Squid + Web Sockets
Форум — Admin
Приветствую.
Может кто-то поделиться минимальной работающей конфигурацией squid-а, который может проксировать как обычный https(s) трафик, так и трафик web socket-ов? В сети только обрывочная информация на эту тему.
Версия squid-а
$ squid -v
Squid Cache: Version 5.1
Service Name: squid
This binary uses OpenSSL 1.1.1k 25 Mar 2021. For legal restrictions on distribution see https://www.openssl.org/source/license.html
configure options: '--build=x86_64' '--host=x86_64' '--prefix=/usr' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--with-logdir=/var/log/squid' '--disable-strict-error-checking' '--disable-arch-native' '--enable-removal-policies=lru,heap' '--enable-auth-digest' '--enable-auth-basic=getpwnam,NCSA' '--enable-external-acl-helpers=file_userip,unix_group,wbinfo_group' '--enable-auth-ntlm=fake' '--enable-auth-negotiate=kerberos,wrapper' '--enable-silent-rules' '--disable-mit' '--enable-heimdal' '--enable-delay-pools' '--enable-openssl' '--enable-ssl-crtd' '--enable-security-cert-generators=file' '--enable-ident-lookups' '--enable-useragent-log' '--enable-cache-digests' '--enable-referer-log' '--enable-async-io' '--enable-truncate' '--enable-arp-acl' '--enable-htcp' '--enable-carp' '--enable-epoll' '--enable-follow-x-forwarded-for' '--enable-storeio=diskd rock' '--enable-ipv6' '--enable-translation' '--disable-snmp' '--disable-dependency-tracking' '--with-large-files' '--with-default-user=squid' '--with-openssl' '--with-pidfile=/var/run/squid/squid.pid' 'build_alias=x86_64' 'host_alias=x86_64' 'CFLAGS=-g0 -O2' 'LDFLAGS=-s' 'CXXFLAGS=-g0 -O2'
squid.conf
http_port 8888
logfile_rotate 0
cache_log stdio:/dev/stdout
access_log stdio:/dev/stdout
cache_store_log stdio:/dev/stdout
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# http_access allow all
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320