Search squid archive

Re: About to upgrade from 3 to 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote:
On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote:
On 10/06/18 01:02, James Lay wrote:

So in my config file I have:

sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB

However I do not see this after compiling and installing. Has this gone
away in 4? Thank you.

James


It's now called security_file_certgen.

<http://www.squid-cache.org/Versions/v4/squid-4.0.24-RELEASENOTES.html#ss2.4>

Amos


Thanks Amos...I'll read this before asking anymore questions ☺

James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


So ok...after making the changes to the config to account for new  security_file_certgen and tls_outgoing_options (thanks Amos!) I am greeted with (hostname changed from real):

FATAL: mimeLoadIcon: cannot parse internal URL: http://<hostname>:0/squid-internal-static/icons/silk/image.png

Here's my config line:

./configure --prefix=/opt/squid --with-openssl=/opt/libressl --sysconfdir=/opt/squid/etc --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-follow-x-forwarded-for --with-large-files --enable-xternal-acl-helpers=none

full config (I realize this might not be the most secure on the planet, for now this is a dev box and I'm just testing functionality):

acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
acl allowed_http_sites url_regex "/opt/squid/etc/http_url.txt"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports
http_access allow SSL_ports
http_access allow allowed_http_sites
http_access deny all

acl broken_ips dst "/opt/squid/etc/broken_ips.txt"
ssl_bump splice broken_ips
acl broken_https_sites ssl::server_name_regex "/opt/squid/etc/broken_url.txt"
ssl_bump splice broken_https_sites
ssl_bump peek all
acl allowed_https_sites ssl::server_name_regex "/opt/squid/etc/http_url.txt"
ssl_bump splice allowed_https_sites
ssl_bump terminate all

sslproxy_cert_error allow all
tls_outgoing_options capath=/etc/ssl/certs flags=DONT_VERIFY_PEER

sslcrtd_program /opt/squid/libexec/security_file_certgen -s /opt/squid/var/ -M 4MB
sslcrtd_children 5

http_port gateway:3128 intercept
https_port gateway:3129 intercept ssl-bump cert=/opt/squid/etc/certs/sslsplit_ca_cert.pem cafile=/opt/squid/etc/certs/sslsplit_ca_cert.pem key=/opt/squid/etc/certs/sslsplit_ca_key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslflags=NO_SESSION_REUSE

logformat mine %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %ssl::>sni %ssl::>cert_subject %>Hs %<st %Ss:%Sh

access_log syslog:daemon.info mine

refresh_pattern -i (cgi-bin|\?) 0       0%      0
refresh_pattern .               0       20%     4320

coredump_dir /opt/squid/var

At this point I have no clue what to do next...any troubleshooting steps would be wonderful.  Thank you.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users






















[Index of Archives]
 
 
[Linux Audio Users]
 
 
[Samba]
 
 
[Big List of Linux Books]
 
 
[Linux USB]
 
 
[Yosemite News]


















 
Powered by Linux