I've got a development site running on a host machine (mac os x) in MAMP that I want to view on a client machine (and also on mobile devices - all mac os). All are connected to the same LAN (wifi). I have successfully set up a Squid proxy on the host and I can view HTTP hosts on the client in regular browsers. But I am having some real trouble viewing the SSL-encrypted ones. It's important to use SSL in the dev environment because I'm using it on production. I hope someone can help me figure out how to work this! Thanks in advance.
I access the site on the host using https://www.mydomain.dev:8899. It works perfectly there in all browsers. The local IPs: host 192.168.0.99, client 192.168.0.98.
I set up a little test virtual host in MAMP using the address http://test.dev:8898, with no SSL encryption (it just lists a folder). I can access it on the host machine by typing http://test.dev:8898 into the browser. I created the following .pac file and configured the client machine to use it for proxy configuration:
function FindProxyForURL(url, host) {
if (shExpMatch(url, "http://test.dev*")) {
return "PROXY 192.168.0.99:3128; DIRECT";
}
return "DIRECT";
}
When I started Squid, with the squid config shown below, I could indeed access http://test.dev:8898 on the client machine in all browsers, just like on the host. Great. Now I set up the following .pac file for the dev site:
function FindProxyForURL(url, host) {
if (shExpMatch(url, "https://www.mydomain.dev*")) {
return "PROXY 192.168.0.99:3128; DIRECT";
}
return "DIRECT";
}
But I was unable to connect to https://www.mydomain.dev:8899 on the client machine, getting ERR_CONNECTION_REFUSED in Chrome and 'Unable to Connect' in Firefox (a very quick response in both cases, no noticeable latency).
The access.log looks like this for both requests:
1486685792.999 58 192.168.0.98 TCP_MISS/200 1258 GET http://test.dev:8898/ - HIER_DIRECT/192.168.0.99 text/html
1486685793.556 1 192.168.0.98 TCP_MISS/404 443 GET http://test.dev:8898/favicon.ico - HIER_DIRECT/192.168.0.99 text/html
1486685797.211 1 192.168.0.98 TCP_DENIED/403 3992 CONNECT www.mydomain.dev:8899 - HIER_NONE/- text/html
1486685797.213 0 192.168.0.98 TCP_DENIED/403 3992 CONNECT www.mydomain.dev:8899 - HIER_NONE/- text/html
There's also a weird error in cache.log that says:
2017/02/09 09:09:42 kid1| WARNING: 'Name-of-host-machine' rDNS test failed: (0) No error.
2017/02/09 09:09:42 kid1| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
Here's the curl output:
→ curl -v --proxy 192.168.0.99:3128 https://www.mydomain.dev:8899
* Rebuilt URL to: https://www.mydomain.dev:8899/
* Hostname was NOT found in DNS cache
* Trying 192.168.0.99...
* Connected to 192.168.0.99 (192.168.0.99) port 3128 (#0)
* Establish HTTP proxy tunnel to www.mydomain.dev:8899
> CONNECT www.mydomain.dev:8899 HTTP/1.1
> Host: www.mydomain.dev:8899
> User-Agent: curl/7.37.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 403 Forbidden
< Server: squid/3.5.23
< Mime-Version: 1.0
< Date: Fri, 10 Feb 2017 01:54:06 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3516
< X-Squid-Error: ERR_ACCESS_DENIED 0
< Vary: Accept-Language
< Content-Language: en
< X-Cache: MISS from localhost
< Via: 1.1 localhost (squid/3.5.23)
< Connection: keep-alive
<
* Received HTTP code 403 from proxy after CONNECT
* Connection #0 to host 192.168.0.99 left intact
curl: (56) Received HTTP code 403 from proxy after CONNECT
I tried adding the line https_port 3130 transparent under the line http_port 3128 transparent, and then used the .pac file to redirect to 192.168.0.99:3130, but that didn't work. The browser just hangs waiting for a connection and eventually says the connection was refused.
Hoping someone will know what these errors mean, and what I'm doing wrong! Thanks so much for your time.
Here's my squid.conf file:
acl localnet src 192.168.0.0/24 # local subnet
acl SSL_ports port 443 8899
acl Safe_ports port 8899
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8898 # testdev site
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
coredump_dir /usr/local/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
