Irgendwie bekomm ich das nicht gebacken -.- ...
Jemand ein gutes HowTo für?
Gelöst via
Squid 3.2.2:
Weil das Debian Repo eine alte Version von Squid (3.1) und zudem auch noch ohne SSL Unterstützung anbietet, muss man selbst kompilieren
Unter Debian brauch mal zuerst die nötigen Tools:
Code:
aptitude install build-essential openssl libssl-dev
Damit sollte man die nötigen Tools haben.
Squid entpackt erstmal bauen und installieren:
Code:
# ./configure --enable-ssl --build=x86_64-linux-gnu --prefix=/usr/local/squid --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/squid3 --srcdir=. --disable-maintainer-mode --disable-dependency-tracking --disable-silent-rules --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3 --mandir=/usr/share/man --with-cppunit-basedir=/usr --enable-inline --enable-async-io=8 --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-delay-pools --enable-cache-digests --enable-underscores --enable-icap-client --enable-follow-x-forwarded-for --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM --enable-ntlm-auth-helpers=smb_lm, --enable-digest-auth-helpers=ldap,password --enable-negotiate-auth-helpers=squid_kerb_auth --enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group --enable-arp-acl --enable-esi --enable-zph-qos --enable-wccpv2 --disable-translation --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid --with-filedescriptors=65536 --with-large-files --with-default-user=proxy
# make
# make install
Damit sollte man Squid in /usr/local/squid haben
Jetzt noch die entsprechende Config in /etc/squid/squid.conf:
Code:
cache_mgr hab[at]ich.net
visible_hostname proxy.meinnetz.de
http_port 80 accel vhost
https_port 443 accel vhost cert=/exchange/cert.pem key=/exchange/key.pem defaultsite=exchange.meinnetz.de
# Exchange Server
cache_peer 1.2.3.5 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/exchange/cert.pem sslkey=/exchange/key.pem name=exchange_ssl
acl sites_exchange_ssl dstdomain exchange.meinnetz.de
cache_peer_access exchange_ssl allow sites_exchange_ssl
# WebServer 1
cache_peer 1.2.3.3 parent 80 0 no-query originserver login=PASS name=webserver1
acl sites_webserver1 dstdomain webserver1.meinnetz.de
cache_peer_access webserver1 allow sites_webserver1
# WebServer 2
cache_peer 1.2.3.4 parent 80 0 no-query originserver login=PASS name=webserver2
acl sites_webserver2 dstdomain webserver2.meinnetz.de
cache_peer_access webserver2 allow sites_webserver2
cache_dir ufs /var/spool/squid 10000 16 256
cache_mem 512 MB
minimum_object_size 0 KB
maximum_object_size 32 MB
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 10
hosts_file /etc/hosts
# Basic ACLs
acl Safe_ports port 80
acl Safe_ports port 443
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow localhost
http_access allow all
http_access allow all
http_reply_access allow all
icp_access allow all
cache_effective_group proxy
coredump_dir /var/spool/squid
forwarded_for on
redirect_rewrites_host_header off
buffered_logs on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl POST method POST
no_cache deny QUERY
no_cache deny POST
Squid starten und alle anfragen an euren Proxy leiten und freuen
Wer noch ein init Script brauch:
Code:
#! /bin/sh
### BEGIN INIT INFO
# Provides: squid3
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: $named
# Should-Stop: $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Squid HTTP Proxy version 3.x
### END INIT INFO
NAME=squid3
DESC="Squid HTTP Proxy 3.2.2"
DAEMON=/usr/local/squid/sbin/squid
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid/squid.conf
SQUID_ARGS="-YC -f $CONFIG"
[ ! -f /etc/default/squid3 ] || . /etc/default/squid3
. /lib/lsb/init-functions
PATH=/bin:/usr/bin:/sbin:/usr/sbin
[ -x $DAEMON ] || exit 0
ulimit -n 65535
find_cache_dir () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
find_cache_type () {
w=" " # space tab
res=`sed -ne '
s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $CONFIG`
[ -n "$res" ] || res=$2
echo "$res"
}
start () {
cache_dir=`find_cache_dir cache_dir`
cache_type=`find_cache_type cache_dir`
#
# Create spool dirs if they don't exist.
#
if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ]
then
log_warning_msg "Creating $DESC cache structure"
$DAEMON -z -f $CONFIG
fi
umask 027
ulimit -n 65535
cd $cache_dir
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
return $?
}
stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
log_action_begin_msg " Waiting"
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 24 ]
then
log_action_end_msg 1
return 1
fi
sleep 5
log_action_cont_msg ""
done
log_action_end_msg 0
return 0
else
return 0
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
if stop ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
reload|force-reload)
log_action_msg "Reloading $DESC configuration files"
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --quiet --exec $DAEMON
log_action_end_msg 0
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
stop
if start ; then
log_end_msg $?
else
log_end_msg $?
fi
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}"
exit 3
;;
esac
exit 0
EDIT: Es ist zwar "nur" eine Lösung für HTTP und HTTPS anfragen, aber es ist ein Anfang