squid3 +ssl_bump
На сайт по http заходит, по http пишет прокси сервер не доступен.
Debian 6.0
squid 3.3.9 c enable-ssl enable-ssl-crtd
ssl сертификат :
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout squidCA.pem -out squidCA.pem
chmod 400 squidCA.pem
squid.conf :
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/squidCA.pem
always_direct allow all
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
#ssl_bump allow all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5
coredump_dir /var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
/var/squid/log/cache.log
2014/06/23 11:10:14 kid1| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2014/06/23 11:10:14 kid1| Initializing https proxy context
2014/06/23 11:10:14 kid1| Initializing http_port [::]:8080 SSL context
2014/06/23 11:10:14 kid1| Using certificate in /etc/squid/ssl_cert/squidCA.pem
2014/06/23 11:10:14 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/06/23 11:10:14 kid1| parse error while reading template file: /usr/share/squid/errors/templates/error-details.txt
2014/06/23 11:10:14 kid1| WARNING: failed to find or read error text file error-details.txt
2014/06/23 11:10:14 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/06/23 11:10:14 kid1| WARNING! invalid error detail name: X509_V_ERR_DIFFERENT_CRL_SCOPE
2014/06/23 11:10:14 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2014/06/23 11:10:14 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2014/06/23 11:10:14 kid1| Squid plugin modules loaded: 0
2014/06/23 11:10:14 kid1| Adaptation support is off.
2014/06/23 11:10:14 kid1| Store logging disabled
2014/06/23 11:10:14 kid1| DNS Socket created at [::], FD 11
2014/06/23 11:10:14 kid1| DNS Socket created at 0.0.0.0, FD 12
2014/06/23 11:10:14 kid1| Adding domain corp.willesden.by from /etc/resolv.conf
2014/06/23 11:10:14 kid1| Adding nameserver 172.16.0.33 from /etc/resolv.conf
2014/06/23 11:10:14 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' processes
2014/06/23 11:10:14 kid1| Loaded Icons.
2014/06/23 11:10:14 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:8080 remote=[::] FD 24 flags=9