Search squid archive

Re: websockets through Squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday, October 17, 2020, 5:10:08 AM GMT+2, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: 

> tcp_outgoing_* directives can send details to the OS to hint at preferred server connection details. It is up to the OS whether those are followed or not.


Yes, I finally solved my network issue, and now Squid is sending traffic as expected (same interface).

In fact, I know Squid 5.0.4 and websockets are "working" because I can properly test this protocol here:

https://www.websocket.org/echo.html

and elsewhere. The above site did not work with Squid 4, but it's working now with Squid 5.0.4.

However, the webex test site is still failing with the same client error message.

Maybe someone on this list can reproduce the problem or share a squid configuration that actually works with or without sslbump (for the webex test site, that is).

Here's a simple sslbump config that only requires redirecting tcp 443 traffic to the custom Squid port 3130 (tproxy can be ignored in this example):

# cat squid.conf
# optional:
# tcp_outgoing_address 1.2.3.4

http_port 3128
http_port 3129 tproxy
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem
sslcrtd_program /usr/libexec/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 16MB
sslcrtd_children 40 startup=20 idle=10

acl SSL_ports port 443

acl Safe_ports port 443
acl Safe_ports port 80

acl CONNECT method CONNECT

acl localnet src your.local.net.work

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny all !localnet

http_access allow CONNECT localnet SSL_ports

http_upgrade_request_protocols OTHER allow all

http_access allow localnet all
http_reply_access allow localnet all

debug_options rotate=1 ALL,9

ssl_bump stare all
ssl_bump bump all

http_access allow localhost

http_access deny all

-------------------------------------

You can then go to https://www.webex.com/test-meeting.html to see if the websocket test actually works.

There has to be a glitch there or something I'm overlooking.

Thanks,

Vieri
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux