
This forum is proudly powered by Scientific Linux 6 | SL website Download SL Help Search Members |
Welcome Guest ( Log In | Register ) | Resend Validation Email |
![]() ![]() ![]() |
Screwballl |
Posted: Jun 18 2014, 01:49 AM
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
SLF Junior ![]() ![]() Group: Members Posts: 28 Member No.: 3067 Joined: 14-April 14 ![]() |
Some of us need the options available in newer versions of squid (such as ssl-bump and other SSL related extras) that the current 3.1.10 available in the SL repo does not provide. This howto is how I was able to compile it from source.
NOTE: You need perl and a few other things to ensure this works. The "yum install" items I show here were just items I needed myself (or added here just in case some of you need them), you may need more or less depending on your usage and current setup. Luckily yum is pretty tolerant, so if you already have some of these packages installed, it should just say "package already installed" and skip it. cd to /usr/src/
Usual build chain:
Extra pkgs for CentOS/SL based installs:
You could add all of these on one line, I just added them as configure and make errors presented themselves to me. Extract source file:
edit squid.conf to enable the cache (cache_dir ufs /var/cache/squid 10000 32 512)
Do not start squid service (yet) At this point you can edit the /etc/squid/squid.conf as needed. For ssl-bump: Certificate related info I created server side certs in /etc/squid/ssl/ (for use by squid) and the folder (for website/user certs) in /var/lib/squid_ssl_db. Another option is keep them in closer proximity, so instead of /var/lib/squid_ssl_db/, could use /etc/squid/cert/ssl_db/
I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates):
Do not start squid service (yet) squid.conf additions for SSL-bump: # These act like “IF” commands: if http, intercept from 3128 > 3129 and process; if https intercept from 3128 > 3130. The browser never sees these alternate ports, they are only used internally thus no need for iptables rules. # Also with dansguardian involved, dansguardian sends info to squid via localhost:3128 so DG related info does not start until rule “http_port 3128” if I understand it correctly. Also the default http port for dansguardian is 8080 or 10101 so the proxy in the browser will need that port, and Secure Proxy as 3128 directly into squid (since dansguardian cannot handle secure sites). # With the 3130 line, I set it below as 16MB since this will be used on a larger production server with a lot of users. For a home or small office, 4 or 8MB should be fine (4MB = around 1000 certificates).
Do not start squid service (yet) IPTABLES ENTRY: Change if you plan to use another port above as primary port.
I prefer INPUT 4 as it puts it above most deny entries, and below the initial allow entries. START squid After all this, you can now “service squid start” Squid as service vim /etc/init.d/squid (should come back as new document in case of compiling from source)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Screwballl |
Posted: Jun 29 2014, 04:51 PM
|
|
SLF Junior ![]() ![]() Group: Members Posts: 28 Member No.: 3067 Joined: 14-April 14 ![]() |
Squid version 3.4.6 (released 25 June 2014) and the process is the same, already tested on several servers.
|
|
hermouche |
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SLF Newbie Group: Members Posts: 1 Member No.: 3309 Joined: 12-December 14 ![]() |
Thank you very much for your post Screenballl, Very interesting since i guess we can track the HTTPS in my college. Some student's are just by passing the proxy squid by using some proxy web site (VPN) !!! However, i'm tryying to follow your post and I've got a problem whent i try to compile:
What could be the problem please? I am using CentOS release 6.6 (Final) Thanks a lot Screenballl. ![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
inittux |
Posted: Dec 29 2014, 01:39 PM
|
|||
![]() SLF Geek ![]() ![]() ![]() ![]() Group: Members Posts: 312 Member No.: 953 Joined: 20-October 11 ![]() |
Do you have glibc-devel installed?
|
|||
Screwballl |
Posted: Jan 27 2015, 04:34 PM
|
|
SLF Junior ![]() ![]() Group: Members Posts: 28 Member No.: 3067 Joined: 14-April 14 ![]() |
I have also tested this with squid 3.4.7 and the newest 3.5.1 as well, process is the same, just need to modify the name of the original file download, everything else is the same.
No differences on doing this with SL6.5 versus 6.6. |
|
peace |
Posted: Aug 17 2016, 03:27 PM
|
|||||
SLF Newbie Group: Members Posts: 1 Member No.: 3744 Joined: 17-August 16 ![]() |
This is very good post. I followed everything and was able to install squid-3.4.5 and http is working but when i try https it throws following message in access.log :
Can you please help me what changes i need to make in this case? Thanks!! |
|||||
![]() |
![]() ![]() ![]() |