about summary refs log blame commit diff stats
path: root/tools/squid.html
blob: fcbe7bdf9ef5e0a35775042068a5f9c14f521974 (plain) (tree) 
07bedee ^
























4fafa3d ^

07bedee ^




4fafa3d ^

07bedee ^




4fafa3d ^

07bedee ^























4fafa3d ^

07bedee ^








214aa23 ^


6844eee ^

07bedee ^






1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25

26
27
28
29

30

31
32
33
34

35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

59

60
61
62
63
64
65
66
67

68
69

70

71
72
73
74
75
76
























                                                                                                                 
                                                



                                    
                                                                           



                  
                                                                                                                       






















                                                                                                                                                                                         
                                                                                                                                                                                                                  







                                            

                                                         
                  





                                                                                         
<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>Squid</title>
    </head>
    <body>
        <a href="index.html">Tools Index</a>
        <h1>Squid</h1>

        <pre>
install from romster
edit /etc/squid/squid.conf
edit only allow 10.0.0.0
edit folder to /srv/squid

edit /etc/passwd  /srv/squid

https://www.smoothnet.org/squid-v3-5-proxy-with-ssl-bump/
http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/squid-transparent-proxy-http-https
        </pre>

        <pre>
# Generate Private Key
openssl genrsa -out machine.example.org.key 2048
        </pre>

        <pre>
# Create Certificate Signing Request
openssl req -new -key machine.example.org.key -out machine.example.org.csr 
        </pre>

        <pre>
# Sign Certificate
openssl x509 -req -days 3652 -in machine.example.org.csr -signkey machine.example.org.key -out machine.example.org.cert
cat squid.key squid.crt > squid.pem


https_port 3130 intercept ssl-bump  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/squid.pem

always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER




/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db

chown -R squid.squid /var/lib/ssl_db
        </pre>

        <pre>
# Proxy Aware (non-intercepted traffic)
http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE  
# Intercepted Traffic
https_port 192.168.0.1:3130 cert=/etc/squid/ssl/machine.example.org.cert key=/etc/squid/machine.example.org.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE


# SSL Bump Config
ssl_bump stare all  
ssl_bump bump all  
        </pre>

        <a href="index.html">Tools Index</a>
        <p>This is part of the Hive System Documentation.
        Copyright (C) 2018
        Hive Team.
        See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>


    </body>
</html>
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-07-21 06:04:07 +0000