|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 You using wrong and extremal unspecific manual. Feel free to use our good manuals: http://wiki.squid-cache.org/ConfigExamples 20.06.2016 20:02, Jobin George пишет: > > Hi, > > > > I am trying to setup squid3 as an HTTPS proxy using the tutorial given [here][1]. I have properly setup the proxy settings in my browser and when I try to hit **HTTP** web sites, I am able to connect successfully. However, I keep getting a "Connection timed out error" whenever I hit an **HTTPS** protocol web site and the following error in my `/var/log/squid3/cache.log`: > > > > 2016/06/20 19:12:47| NF getsockopt(SO_ORIGINAL_DST) failed on local=<local_ip_address>:3129 remote=<remote_ip_address>:55209 FD 8 flags=33: (92) Protocol not available > > > > Here is my /etc/squid3/squid.conf file (commented lines removed for brevity): > > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > > auth_param basic program /usr/lib/squid3/basic_ncsa_auth /usr/etc/passwd > > auth_param basic casesensitive off > > auth_param basic credentialsttl 2 hours > > > > acl user_auth proxy_auth REQUIRED > > > > http_access allow user_auth > > > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 21 # ftp > > acl Safe_ports port 443 # https > > acl Safe_ports port 70 # gopher > > acl Safe_ports port 210 # wais > > acl Safe_ports port 1025-65535 # unregistered ports > > acl Safe_ports port 280 # http-mgmt > > acl Safe_ports port 488 # gss-http > > acl Safe_ports port 591 # filemaker > > acl Safe_ports port 777 # multiling http > > acl CONNECT method CONNECT > > > > http_access allow localhost > > http_access allow all > > http_port 3127 > > > > https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid3/example.com.private cert=/etc/squid3/example.com.cert > > > > ssl_bump server-first all > > sslproxy_flags DONT_VERIFY_PEER > > sslproxy_cert_error deny all > > sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 > > coredump_dir /var/spool/squid3 > > > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 > > refresh_pattern . 0 20% 4320 > > > > always_direct allow all > > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > > > > I have spent a lot of time googling this error but could not arrive at a solution which would configure squid as an HTTP proxy. How do I get this working? > > > > > > [1]: https://smoothnet.org/squid-proxy-with-ssl-bump/ > > > > Thanks & Regards > > Jobin > > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEbBAEBCAAGBQJXaACxAAoJENNXIZxhPexGb7gH+Iq3mOmeCH6memj7NKb2Yazo I1PfzpjOi5/sh0gGfGEw2KG0nknT7Y4G7G6V6QxLH00PSlauUZ9syzsYmdWiImvA o0Q8Aw5xyMUjhxVvVjl/ExJZdhUj86m+kruav6osArPdJGaLOpXiyhhvNef3zD0A 3d2D1xJhZP/JLYQUzDxssLxuphPxv8rx44e9H2MpoRN7llLFOEzURInVHwUNPrOE keY8fYjHYb2DKlvkI9fkkLj75j4tdQYmwQo+wiIbXIUOyejfIJKYR3DSR5zzXMxX nLq1LiJ1cZt/exNUwQ/hpEdByfKC/J9NoCPn++9VRCBWHenoSDPrs90k3SQ4CQ== =zzoL -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
