我想configuration鱿鱼作为透明的代理,我按照下面的步骤进行configuration
从网站下载squid3.5,因为squid3.1不支持ssl bump
./configure --enable-linux-netfilter --enable-icap-client --enable-ssl --with-filedescriptors=65536 --with-large-files --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --srcdir=. --datadir=${prefix}/share/squid --sysconfdir=/etc/squid make make install SSL已启用鱿鱼,我可以检查使用
squid -v Squid Cache: Version 3.5.2 Service Name: squid configure options: '--enable-linux-netfilter' '--enable-icap-client' '--enable-ssl' '--with-filedescriptors=65536' '--with-large-files' '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid' 'CPPFLAGS=-I../libltdl' --enable-ltdl-convenience
到现在为止,每件事都是好的
我已经在/etc/squid/cert/squid.pem中创build了authentication
当我编辑squid.conf
http_port 3128 https_port 3130 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/cert/squid.pem
只有3128的http_port正在运行
netstat -nap | grep 3128 tcp6 0 0 :::3128 :::* LISTEN 2802/squid
但是https_port 3130正在更新甚至接受证书
#netstat -nap | grep 3130 #
我已经尝试使用ssl-bump的http_port
squid -z 2015/03/06 19:52:11| FATAL: Unknown http_port option 'ssl-bump'. FATAL: Bungled /etc/squid/squid.conf
我已经对iptables进行了更改,将端口80redirect到3128和443到3130
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3130
请让我知道为什么我们无法在https_port中添加ssl-bump
谢谢