Difference between revisions of "Using encrypted channels to communicate with squid proxy server"
m |
m |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Using encrypted channels to communicate with squid proxy server]] | |||
We can use | We can use | ||
Line 5: | Line 5: | ||
https_port 8081 cert=/etc/squid/squid.pem | https_port 8081 cert=/etc/squid/squid.pem | ||
</pre> | </pre> | ||
in '<tt>squid.conf</tt>' to allow clients to connect to proxy using SSL, where '<tt>squid.pem</tt>' can ge generated | in '<tt>squid.conf</tt>' to allow clients to connect to proxy using SSL, where '<tt>squid.pem</tt>' can ge generated as explained at [[Openssl]] | ||
On the client side we can use stunnel to tunnel all browser plain-text traffic | On the client side we can use stunnel to tunnel all browser plain-text traffic | ||
Line 17: | Line 14: | ||
accept=8080 | accept=8080 | ||
client=yes | client=yes | ||
connect= | connect=<proxy-ip-or-fqdn>:8081 | ||
</pre> | </pre> | ||
We can add above section to '<tt>/etc/stunnel/stunnel.conf</tt>' file and run stunnel using '<tt>stunnel /etc/stunnel/stunnel.conf</tt>' so that stunnel listens on port 8080 on localhost and forwards all incoming connections to | |||
We can add above section to '<tt>/etc/stunnel/stunnel.conf</tt>' file and run stunnel using '<tt>stunnel /etc/stunnel/stunnel.conf</tt>' so that stunnel listens on port 8080 on localhost and forwards all incoming connections to proxy server on port 8081. | |||
We can also add following options, if we have CA certificate and we want to defy man-in-the-middle attacks via other self-signed certificates. | We can also add following options, if we have CA certificate and we want to defy man-in-the-middle attacks via other self-signed certificates. | ||
Line 29: | Line 28: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Using encrypted channels to communicate with squid proxy server]] |
Latest revision as of 10:13, 14 July 2022
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Using encrypted channels to communicate with squid proxy server
We can use
https_port 8081 cert=/etc/squid/squid.pem
in 'squid.conf' to allow clients to connect to proxy using SSL, where 'squid.pem' can ge generated as explained at Openssl
On the client side we can use stunnel to tunnel all browser plain-text traffic
over SSL to proxyserver, port 8081. Sample stunnel service configuration is
[facultyproxy] accept=8080 client=yes connect=<proxy-ip-or-fqdn>:8081
We can add above section to '/etc/stunnel/stunnel.conf' file and run stunnel using 'stunnel /etc/stunnel/stunnel.conf' so that stunnel listens on port 8080 on localhost and forwards all incoming connections to proxy server on port 8081.
We can also add following options, if we have CA certificate and we want to defy man-in-the-middle attacks via other self-signed certificates.
CAfile=/etc/pki/CA/private/ca.crt verify=3
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Using encrypted channels to communicate with squid proxy server