33 lines
966 B
SquidConf
33 lines
966 B
SquidConf
http_access allow localnet
|
|
|
|
http_port 3128 ssl-bump \
|
|
generate-host-certificates=on \
|
|
dynamic_cert_mem_cache_size=4MB \
|
|
tls-cert=/etc/ssl/certs/squid-ca.pem \
|
|
tls-key=/etc/ssl/private/squid-ca.key
|
|
|
|
# We do not (cannot! it's a Squid limitation, apparently?) ssl-bump on
|
|
# HTTPS connections to the proxy. So what use is it? The answer: it's
|
|
# a means by which clients can download the cert of the proxy and then
|
|
# add it to their trusted roots (!!!).
|
|
#
|
|
https_port 3127 \
|
|
tls-cert=/etc/ssl/certs/squid-ca.pem \
|
|
tls-key=/etc/ssl/private/squid-ca.key
|
|
|
|
acl step1 at_step SslBump1
|
|
ssl_bump peek step1
|
|
ssl_bump bump all
|
|
ssl_bump splice all
|
|
|
|
cache_dir aufs /var/spool/squid 262144 16 256 min-size=0
|
|
refresh_pattern . 10080 9999% 43200
|
|
|
|
maximum_object_size 10240 MB
|
|
minimum_object_size 0 KB
|
|
maximum_object_size_in_memory 0 MB
|
|
offline_mode on
|
|
|
|
# cache_store_log stdio:/var/log/squid/store.log
|
|
strip_query_terms off
|