[squid-users] Configuring squid to work as an HTTPS proxy
Yuri Voinov
yvoinov at gmail.com
Mon Jun 20 14:41:53 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You using wrong and extremal unspecific manual.
Feel free to use our good manuals:
http://wiki.squid-cache.org/ConfigExamples
20.06.2016 20:02, Jobin George пишет:
>
> Hi,
>
>
>
> I am trying to setup squid3 as an HTTPS proxy using the tutorial given
[here][1]. I have properly setup the proxy settings in my browser and
when I try to hit **HTTP** web sites, I am able to connect successfully.
However, I keep getting a "Connection timed out error" whenever I hit an
**HTTPS** protocol web site and the following error in my
`/var/log/squid3/cache.log`:
>
>
>
> 2016/06/20 19:12:47| NF getsockopt(SO_ORIGINAL_DST) failed on
local=<local_ip_address>:3129 remote=<remote_ip_address>:55209 FD 8
flags=33: (92) Protocol not available
>
>
>
> Here is my /etc/squid3/squid.conf file (commented lines removed for
brevity):
>
>
>
>
--------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth
/usr/etc/passwd
>
> auth_param basic casesensitive off
>
> auth_param basic credentialsttl 2 hours
>
>
>
> acl user_auth proxy_auth REQUIRED
>
>
>
> http_access allow user_auth
>
>
>
> acl SSL_ports port 443
>
> acl Safe_ports port 80 # http
>
> acl Safe_ports port 21 # ftp
>
> acl Safe_ports port 443 # https
>
> acl Safe_ports port 70 # gopher
>
> acl Safe_ports port 210 # wais
>
> acl Safe_ports port 1025-65535 # unregistered ports
>
> acl Safe_ports port 280 # http-mgmt
>
> acl Safe_ports port 488 # gss-http
>
> acl Safe_ports port 591 # filemaker
>
> acl Safe_ports port 777 # multiling http
>
> acl CONNECT method CONNECT
>
>
>
> http_access allow localhost
>
> http_access allow all
>
> http_port 3127
>
>
>
> https_port 3129 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB key=/etc/squid3/example.com.private
cert=/etc/squid3/example.com.cert
>
>
>
> ssl_bump server-first all
>
> sslproxy_flags DONT_VERIFY_PEER
>
> sslproxy_cert_error deny all
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
>
> coredump_dir /var/spool/squid3
>
>
>
> refresh_pattern ^ftp: 1440 20% 10080
>
> refresh_pattern ^gopher: 1440 0% 1440
>
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>
> refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
>
> refresh_pattern . 0 20% 4320
>
>
>
> always_direct allow all
>
>
>
>
--------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
>
>
> I have spent a lot of time googling this error but could not arrive at
a solution which would configure squid as an HTTP proxy. How do I get
this working?
>
>
>
>
>
> [1]: https://smoothnet.org/squid-proxy-with-ssl-bump/
>
>
>
> Thanks & Regards
>
> Jobin
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEbBAEBCAAGBQJXaACxAAoJENNXIZxhPexGb7gH+Iq3mOmeCH6memj7NKb2Yazo
I1PfzpjOi5/sh0gGfGEw2KG0nknT7Y4G7G6V6QxLH00PSlauUZ9syzsYmdWiImvA
o0Q8Aw5xyMUjhxVvVjl/ExJZdhUj86m+kruav6osArPdJGaLOpXiyhhvNef3zD0A
3d2D1xJhZP/JLYQUzDxssLxuphPxv8rx44e9H2MpoRN7llLFOEzURInVHwUNPrOE
keY8fYjHYb2DKlvkI9fkkLj75j4tdQYmwQo+wiIbXIUOyejfIJKYR3DSR5zzXMxX
nLq1LiJ1cZt/exNUwQ/hpEdByfKC/J9NoCPn++9VRCBWHenoSDPrs90k3SQ4CQ==
=zzoL
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160620/41022c25/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160620/41022c25/attachment-0001.key>
More information about the squid-users
mailing list