无法通过squid3访问https网站

时间:2012-04-20 19:59:51

标签: linux caching https proxy squid

我试图在Ubuntu服务器上通过squid代理3.1.14访问https网站,但我不知道为什么我不能。这是我的squid -v输出:

Squid Cache: Version 3.1.14
configure options:  '--build=i686-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include'      '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-ssl' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=i686-linux-gnu' 'CFLAGS=-g -O2 -g -O2 -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -O2 -Wall' --with-squid=/etc/squid3/squid3-3.1.14

这是我的squid.conf:

 http_port 3124

 cache_mem 256 MB

 maximum_object_size_in_memory 10 MB
 maximum_object_size  100 MB
 minimum_object_size 0 KB
 cache_swap_low 90
 cache_swap_high 95

 cache_dir diskd /cache/squid1 5000 16 256
 cache_dir diskd /cache/squid2 5000 16 256
 cache_dir diskd /cache/squid3 5000 16 256
 cache_dir diskd /cache/squid4 5000 16 256
 cache_dir diskd /cache/squid5 5000 16 256
 cache_dir diskd /cache/squid6 5000 16 256
 cache_dir diskd /cache/squid7 5000 16 256

 access_log /var/log/squid3/access.log squid

 cache_peer x.x.x.x parent 3124 0 no-query login=PASS default no-digest
 memory_replacement_policy lru
 cache_replacement_policy lru
 cache_store_log /var/log/squid3/store.log
 emulate_httpd_log on
 cache_log /var/log/squid3/cache.log
 debug_options ALL,2
 coredump_dir /var/spool/squid3
 minimum_expiry_time 120 seconds
 cache_mgr nutel.rn@dprf.gov.br
 cache_effective_user squid
 cache_effective_group squid
 cachemgr_passwd 1234567890 all


 refresh_pattern -i ([^.]+.|)jre-6u31-linux-i586\.bin 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i exe$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i com$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i br$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i [0-9]+$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i AutoDL?BundleId=59620$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i htm$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i php$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i html$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i asp$ 1440 50% 9999 override-expire ignore-no-cache ignore-no-store ignore-private
 refresh_pattern -i zip$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
 refresh_pattern -i \.(mp3|mp4|m4a|ogg|mov|avi|wmv)$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
 refresh_pattern -i flv$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
 refresh_pattern -i swf$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
 refresh_pattern -i cab$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
 refresh_pattern -i rar$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
 refresh_pattern ^http:// 30 40% 20160
 refresh_pattern ^ftp:// 30 50% 20160
 refresh_pattern ^gopher:// 30 40% 20160
 refresh_pattern . 1440 100% 1440 ignore-reload override-lastmod override-expire reload-into-ims

 acl manager proto cache_object
 acl localhost src 127.0.0.1/32

 acl SSL_ports port 443 563
 acl cacic_ports port 20 21 22 3306  # cacic
 acl Safe_ports port 80 23       # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 443 563     # https, snews
 acl Safe_ports port 70          # gopher
 acl Safe_ports port 210         # wais
 acl Safe_ports port 1025-65535  # unregistered ports
 acl Safe_ports port 280         # http-mgmt
 acl Safe_ports port 488         # gss-http
 acl Safe_ports port 591         # filemaker
 acl Safe_ports port 777         # multiling http

 acl purge method PURGE
 acl CONNECT method CONNECT

 http_access allow manager localhost
 http_access deny manager
 http_access allow purge localhost
 http_access deny purge
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports


 #Cache videos youtube
 acl youtube dstdomain .youtube.com
 cache allow youtube

 # Aqui você irá definir o IP da sua rede interna
 acl redelocal src x.x.x.x/24
 cache allow redelocal
 http_access allow redelocal
 http_access allow localhost
 http_access deny all

我曾尝试访问gmail,facebook,....,任何使用https的网站都没有打开,但任何其他未使用https的网站都会完美打开。

我做错了什么?

感谢您的帮助!!!

1 个答案:

答案 0 :(得分:0)

在Ubuntu上玩Squid的每个人都可能遇到过这个问题;。

Ubuntu Squid软件包是在没有SSL选项的情况下编译的。因此,无法在Ubuntu Server上使用Squid代理HTTPS连接。

Refer This