Tuesday, January 21, 2014

Cara Mudah Install squid3 3.5.7 ssl Support di Debian





apt-get update
apt-get install apt-transport-https

wget -O - http://dl.dropbox.com/u/228547674/debian/public-key.gpg | apt-key add -

echo "deb http://dl.dropbox.com/u/228547674/debian/ jessie-backports main"  >> /etc/apt/sources.list.d/squid.list

apt-get update

apt-get install squid/jessie-backports



# Generate Certificate
OPENSSL=/usr/bin/openssl
SSLDIR=/etc/squid/ssl_cert
mkdir -p $SSLDIR || exit 1
rm -rf $SSLDIR/*
[ -e $SSLDIR/myCA.pem ] || (echo -e "ID\nSulawesi Selatan\nMakassar\nFokusnet\nProxy\nFokusnet\nraja_malam72@hotmail.com\n"| $OPENSSL req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout $SSLDIR/myCA.pem -out $SSLDIR/myCA.pem)
[ -e $SSLDIR/myCA.der ] || $OPENSSL x509 -in $SSLDIR/myCA.pem -outform DER -out $SSLDIR/myCA.der

SQUIDSSLCRTDDIR=/etc/squid/ssl_db/
SSLCRTD=/usr/lib/squid/ssl_crtd
$SSLCRTD -c -s $SQUIDSSLCRTDDIR
[ -d $SQUIDSSLCRTDDIR ] && chown proxy.proxy -R $SQUIDSSLCRTDDIR 


 # squid.conf
http_port 3128
http_port 3127 intercept
https_port 3129 intercept  ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem

sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db -M 4MB

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

# Mikrotik
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=IP_PROXY routing-mark=proxy scope=30 target-scope=10
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=!IP_PROXY dst-port=80,443 new-routing-mark=proxy passthrough=yes protocol=tcp src-address=\
    IP_LAN

#Import certificate /etc/squid/ssl_cert/myCA.der

 For example, in FireFox:
1. Open 'Preferences'
2. Go to the 'Advanced' section, 'Encryption' tab
3. Press the 'View Certificates' button and go to the 'Authorities' tab
4. Press the 'Import' button, select the .der file that was created previously and pres 'OK' 


#Remove Squid
apt-get --purge remove squid


#iptables
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3129

Diposkan oleh di
Label: , ,
Subscribe to: Posts (Atom)