如何在squid3中配置HTTPS支持

Question

我有vps，我想配置我的squid支持HTTPS代理。 我配置了http代理，可以工作，但不支持https。

問題

• 如何配置HTTPS代理在squid3？

這是我的squid.conf配置細節。

acl manager proto cache_object 
acl localhost src 127.0.0.1/32 ::1 
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 
acl SSL_ports port 443 
acl Safe_ports port 80 # http 
acl Safe_ports port 21 # ftp 
acl Safe_ports port 443 # https 
acl Safe_ports port 70 # gopher 
acl Safe_ports port 210 # wais 
acl Safe_ports port 1025-65535 # unregistered ports 
acl Safe_ports port 280 # http-mgmt 
acl Safe_ports port 488 # gss-http 
acl Safe_ports port 591 # filemaker 
acl Safe_ports port 777 # multiling http 
acl CONNECT method CONNECT 
acl larang url_regex -i "/etc/squid3/larang.txt" 
http_access allow manager localhost 
http_access deny manager 
http_access deny !Safe_ports 
http_access deny CONNECT !SSL_ports 
http_access allow localhost 
http_access deny larang 
http_access allow all 
http_port 143 transparent 
refresh_pattern ^ftp: 1440 20% 10080 
refresh_pattern ^gopher: 1440 0% 1440 
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 
refresh_pattern . 0 20% 4320 

Answer 1

此行http_access deny CONNECT !SSL_ports阻止連接到您的非SSL_ports。默認情況下，Squid阻止：http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls#The_Safe_Ports_and_SSL_Ports_ACL

您只希望允許SSL連接到反向代理。假設，把這個放在你的squid.conf的頂部：

https_port 443 cert=/path/to/CertAuth/testcert.cert key=/path/to/CertAuth/testkey.pem defaultsite=mywebsite.mydomain.com vhost 
cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS name=websiteA 

acl sites_server_1 dstdomain websiteA.mydomain.com 
cache_peer_access websiteA allow sites_server_1 
http_access allow sites_server_1 

(extracted from: http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate) 

雖然你會想要閱讀所有的文檔。

這裏是魷魚和SSL（絕對讀取）的更多信息：http://wiki.squid-cache.org/Features/HTTPS