我正在尝试使用 Squid Cache 启用 HTTP 和 HTTPS 连接的内容缓存。我在 Ubuntu 24.04 上运行
squid-openssl--with-openssl--enable-ssl-crtd我的设置中有以下配置行:
https_port 3129 tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /lib/squid/security_file_certgen -c -s /usr/local/squid/var/cache/squid/ssl_db -M 4MB
当我运行
curl --proxy-insecure --proxy https://localhost:31291711580401.645 162 192.168.65.1 TCP_TUNNEL/200 41698 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
1711580403.972 92 192.168.65.1 TCP_TUNNEL/200 41699 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
1711580404.771 103 192.168.65.1 TCP_TUNNEL/200 41700 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
当我将
ssl-bumphttps_port 3129 ssl-bump tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
我收到以下错误:
FATAL: Bungled /etc/squid/squid.conf line 42: https_port 3129 ssl-bump tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
如何使用 TLS 在 3129 上配置
https_port我刚刚经历了几周的挣扎。多年来的文档现在相互冲突,或者自动处理,很难找出您需要的内容。
我正在 Alpine 上运行
squid配置为反向代理(
accel cache_peer squidparent.example.com parent 443 0 no-query default ssl name=myAccel no-digest tls-cert=/etc/squid/certs/tls.crt tls-key=/etc/squid/certs/tls.key
cache_peer_access myAccel allow localnet
cache_peer_access myAccel deny all
http_port 3128 accel defaultsite=squidparent.example.com no-vhost
https_port 3129 accel defaultsite=squidparent.example.com generate-host-certificates=on tls-cert=/etc/squid/certs/tls.crt tls-key=/etc/squid/certs/tls.key no-vhost
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/cache/squid/ssl_db -M 20MB
sslproxy_cert_error allow all
cache_peer_access myAccel allow localnet
cache_peer_access myAccel deny all
确保您的 TLS 证书
Subject我想您只对缓存 HTTPS 内容感兴趣,而不对请求进行任何其他处理,并且您不需要加密从客户端到代理的连接(因为您似乎在同一台计算机上完成这一切) 。在这种情况下,您不需要使用
https_porthttp_portssl-bump但是,您还需要确保
ssl_bumphttp_port 3128 ssl-bump tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
ssl_bump bump all
然后,在您的客户端上,使用
export http_proxy=http://localhost:3128curl