[squid-users] Configuring squid to work as an HTTPS proxy

Yuri Voinov yvoinov at gmail.com
Mon Jun 20 14:41:53 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
You using wrong and extremal unspecific manual.

Feel free to use our good manuals:

http://wiki.squid-cache.org/ConfigExamples


20.06.2016 20:02, Jobin George пишет:
>
> Hi,
>
> 
>
> I am trying to setup squid3 as an HTTPS proxy using the tutorial given
[here][1]. I have properly setup the proxy settings in my browser and
when I try to hit **HTTP** web sites, I am able to connect successfully.
However, I keep getting a "Connection timed out error" whenever I hit an
**HTTPS** protocol web site and the following error in my
`/var/log/squid3/cache.log`:
>
> 
>
>     2016/06/20 19:12:47|  NF getsockopt(SO_ORIGINAL_DST) failed on
local=<local_ip_address>:3129 remote=<remote_ip_address>:55209 FD 8
flags=33: (92) Protocol not available
>
> 
>
> Here is my /etc/squid3/squid.conf file (commented lines removed for
brevity):
>
> 
>
>
--------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> 
>
>     auth_param basic program /usr/lib/squid3/basic_ncsa_auth
/usr/etc/passwd
>
>     auth_param basic casesensitive off
>
>     auth_param basic credentialsttl 2 hours
>
> 
>
>     acl user_auth proxy_auth REQUIRED
>
> 
>
>     http_access allow user_auth
>
> 
>
>     acl SSL_ports port 443
>
>     acl Safe_ports port 80          # http
>
>     acl Safe_ports port 21          # ftp
>
>     acl Safe_ports port 443         # https
>
>     acl Safe_ports port 70          # gopher
>
>     acl Safe_ports port 210         # wais
>
>     acl Safe_ports port 1025-65535  # unregistered ports
>
>     acl Safe_ports port 280         # http-mgmt
>
>     acl Safe_ports port 488         # gss-http
>
>     acl Safe_ports port 591         # filemaker
>
>     acl Safe_ports port 777         # multiling http
>
>     acl CONNECT method CONNECT
>
> 
>
>     http_access allow localhost
>
>     http_access allow all
>
>     http_port 3127
>
> 
>
>     https_port 3129 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB key=/etc/squid3/example.com.private
cert=/etc/squid3/example.com.cert
>
> 
>
>     ssl_bump server-first all
>
>     sslproxy_flags DONT_VERIFY_PEER
>
>     sslproxy_cert_error deny all
>
>     sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
>
>     coredump_dir /var/spool/squid3
>
> 
>
>     refresh_pattern ^ftp:           1440    20%     10080
>
>     refresh_pattern ^gopher:        1440    0%      1440
>
>     refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
>
>     refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
>
>     refresh_pattern .               0       20%     4320
>
> 
>
>     always_direct allow all
>
>           
>
>
--------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> 
>
> 
>
> I have spent a lot of time googling this error but could not arrive at
a solution which would configure squid as an HTTP proxy. How do I get
this working?
>
> 
>
> 
>
> [1]: https://smoothnet.org/squid-proxy-with-ssl-bump/
>
> 
>
> Thanks & Regards
>
> Jobin
>
> 
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEbBAEBCAAGBQJXaACxAAoJENNXIZxhPexGb7gH+Iq3mOmeCH6memj7NKb2Yazo
I1PfzpjOi5/sh0gGfGEw2KG0nknT7Y4G7G6V6QxLH00PSlauUZ9syzsYmdWiImvA
o0Q8Aw5xyMUjhxVvVjl/ExJZdhUj86m+kruav6osArPdJGaLOpXiyhhvNef3zD0A
3d2D1xJhZP/JLYQUzDxssLxuphPxv8rx44e9H2MpoRN7llLFOEzURInVHwUNPrOE
keY8fYjHYb2DKlvkI9fkkLj75j4tdQYmwQo+wiIbXIUOyejfIJKYR3DSR5zzXMxX
nLq1LiJ1cZt/exNUwQ/hpEdByfKC/J9NoCPn++9VRCBWHenoSDPrs90k3SQ4CQ==
=zzoL
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160620/41022c25/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160620/41022c25/attachment-0001.key>


More information about the squid-users mailing list