http_access deny !sitesliberadosfixo !sitesliberadostmp
!reqliberacaotmp !reqliberacaofixo
http_access allow localhost
http_access allow localnet
http_access allow localnetd
http_access deny !localhost !localnet !localnetd
http_access deny all
I'll send access.log in next e-mail, otherwise message body will be too big.
William Ivanski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160602/22107335/attachment-0001.html>
More information about the squid-users
mailing list