Re: [squid-users] https to http translation

From: Bucci, David G <david.g.bucci_at_lmco.com>
Date: Thu, 16 Dec 2010 12:52:09 -0500

I can confirm that it works fine on Windows as well ... we are using stunnel as described on Windows PCs tunneling to a Windows server, with Squid running on the Windows server, proxying the traffic.

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Wednesday, December 15, 2010 4:44 PM
To: squid-users_at_squid-cache.org
Subject: EXTERNAL: Re: [squid-users] https to http translation

On Wed, 15 Dec 2010 16:54:36 +0330, purgat <purgatio_at_gmail.com> wrote:
> Just for the sake of helping other people...
> Thanks to everybody's help specially Amos my problem is somewhat solved
> though a lot of fine-tuning is yet to be done. One thing I want to
> stress on is ease and simplicity. I heard of several options here,
> interestingly, most of which made sense theoretically though I didn't
> have the technical experience to handle the complexity.
> The solution that worked for me as was suggested by Amos, was "stunnel"
> with squid. This would be suitable for someone with relatively low
> knowledge of networking who is relatively comfortable doing things on
> command-line.
> say you set up your browser settings to use 127.0.0.1 with any unused
> port of your choice. Set up stunnel on client and set it up in client
> mode to forward the mentioned port to some port on your server. Only 4
> lines of conf file are to be added/modified 1 for client mode and 3 for
> accepting and forwarding the port to server (I commented out most of the
> rest of the sample file for the time being). Then you set up stunnel on
> server side with exactly reverse settings. Exit port this time is what
> your squid (or other proxy server of your choice) is listening to.
> Extremely simple and effective. I haven't tried it on Windows yet but I
> believe it must be fine.
> My thanks to everybody for their help and support
>
> P.S. Amos I didn't find the Firefox bug that you mentioned. If you have
> an address it would be great because I may be able to contribute one way
> or another.

Wonderful thank you.

https://bugzilla.mozilla.org/show_bug.cgi?id=378637

This reminds me we do not have a stunnel setup in the config examples, are
you happy to write up a simple how-to config page for
http://wiki.squid-cache.org/ConfigExamples ?

Amos

>
>
>
> On Tue, 2010-12-14 at 01:05 +0000, Amos Jeffries wrote:
>> On Mon, 13 Dec 2010 22:06:01 +0330, purgat wrote:
>> > Hey
>> > ok let me see if I got this right (excuse the noob!):
>> > Let's say you set up squid to listen to ssl over 8081 and set up
proxy
>> > settings of your browser to use 8081 for both http and https. Now if
>> > you
>> > type in an address with https in your browser you will send your data
>> > to
>> > squid over ssl (probably ssl of the target website) but if you use
>> > http,
>> > browser will not understand that the proxy on the other side is
looking
>> > for an ssl connection. Did I get this right?
>>
>> Yes.
>>
>> > If that is the case, one other option would be setting up a proxy
>> > daemon
>> > on the local machine and try to get it connected to the main proxy
>> > server over an encrypted connection. Can THAT be done with squid?
>>
>> Yes, people have had success with stunnel and others. I don't do it
>> myself
>> so can't help with the config side of those.
>>
>> Amos
>>
Received on Thu Dec 16 2010 - 18:06:39 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 16 2010 - 12:00:03 MST