-
Notifications
You must be signed in to change notification settings - Fork 1
/
squid_ssl.sh
51 lines (37 loc) · 1.54 KB
/
squid_ssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#! /bin/bash
# http://marek.helion.pl/install/squid.html
# Install dependancies
apt-get update
apt-get -y install gcc make g++ libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libnghttp2-dev libdumbnet-dev bison flex libdnet libc-bin libssl1.1 libssl-dev
# Download Squid 4.6 source code
cd /opt && wget http://www.squid-cache.org/Versions/v4/squid-4.11.tar.gz
# Untar archive
tar xvzf squid-4.11.tar.gz -C /opt
# Configure the compiler with ssl options
cd squid-4.11
./configure --with-openssl --enable-ssl --enable-ssl-crtd --disable-ipv6
# Compile
make
# Install
make install
# Create squid user for file permissions (cache, certificates, logs...)
groupadd squid
useradd squid -r -s /sbin/nologin -g squid
# Create certificates directory
mkdir /usr/local/squid/ssl
cd /usr/local/squid/ssl
# Create CA certificate and private key
openssl req -new -newkey rsa:4096 -sha256 -days 3650 -nodes -x509 -extensions v3_ca -keyout proxyCA.pem -out proxyCA.pem -subj "/C=FR/ST=IDF/L=Paris/O=TIIX/OU=WTF/CN=proxy.tiix.lab"
# Export certificate to "der" format (importable into browser)
openssl x509 -in proxyCA.pem -outform DER -out proxyCA.der
# Configure permissions
chown -R squid:squid /usr/local/squid/ssl
# Create cache & logs directories
mkdir -p /var/squid/cache
mkdir -p /var/log/squid
chown -R squid:squid /var/squid/cache
chown -R squid:squid /var/log/squid
# Initialyze ssl cert database
/usr/local/squid/libexec/security_file_certgen -c -s /usr/local/squid/var/cache/squid/ssl_db -M 4MB
# Initialyze cache directory
/usr/local/squid/sbin/squid -z