Squid 4.10 on Ubuntu Server 20.04
I have tried so many things and spent this entire week researching on how to get this working. To get an idea of what I am trying to do here, take a look at these posts:
https://www.reddit.com/r/HomeNetworking/comments/l9049f/https_squid_proxy_w_cache/
and here:
EDIT: Basically I am trying to set up a HTTPS Transparent proxy with cache. The ssl-bump would decrypt data and store it in cache. But whenever I connect using the https proxy settings in my Firefox browser, I get a TLS_DENIED_ABORTED/200 or NONE/200 or TLS_DENIED/400. Squid is running, cache dirs are created and no errors in parsing the configuration. I have squid -r reconfigure before you say anything.
Just read a comment saying:
This is a bad idea in general, because you are seeking to break TLS functionality and something that will not be possible with TLS1.3, the latest version, and even now will not work with HSTS.
Sounds like it's difficult to do.....
Here's my current squid.conf anyway:
# ACCESS LISTS
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 192.168.5.0/24 # RFC 1918 local private network (LAN)
acl laptop src 192.168.5.114
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# HTTP ACCESS
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump cert=/etc/squid/ssl_cert/proxyCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny manager
include /etc/squid/conf.d/*
http_access allow laptop
http_access allow localnet
http_access allow localhost
http_access allow manager localhost
http_access allow all
# SQUID CACHE DUMP DIR
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
# SSL BUMPING
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5
#acl step1 at_step SslBump1
#ssl_bump peek step1
#ssl_bump bump all
# TEST
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump stare step2
ssl_bump bump step3
# BYPASS SSL ERROR (not recommended)
sslproxy_cert_error allow all
# SQUID CACHE DIRECTORY AND SIZE
cache_dir aufs /var/spool/squid 1000 16 256
# CACHE LOG DIR
cache_log /var/log/squid/cache.log
#cache allow all
# ACCESS LOG DIR
access_log /var/log/squid/access.log
# DNS SETTINGS
dns_nameservers 1.1.1.1 1.0.0.1
dns_v4_first on
Sorry for the lack of information here, I have given up and on the verge of banging my head against the wall. I need some help please.
