|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 What does OpenVPN to SQUID ?! 21.04.15 7:17, snakeeyes пишет: > Thankx , I will tell u wt I did so far abd hope u help me in the directive squid needed : > > Mkdir /etc/openvpn/ > wget https://github.com/OpenVPN/easy-rsa-old/archive/master.zip > > unzip master > > cd easy-rsa-old-master/ > > > > cp -R easy-rsa/ /etc/openvpn/ > > > > cd /etc/openvpn/easy-rsa/2.0 > > chmod 755 * > > source ./vars > > ./vars > > ./clean-all > > > > ./build-ca > > > > ./build-key-server server > > > > ./build-dh > > > > Now I have the files : > > [root@squid keys]# ls -l > > total 76 > > -rw-r--r-- 1 root root 4120 Apr 20 17:51 01.pem > > -rw-r--r-- 1 root root 4006 Apr 20 17:52 02.pem > > -rw-r--r-- 1 root root 1383 Apr 20 17:51 ca.crt > > -rw------- 1 root root 912 Apr 20 17:51 ca.key > > -rw-r--r-- 1 root root 245 Apr 20 17:51 dh1024.pem > > -rw-r--r-- 1 root root 276 Apr 20 17:52 index.txt > > -rw-r--r-- 1 root root 21 Apr 20 17:52 index.txt.attr > > -rw-r--r-- 1 root root 21 Apr 20 17:51 index.txt.attr.old > > -rw-r--r-- 1 root root 136 Apr 20 17:51 index.txt.old > > -rw-r--r-- 1 root root 3 Apr 20 17:52 serial > > -rw-r--r-- 1 root root 3 Apr 20 17:51 serial.old > > -rw-r--r-- 1 root root 4120 Apr 20 17:51 server.crt > > -rw-r--r-- 1 root root 729 Apr 20 17:51 server.csr > > -rw------- 1 root root 920 Apr 20 17:51 server.key > > > > > > > > > > What do I need for squid directive ? > > > > Is what I did above is okay ? > > > > > > cheers > > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov > Sent: Monday, April 20, 2015 6:22 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: squid HTTPs as reverse proxy problem > > > > > Man, > > self-signed sertificate required only for SSL Bump (not pump :)). > > For SSL reverse proxy you need CA's signed server certificate. > > Feel the difference. > > 21.04.15 5:16, snakeeyes пишет: > > Hi all , I need a help in > > setting up squid for https reverse proxy > > > > > > > > > I mean I want to authorize the certificate on my pc so that > > be able to > > > > > acces https using http not tunnel method > > > > > > > > > I have searched a lot and most of docs mention ssl pump , but > > again im here > > > > > don't want ssl pump feature and all I need is just reverse > > proxy. > > > > > > > > > > > > > > > > > Here is steps that I did : > > > > > > > > > cd /etc/squid > > > > > > > > > > > > > > > > > openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 > > -subj > > > > > '/C=dsa/ST=asd/L=aaa/O=abcv/CN=abc' -keyout > > /etc/squid/abc.pem -out > > > > > > > > > /etc/squid/abc.pem > > > > > > > > > > > > > > > > > openssl x509 -in /etc/squid/abc.pem -outform DER -out > > /etc/squid/abc.der > > > > > > > > > > > > > > > > > whereis ssl_crtd > > > > > > > > > > > > > > > > > chown squid:squid /var/lib/ssl_db > > > > > > > > > > > > > > > > > after that edited squid.conf with : > > > > > > > > > > > > > > > > > https_port 443 cert=/etc/squid/abc.pem key=/etc/squid/abc.pem > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > then went to my browser and added abc.der as authorized > > certificates > > > > > > > > > > > > > > > > > when I connect to proxy I have erros logs : > > > > > > > > > > > > > > > > > 2015/04/20 15:44:18 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:44:19 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:44:21 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:44:23 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:47:01 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:53:44 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:53:46 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > 2015/04/20 15:53:47 kid1| Error negotiating SSL connection on > > FD 11: Success > > > > > (0) > > > > > > > > > > > > > > > > > > > > > > > > > Where could be the problem ? > > > > > > > > > > > > > > > > > > > > > > > > > Here is my squid config : > > > > > > > > > > > > > > > > > > > > > > > > > squid -v > > > > > > > > > Squid Cache: Version 3.5.1 > > > > > > > > > Service Name: squid > > > > > > > > > configure options: '--prefix=/usr' '--includedir=/include' > > > > > '--mandir=/share/man' '--infodir=/share/info' > > '--sysconfdir=/etc' > > > > > '--enable-cachemgr-hostname=drx' '--localstatedir=/var' > > > > > '--libexecdir=/lib/squid' '--disable-maintainer-mode' > > > > > '--disable-dependency-tracking' '--disable-silent-rules' > > '--srcdir=.' > > > > > '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' > > > > > '--mandir=/usr/share/man' '--enable-inline' > > '--enable-async-io=8' > > > > > '--enable-storeio=ufs,aufs,diskd,rock' > > '--enable-removal-policies=lru,heap' > > > > > '--enable-delay-pools' '--enable-cache-digests' > > '--enable-underscores' > > > > > '--enable-icap-client' '--enable-follow-x-forwarded-for' > > '--enable-auth' > > > > > > '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam > > > > > ,squid_radius_auth,multi-domain-NTLM' > > '--enable-ntlm-auth-helpers=smb_lm' > > > > > '--enable-digest-auth-helpers=ldap,password' > > > > > '--enable-negotiate-auth-helpers=squid_kerb_auth' > > '--enable-esi' > > > > > '--disable-translation' '--with-logdir=/var/log/squid' > > > > > '--with-pidfile=/var/run/squid.pid' > > '--with-filedescriptors=131072' > > > > > '--with-large-files' '--with-default-user=squid' > > '--enable-linux-netfilter' > > > > > '--enable-ltdl-convenience' '--enable-ssl' > > '--enable-ssl-crtd' > > > > > '--enable-arp-acl' 'CXXFLAGS=-DMAXTCPLISTENPORTS=20000' > > '--with-openssl' > > > > > '--enable-snmp' > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > cheers > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > squid-users mailing list > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVNRlzAAoJENNXIZxhPexG4/QIAJUl79LIoLOVaFJk2mygK+fd IZdw9cXaZ3e7nVsgyZ/Ue4PYxQHyHuRXjU36rdVMsOn5xZV8Xltw37WEkMnZZvRF DheuJ6T2FNVgkRJrMb1PcE4Wz/CjIbWje07l3B49Ou2HRuU5EIXYEerYxv52qXU5 k+T+lRrB1gGwPgH/BveM3JHKq1p2TDj9rR4eYc5VRJenZe7bgRF73ocpgzdkJYzb Q3VpUhq3IZ+e1JSbiyGV2lD5Uc91Ys7vP8ER9rm4DSjSQC2rO94/jHBwr6mCQbZi i2ZOA329mtXkfwTbGvWNeyFpNf/AfTxjOIBfY1ZWLfcPzZCm62rA8VIxMA7qaz8= =264Y -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
