Re: [squid-users] https to http translation

From: purgat <purgatio_at_gmail.com>
Date: Wed, 15 Dec 2010 16:54:36 +0330

Just for the sake of helping other people...
Thanks to everybody's help specially Amos my problem is somewhat solved
though a lot of fine-tuning is yet to be done. One thing I want to
stress on is ease and simplicity. I heard of several options here,
interestingly, most of which made sense theoretically though I didn't
have the technical experience to handle the complexity.
The solution that worked for me as was suggested by Amos, was "stunnel"
with squid. This would be suitable for someone with relatively low
knowledge of networking who is relatively comfortable doing things on
command-line.
say you set up your browser settings to use 127.0.0.1 with any unused
port of your choice. Set up stunnel on client and set it up in client
mode to forward the mentioned port to some port on your server. Only 4
lines of conf file are to be added/modified 1 for client mode and 3 for
accepting and forwarding the port to server (I commented out most of the
rest of the sample file for the time being). Then you set up stunnel on
server side with exactly reverse settings. Exit port this time is what
your squid (or other proxy server of your choice) is listening to.
Extremely simple and effective. I haven't tried it on Windows yet but I
believe it must be fine.
My thanks to everybody for their help and support

P.S. Amos I didn't find the Firefox bug that you mentioned. If you have
an address it would be great because I may be able to contribute one way
or another.

On Tue, 2010-12-14 at 01:05 +0000, Amos Jeffries wrote:
> On Mon, 13 Dec 2010 22:06:01 +0330, purgat wrote:
> > Hey
> > ok let me see if I got this right (excuse the noob!):
> > Let's say you set up squid to listen to ssl over 8081 and set up proxy
> > settings of your browser to use 8081 for both http and https. Now if you
> > type in an address with https in your browser you will send your data to
> > squid over ssl (probably ssl of the target website) but if you use http,
> > browser will not understand that the proxy on the other side is looking
> > for an ssl connection. Did I get this right?
>
> Yes.
>
> > If that is the case, one other option would be setting up a proxy daemon
> > on the local machine and try to get it connected to the main proxy
> > server over an encrypted connection. Can THAT be done with squid?
>
> Yes, people have had success with stunnel and others. I don't do it myself
> so can't help with the config side of those.
>
> Amos
>
Received on Wed Dec 15 2010 - 13:24:50 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 16 2010 - 12:00:03 MST