blob: 2fc2c378d6360a8a2e80eb059c81a605127b3365 (
plain) (
tree)
|
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Squid</title>
</head>
<body>
<a href="index.html">Tools Index</a>
<h1>Squid</h1>
<pre>
install from romster
edit /etc/squid/squid.conf
edit only allow 10.0.0.0
edit folder to /srv/squid
edit /etc/passwd /srv/squid
https://www.smoothnet.org/squid-v3-5-proxy-with-ssl-bump/
http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/squid-transparent-proxy-http-https
</pre>
<pre>
# Generate Private Key
openssl genrsa -out c13.libernodus.com.key 2048
</pre>
<pre>
# Create Certificate Signing Request
openssl req -new -key c13.libernodus.com.key -out c13.libernodus.com.csr
</pre>
<pre>
# Sign Certificate
openssl x509 -req -days 3652 -in c13.libernodus.com.csr -signkey c13.libernodus.com.key -out c13.libernodus.com.cert
cat squid.key squid.crt > squid.pem
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/squid.pem
always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
chown -R squid.squid /var/lib/ssl_db
</pre>
<pre>
# Proxy Aware (non-intercepted traffic)
http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# Intercepted Traffic
https_port 192.168.0.1:3130 cert=/etc/squid/ssl/c13.libernodus.com.cert key=/etc/squid/c13.libernodus.com.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# SSL Bump Config
ssl_bump stare all
ssl_bump bump all
</pre>
<a href="index.html">Tools Index</a>
<p>This is part of the c9-doc Manual.
Copyright (C) 2016
Silvino Silva.
See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|