[squid-users] Re: peer-cache question

From: babajaga <augustus_meyer_at_yahoo.de>
Date: Wed, 10 Apr 2013 00:26:01 -0700 (PDT)

How do you handle dest port 443 ?
It is not enough simply to route all traffic (dest port 80 and dest port
443) to squid:3128. This will not work for https:
May be, you post your complete squid.conf. And the rules for iptables etc.
to achieve transparency.

In squid.conf you will need such stuff like

http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
ssl_bump allow all

Start here: http://wiki.squid-cache.org/Features/DynamicSslCert

Of course, you might simply avoid proxying port 443.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/peer-cache-question-tp4659419p4659438.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Apr 10 2013 - 07:26:03 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 10 2013 - 12:00:05 MDT