squid配置https代理的方法,亲测可用!

博主在配置好squid后,皆大欢喜的翻墙的时候,忽然发现gooogle.com,youtube.com等https的链接无法打开,只能打开http的网站,譬如bbc.com之类的,在网上找了好多帖子,翻了无数文档之后,发现网上很多帖子还是很靠谱的,只是自己的操作没有对才苦苦浪费了很多时间,二话不说,上图:

youtube

在开始大餐之前先注意这几个问题:

1,浏览器的代理设置一定要注意,尤其是使用火狐的小伙伴们,火狐有个设定如图:

火狐配置

这里http代理下面有一个SSL代理,千万不要坑在这儿了,这个的端口写的和http代理的端口一样就行了,千万不要写https的端口(也就是https_port的端口),不然https链接死活连接不上。

2,一定要有CA证书,之前一直没有搞懂这个有什么用,这才是连上https的关键所在,这儿简要说一说这个东西:

①这个东西可以自己制作,当然也可以给专门的证书机构制作,但是我相信既然都来自己配置代理服务器了,相信各位不会舍得掏这一大笔钱(一大笔!!!),所以就自己制作吧。开始之前先说一说证书制作的步骤:标准的证书制作一般会生成三个文件,一般为私钥文件(key),证书申请文件(csr),相当于一份申请书,给证书颁发机构的,自己制作证书的话就不用了,毕竟自己就是颁发机构也就不用申请了,还有一个就是生成的证书(crt).。

3,一定要有openssl工具哟,没有的话装上再看下一步,这都不会的话不用看下去了。

好了,正式上菜:

1,制作私钥:

openssl genrsa -des3 -out /etc/squid/server.key 1024

执行过程中都会输入一个密码来保护私钥,牢记,以后会使用,这会在目录/etc/squid下生成一个server.key的密钥。

2,生成申请文件,如果想自己做证书的话,省略这一步:

openssl req -new -key /etc/squid/server.key -out /etc/squid/server.csr

填写相应的内容,既是你的申请内容,里面是你的相应信息,就像申请表一类的东西。完成后发给证书颁发机构,交钱(一大笔钱!!!),然后给你证书。

3,制作证书,我的是有效期10年的证书

openssl req -new -x509 -nodes -sha1 -days 3650 -key /etc/squid/server.key -out /etc/squid/server.crt

这里面会填写一些证书的信息,其中有一项是:Common Name,证书公用名,这里应该是主机的全称例如www.dengxn.com,因为这是一台代理服务器,不在域中,所以可以填myhost。

由于前面密钥有密码,所以导致每次重启服务都会要求输入密码,嫌麻烦的话这里可以把密码去掉:

openssl rsa -in /etc/squid/server.key -out /etc/squid/server.key

4,配置squid

https_port 443 key=/etc/squid/server.key cert=/etc/squid/server.crt

重启squid服务:service squid restart

或者重新加载squid配置文件:squid -k reconfigure

完毕!!!

有些浏览器可能会提醒证书不信任之类的,不用担心,毕竟是自己的代理服务器。如果真的想完全屏蔽掉这种不安全的提醒的话,那就自己制作根证书,然后再制作证书,然后把根证书导入到浏览器,就不会有这种提醒了,根证书的制作方法可以参照这为哥们儿的http://blog.csdn.net/tiandyoin/article/details/37880457

导入根证书的方法我就不说了,找度娘,我就懒得打字了,如果有同僚遇到问题,欢迎留言,博主尽量一一回复(妹子优先)

郑重承诺,博主所写内容结尾博主原创,请尊重博主的版权和成果,转载请注明出处

=====================================================

2017/3/24更新:

按照上述方法配置好之后,确实能够正常上网了,可是一段时间后,你会发现,很不稳定,有时候能上,有时候连不上,原因在于,你被墙了。没错,虽然https是加密的,但http的报头是不会被加密的,时间长了,依然会被墙,所以想要一直畅通无睹的翻墙,你需要一个神器,stunnel,这个东西提供了一个加密隧道,因此你需要在服务端和客户端都装这个东西,然后代理所有的http/https请求,把它们加密,发送到服务端,到达服务端后再把请求转发给stunnel,从而避免被GFW检测到http报头被屏蔽,至于具体的配置方法,网上一大把,我就不copy+paste了,如果解决不了的,欢迎留言评论或者email给我

815 thoughts on “squid配置https代理的方法,亲测可用!

  1. This very blog is definitely entertaining additionally informative. I have picked a bunch of helpful tips out of this blog. I ad love to go back every once in a while. Cheers!

  2. Usually I do not learn post on blogs, however I wish to say that this write-up very forced me to try and do it! Your writing style has been surprised me. Thanks, quite nice post.

    • Keep up the fantastic work , I read few content on this web site and I conceive that your blog is real interesting and holds lots of fantastic information.

  3. I think other web site proprietors should take this website as an model, very clean and magnificent user genial style and design, as well as the content. You are an expert in this topic!

  4. This is really interesting, You are a very skilled blogger. I ave joined your feed and look forward to seeking more of your magnificent post. Also, I ave shared your web site in my social networks!

  5. This is really interesting, You are a very skilled blogger. I ave joined your rss feed and look forward to seeking more of your excellent post. Also, I have shared your web site in my social networks!

  6. [url=http://necklacesfor-women.us/]Necklaces[/url]
    [url=http://necklacesfor-women.us/]Necklaces For Women[/url]
    [url=http://necklacesfor-women.com/]Necklaces For Women[/url]
    [url=http://necklacesfor-women.com/]Necklaces[/url]
    [url=http://necklacesforwomen.us/]Necklaces For Women[/url]
    [url=http://necklacesforwomen.us/]Necklaces[/url]
    [url=http://necklacesn.com/]Necklaces For Women[/url]
    [url=http://necklacesn.com/]Necklaces[/url]

  7. Aw, this was an exceptionally good post. Spending some time and actual effort to create a good article… but what can I say… I procrastinate a whole lot and don’t manage to get nearly anything done.|

  8. Hi, Neat post. There’s a problem along with your website in web explorer, could check this? IE still is the marketplace leader and a huge element of folks will miss your magnificent writing because of this problem.|

  9. Normally I do not learn post on blogs, however I wish to say that this write-up very pressured me to take a look at and do so! Your writing style has been amazed me. Thank you, quite nice post.

  10. [url=http://fingerspinnerzl.com/]Finger Spinner[/url]
    [url=http://fidgetcubesx.com/]Fidget Cube[/url]
    [url=http://fidgetspinnero.com/]Fidget Spinner[/url]
    [url=http://handsspinner.net/]Hand Spinner[/url]
    [url=http://fidgetmcube.com/]Fidget Cube[/url]
    [url=http://fidgetrspinner.com/]Fidget Spinner[/url]
    [url=http://fidgetcuben.com/]Fidget Cube[/url]
    [url=http://fidgetcubet.com/]Fidget Cube[/url]
    [url=http://fidgetspinnersn.com/]Fidget Spinner[/url]
    [url=http://fidgetspinnern.com/]Fidget Spinner[/url]
    [url=http://fidgetspinnerzl.com/]Fidget Spinner[/url]

  11. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.|

  12. Very nice post and right to the point. I don at know if this is really the best place to ask but do you people have any ideea where to hire some professional writers? Thanks

  13. I precisely wanted to say thanks all over again.I am not sure what I might have achieved without those opinions discussed by you relating to this situation.Certainly was a real frustrating dilemma in my opinion, nevertheless seeing this specialised manner you resolved it took me to weep over happiness.Extremely happier for this information and as well , believe you recognize what a powerful job you are carrying out training most people all through your webpage.I am certain you have never got to know all of us. กล้องติดหมวกกันน็อค