about summary refs log tree commit diff stats
path: root/tools/squid.html
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2016-09-15 00:47:34 +0100
committerSilvino Silva <silvino@bk.ru>2016-09-15 00:47:34 +0100
commit07bedee34d9ded6f86904c7e4b4e02464ff8cb14 (patch)
tree242dcbfdcd97667017bdfcaaa535919b01168fe1 /tools/squid.html
parentb9762bb44befe4a852688eb19cce1aec3462f2ca (diff)
downloaddoc-07bedee34d9ded6f86904c7e4b4e02464ff8cb14.tar.gz
added tools
Diffstat (limited to 'tools/squid.html')
-rw-r--r--tools/squid.html76


1 files changed, 76 insertions, 0 deletions
diff --git a/tools/squid.html b/tools/squid.html
new file mode 100644
index 0000000..2fc2c37
--- /dev/null
+++ b/tools/squid.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+        <meta charset='utf-8'>
+        <title>Squid</title>
+    </head>
+    <body>
+        <a href="index.html">Tools Index</a>
+        <h1>Squid</h1>
+
+        <pre>
+install from romster
+edit /etc/squid/squid.conf
+edit only allow 10.0.0.0
+edit folder to /srv/squid
+
+edit /etc/passwd  /srv/squid
+
+https://www.smoothnet.org/squid-v3-5-proxy-with-ssl-bump/
+http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/squid-transparent-proxy-http-https
+        </pre>
+
+        <pre>
+# Generate Private Key
+openssl genrsa -out c13.libernodus.com.key 2048
+        </pre>
+
+        <pre>
+# Create Certificate Signing Request
+openssl req -new -key c13.libernodus.com.key -out c13.libernodus.com.csr 
+        </pre>
+
+        <pre>
+# Sign Certificate
+openssl x509 -req -days 3652 -in c13.libernodus.com.csr -signkey c13.libernodus.com.key -out c13.libernodus.com.cert
+cat squid.key squid.crt > squid.pem
+
+
+https_port 3130 intercept ssl-bump  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/squid.pem
+
+always_direct allow all
+ssl_bump none localhost
+ssl_bump server-first all
+sslproxy_cert_error allow all
+sslproxy_flags DONT_VERIFY_PEER
+
+
+
+
+/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
+
+chown -R squid.squid /var/lib/ssl_db
+        </pre>
+
+        <pre>
+# Proxy Aware (non-intercepted traffic)
+http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE  
+# Intercepted Traffic
+https_port 192.168.0.1:3130 cert=/etc/squid/ssl/c13.libernodus.com.cert key=/etc/squid/c13.libernodus.com.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
+
+
+# SSL Bump Config
+ssl_bump stare all  
+ssl_bump bump all  
+        </pre>
+
+        <a href="index.html">Tools Index</a>
+        <p>This is part of the c9-doc Manual.
+        Copyright (C) 2016
+        Silvino Silva.
+        See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
+
+
+    </body>
+</html>

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-12-03 00:38:02 +0000