无法通过squid代理连接到HTTPS网站
我刚刚尝试在 CentOS7 中的 OpenVZ VPS 上创建代理服务器。一切都很好,但我无法访问 https 网站,如 google、instagram、facebook 等。它说超时,响应时间太长。
我已经生成了 myCA.pem 证书,并使用 ssl_bump 链接了签名证书,没有错误(使用 检查systemctl status squid),现在当我尝试连接到上面列举的网站时,它不会给我任何互联网错误:
下面是我的squid.conf,这里是我的cache.log http://pastebin.com/MUkujTig
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_port 3128 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
key=/etc/squid/ssl_cert/myCA.pem \
cert=/etc/squid/ssl_cert/myCA.pem
# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
cache deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
我已使用以下命令在公共区域中添加了 3128 端口firewall-cmd
| 归档时间: |
|
| 查看次数: |
23225 次 |
| 最近记录: |