Changes between Version 4 and Version 5 of TipAndDoc/network/proxy/squid

Timestamp:

Dec 31, 2012 10:08:00 AM (11 years ago)

Author:

mitty

Comment:

--

TipAndDoc/network/proxy/squid

@@ -29 +29 @@
   * [http://www.squid-cache.org/Doc/config/cache_dir/ squid : cache_dir configuration directive]
   > 'null' storage type dropped. In-memory cache is always present. Remove all cache_dir options to prevent on-disk caching.
+
+ = forward proxy with SSL =
+ * http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
+ > Unfortunately, popular modern browsers do not permit configuration of TLS/SSL encrypted proxy connections.
+  * IE 9/Firefox 17/Chrome 23では、chromeのみ(23.0.1271.97)サポートしている模様
+  * [http://dev.chromium.org/developers/design-documents/secure-web-proxy Secure Web Proxy - The Chromium Projects]
+  * {{{chrome --proxy-pac-url=D:\ssl.pac}}}のようにして起動する
+{{{
+function FindProxyForURL(url, host) { return "HTTPS proxy.example.jp:8443"; }
+}}}
+   * インターネットオプション > 接続 > LANの設定 > 自動構成スクリプト に {{{file://D:/ssl.pac}}} のように指定することも出来るが、IEその他のクライアントにも影響が出るため好ましくない
+
+ == --enable-ssl ==
+ * Ubuntu 12.04のsquid3パッケージは、httpsサイトへのプロクシとしては動作するが、configure --enable-sslされていないため、リビルドが必要
+
+ * [http://ubuntuforums.org/showthread.php?t=2049290 (SOLVED) Squid3-3.1.19 on Ubuntu 12.04 - https ssl shebang - Ubuntu Forums]
+
+ * 必要なパッケージ
+  * mitty@test:~$ sudo aptitude build-dep squid3
+{{{
+Unable to satisfy the build-depends: Build-Depends: libcap2-dev.
+}}}
+  * mitty@test:~$ sudo aptitude install -R devscripts
+   * debuildを含むパッケージ -> [../../Linux/Packages#buildpackages]
+  * mitty@test:~$ sudo aptitude install -R libcap2-dev
+{{{
+Note: selecting "libcap-dev" instead of the
+      virtual package "libcap2-dev"
+The following NEW packages will be installed:
+  libcap-dev
+}}}
+   * 不足していると、{{{debuild -us -uc}}}が以下のエラーで失敗する
+{{{
+dpkg-checkbuilddeps: Unmet build dependencies: libcap2-dev
+}}}
+  * mitty@test:~$ sudo aptitude install -R libssl-dev
+   * 不足していると、{{{debuild -us -uc}}}が以下のエラーで失敗する
+{{{
+../../src/ssl/gadgets.h:39:1: error: variable or field 'X509_free_cpp' declared void
+../../src/ssl/gadgets.h:39:1: error: 'X509' was not declared in this scope
+../../src/ssl/gadgets.h:39:1: error: 'a' was not declared in this scope
+../../src/ssl/gadgets.h:40:21: error: 'X509' was not declared in this scope
+}}}
+   * [http://en.usenet.digipedia.org/thread/17566/16089/ i'm having a problem while compiling squid 3.2.0.12 (since 3.2.0.6) on ubuntu server]
+
+ * mitty@test:~$ apt-get source squid3
+{{{
+Get:1 http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu/ precise-updates/main squid3 3.1.19-1ubuntu3.12.04.1 (dsc) [1,912 B]
+Get:2 http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu/ precise-updates/main squid3 3.1.19-1ubuntu3.12.04.1 (tar) [3,403 kB]
+Get:3 http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu/ precise-updates/main squid3 3.1.19-1ubuntu3.12.04.1 (diff) [22.1 kB]
+}}}
+{{{
+squid3-3.1.19/
+squid3_3.1.19-1ubuntu3.12.04.1.debian.tar.gz
+squid3_3.1.19-1ubuntu3.12.04.1.dsc
+squid3_3.1.19.orig.tar.gz
+}}}
+
+ * mitty@test:~$ vim squid3-3.1.19/debian/rules
+{{{#!diff
+--- rules       2012-06-20 07:44:17.000000000 +0900
++++ squid3-3.1.19/debian/rules  2012-12-31 06:20:56.484331684 +0900
+@@ -35,6 +35,7 @@
+                --enable-esi \
+                --enable-zph-qos \
+                --enable-wccpv2 \
++               --enable-ssl \
+                --disable-translation \
+                --with-logdir=/var/log/squid3 \
+                --with-pidfile=/var/run/squid3.pid \
+}}}
+
+ * mitty@test:~/squid3-3.1.19$ debuild -us -uc
+{{{
+squid_3.1.19-1ubuntu3.12.04.1_amd64.deb
+squid3_3.1.19-1ubuntu3.12.04.1_amd64.deb
+squid3-common_3.1.19-1ubuntu3.12.04.1_all.deb
+squid3-dbg_3.1.19-1ubuntu3.12.04.1_amd64.deb
+squid-cgi_3.1.19-1ubuntu3.12.04.1_amd64.deb
+squidclient_3.1.19-1ubuntu3.12.04.1_amd64.deb
+squid-common_3.1.19-1ubuntu3.12.04.1_all.deb
+}}}
+
+ == install debs ==
+ * 依存パッケージ
+  * mitty@squid:~$ sudo aptitude install -R libcap2 libldap-2.4-2 libltdl7 libsasl2-2 ssl-cert squid-langpack
+ * mitty@squid:~$ sudo dpkg -i squid3_3.1.19-1ubuntu3.12.04.1_amd64.deb squid3-common_3.1.19-1ubuntu3.12.04.1_all.deb
+ * mitty@squid:~$ squid3 -v
+{{{
+Squid Cache: Version 3.1.19
+configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2' '--enable-ssl' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' --with-squid=/home/mitty/squid3-3.1.19
+}}}
+  * オリジナルのconfigure options
+  * mitty@test:~$ squid3 -v
+{{{
+Squid Cache: Version 3.1.19
+configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' --with-squid=/build/buildd/squid3-3.1.19
+}}}