[squid-users] Trying to set up SSL cache
Dave Blanchard
dave at killthe.net
Thu Feb 24 02:26:11 UTC 2022
Hello, I'm trying to configure Squid as a HTTPS cache on my local computer, using ssl-bump. I've got it working as a basic proxy, but the traffic seems to just be tunneling through and not being cached. My web browser shows the site's actual certificate, rather than the locally generated self-signed certificate, which I want it to see. I have followed every tutorial I can find and none of them are helpful in figuring out what the hell is going on here. Here is what my config file looks like:
[...]
http_port 3128 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=32MB \
cert=/path/to/self-signed.pem \
key=/path/to/self-signed.pem
sslcrtd_program /usr/libexec/security_file_certgen -s /path/to/ssl-database -M 32MB
ssl_bump peek all
ssl_bump bump all
ssl_bump splice localhost
[...]
Otherwise, it's pretty much just the default config. The only thing that seems to halfway work is removing the line:
http_access deny CONNECT !SSL_ports
and changing to:
http_access deny CONNECT
With that change, an older Chromium just hangs trying to load the page, saying "Processing request." On a WebKit-based browser, I get a Squid 'Access Denied' error page. Another WebKit browser complains about the certificate, but when I tell it to continue anyway, it gives the same 'Access Denied' page. A newer Chromium stops right away with an untrusted SSL certificate error, and the details look like it's getting the self-signed certificate, as expected.
I've been battling this for hours and I'm at my wit's end. What am I doing wrong here? Thanks for any help.
--
Dave Blanchard <dave at killthe.net>
More information about the squid-users
mailing list