wt., 6 paź 2020 o 07:08 Vieri Di Paola <vieridipa...@gmail.com> napisał(a):
> > In any case, I'm now using a combination of TPROXY for HTTP and > redirect interceptions for HTTPS as follows, and both types of traffic > seem to be proxied without errors. > > squid: > > http_port 3129 tproxy > https_port 3130 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem > > > It seems like it might work. TPROXY for unencrypted http traffic and SSL BUMP for HTTPS. Remember that for each HTTP and HTTPS traffic, Squid must listen on a different port. And the redirections must go to these ports. And of course, at the very end, you need to install the certificate used by Squid on your users' web browsers, otherwise the browser will show a message about an invalid SSL certificate. Let us know, Vieri, if this worked for you. Best regards, Witek > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
