Okay guys, it looks like squid is not listening on port 443, even though the https_port directive is set to it. I tried playing around with it and changed the port to a higher range, but same result. According to netstat, squid3 listens only to port 80 and 8000, which are set via the http_port directive, but somehow ignoring all the https_ports? Syslog / squid shows no binding / listening errors. Any ideas? Cheers, David On Fri, Jun 21, 2013 at 3:46 PM, David Mohl <dave@xxxxxxx> wrote: > Okay guys, > > it looks like squid is not listening on port 443, even though the https_port > directive is set to it. > I tried playing around with it and changed the port to a higher range, but > same result. > > According to netstat, squid3 listens only to port 80 and 8000, which are set > via the http_port directive, but somehow ignoring all the https_ports? > > Syslog / squid shows no binding / listening errors. > > Any ideas? > > > Cheers, > David > > > On Fri, Jun 21, 2013 at 2:17 PM, David Mohl <dave@xxxxxxx> wrote: >> >> Hey Squid users, >> >> For the last weeks, I've been fighting with Squid3 to get SSL running in a >> transparent environment. I followed multiple config guides but still seem to >> have problems getting the configuration running. My config file: >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 (tel://port 1025-65535) # unregistered >> ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl SSL method CONNECT >> acl CONNECT method CONNECT >> http_access deny !Safe_ports >> acl whitelist dstdomain "/etc/squid3/whitelist" >> http_access allow all whitelist >> http_access deny all >> >> # SSL Bump >> always_direct allow all >> ssl_bump allow all >> sslproxy_cert_error allow all >> sslproxy_flags DONT_VERIFY_PEER >> >> http_port 80 transparent >> http_port 8000 >> https_port 443 ssl-bump cert=/etc/squid3/ssl_cert/server.crt >> key=/etc/squid3/ssl_cert/server.key transparent >> coredump_dir /var/spool/squid3 >> >> >> Last week, using this configuration, I ended up getting "unknown protocol" >> errors, but I guess that was caused by something cached. When trying to use >> wget now, all I get is "connection refused". >> >> As far as I can tell, squid3 is correctly set up to listen to my https >> port, means it should at least give something else then "connection >> refused"? Maybe a certificate error on the client side? Or at least >> something. Ports (8080, 443, 80) are open and reachable . >> >> Any ideas on what I did wrong? >> >> >> Cheers, >> David >> >
