地方在住IT系ニート

Hioke

Squidのインストールと設定方法のメモ

Table of Contents

インストール

sudo apt install squid

設定情報

visible_hostname ras.squid


acl SSL_ports port 443
acl CONNECT method CONNECT


acl intermediate_fetching transaction_initiator certificate-fetching

http_access allow intermediate_fetching


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access allow localnet
http_access deny manager


include /etc/squid/conf.d/*

http_access allow localhost

http_access deny all


http_port 3128
https_port 3129 tcpkeepalive=60,30,3 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/etc/squid/ssl/squid.crt key=/etc/squid/ssl/squid.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,NO_SSLv2,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/ssl/squid.pem
acl allowed_http_sites dstdomain "/etc/squid/whitelist.txt"

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 20MB

sslproxy_cert_error allow all

ssl_bump stare all

メモ

にほんブログ村 IT技術ブログ IT技術メモへ