A quick recipe for making a squid https proxy for all or specific domains.
WARNING This implementation is very basic and has an allow all clause instead of specific ports. This was done in testing and will be removed in later itterations. This is proof-of-concept code; please regard it as such.
Generate certificates using the provided helper script; you may want to modify it to your liking with respect to openssl parameters.
/bin/bash generate-certs.sh
# Follow promptsNow you need to import the squid-ca-cert.der into your trusted root
certificate authority cache for your OS.
Copy one of the template configuration files to squid.conf in the root of the
directory.
squid-all.conf- ssl_bumps all trafficsquid-bump-select.conf- ssl_bumps traffic as specified by cachelist.txt and splices the restsquid-splice-select.conf- ssl_bumps all traffic except domains specified by splicelist.txt
After selecting a configuration to work with, modify the appropriate domain list and consider editing the cache directory and max object size limits.
#!/bin/bash
docker build -t squid-cache-https .
docker run -it --rm \
-v $PWD/squid-ca-cert-key.pem:/etc/squid/certs/squid-ca-cert-key.pem \
-p 3128:3128 \
-v $PWD/squid.conf:/etc/squid/squid.conf \
-v /PATH/TO/CACHE/DIR:/var/spool/squid/data \
-v $PWD/cachelist.txt:/etc/squid/cachelist.txt \
-v $PWD/splicelist.txt:/etc/squid/splicelist.txt \
squid-cache-httpsModify the PATH_TO_CACHE_STORAGE placeholder in the docker-compose.yml. Then launch:
docker-compose up -d