Re: [squid-users] SQUID 3.4.8 on RPi 3
Hello VB, You do not need to download yourself anything. The scripts I mentioned automatically download source-deb file that contains squid 3.4.8 sources. I would suggest rebuilding the squid 3.4.8 default in rpi first using our scripts and when you are comfortable with this - try to build latest squid yourself as Yuri suggested. Best regards, Rafael Akchurin Diladele B.V. -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of VB Sent: Saturday, September 17, 2016 3:05 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SQUID 3.4.8 on RPi 3 Hi Rafael thx a lot.. I'm trying also your suggestion.. but this is the errors I'm facing: 1. I've download the squid-3.4.8 source.. but this does not contain /debian/rules dir. Anyhow I've manually created it.. 2. Running 04_squid.sh..these are the errors: File squid-3.4.8/debian/rules is not a regular file -- refusing to patch File squid-3.4.8/debian/rules is read-only; trying to patch anyway patch: Can't create temporary file squid-3.4.8/debian/rules.oRDX0tF : Permission denied thx vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679572.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 IDK. I'm not Linux fanboy. 17.09.2016 19:02, VB пишет: > Hi Yuri > > which version do you suggest for Raspian Jesse? > Is it OK the 3.5.21? Probably. At least 3.5.20. > > thx > Vincenzo > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679571.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX3UOXAAoJENNXIZxhPexGWA8IAMXqd9UwK7qyDWWC9AnHw6ir +JkI4DXQwpObsbeOQi+xPnk7nexu3eWHm7B0ayVY6bdCiZCndZzNzqrquCohbgoS SEqd5NIoksdpVNq/36fQt9/FegmO3keUTxpDdc0FsthGZBcnramaGdw2Xz5X1ThE V+BLTL7WOLf3Hx4bO99xK+CISZE4YhMvuUJX4YY9NeC3wnNKZqT/O2yTOZfi9hgX BzsBHGOGAOgZwyWTru6o3bt3cJvfbTwKfK9XVIZqVThl2uiDBvFzOUvAreSAlP99 MgTcBYEQ5TAS42vvbs79p7xnWHTR6y9jruEptDvNBybO7Z6j8j6/GnCSEylzKgg= =UuSr -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
Hi Rafael thx a lot.. I'm trying also your suggestion.. but this is the errors I'm facing: 1. I've download the squid-3.4.8 source.. but this does not contain /debian/rules dir. Anyhow I've manually created it.. 2. Running 04_squid.sh..these are the errors: File squid-3.4.8/debian/rules is not a regular file -- refusing to patch File squid-3.4.8/debian/rules is read-only; trying to patch anyway patch: Can't create temporary file squid-3.4.8/debian/rules.oRDX0tF : Permission denied thx vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679572.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
Hi Yuri which version do you suggest for Raspian Jesse? Is it OK the 3.5.21? thx Vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679571.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 17.09.2016 12:38, VB пишет: > Hi Yuri > > thx a lot for your links.. following the first one, what I did: > > 1. Create and sign the .pem certificate > > 2. Update my squid.conf with: > https_port 3130 ssl-bump \ > cert=/etc/squid/ssl/myCA.pem \ > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > > acl step1 at_step SslBump1 > > ssl_bump peek step1 > ssl_bump bump all > > but when I check the configuration (squid3 -k parse), I get: > > Processing: https_port 3130 ssl-bump cert=/etc/squid/ssl/myCA.pem > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > ERROR: 'https_port' requires --enable-ssl > Processing: acl step1 at_step SslBump1 > FATAL: Invalid ACL type 'at_step' > FATAL: Bungled /etc/squid3/squid.conf line 130: acl step1 at_step SslBump1 > > how can I overcome these errors on squid 3.4.8? Drop it out. This is antique version which not yet supported modern SSL Bump ACL's/directives. > > Is my version of squid ssl-enabled? and if not.. how can I re-configure it? Yes, but SSL bump has different implementation in antique 3.4.x. > > > thx > Vincenzo > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679562.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX3RPoAAoJENNXIZxhPexGPXAIAI0dBkbBSZCYksa74JxVqNVY mXySn5w8BSQ9lXE1SDvNrekjTEN69Zgt3hJ6B5hlaXLVOPqa9QoRtrQY0LrfCuA+ Amh9Oqp+KfRJi10EAXXq1r6iIfuSFQ+4Wup/bg0PzPbPlvPl3qTqXuVxcH9kBuHe 0RKGuVDty5EE4BaLmzW8PCBF9hcY5RNWe3XhiphlPJAbtDSJk0a6VZe4tirxRGwB RLqponHgZ8enFCpjJocMBgCPfvYTFQvDYZ0mShN3HULYn6pB+Yc3FFulRX+NSvd/ u9YGXk0mY27Qv2IlguFGARufRnEqaCXav08+11XW/PJIdUkgcIGK5BHDLe+zFv0= =hHYX -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 17.09.2016 12:38, VB пишет: > Hi Yuri > > thx a lot for your links.. following the first one, what I did: > > 1. Create and sign the .pem certificate > > 2. Update my squid.conf with: > https_port 3130 ssl-bump \ > cert=/etc/squid/ssl/myCA.pem \ > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > > acl step1 at_step SslBump1 > > ssl_bump peek step1 > ssl_bump bump all > > but when I check the configuration (squid3 -k parse), I get: > > Processing: https_port 3130 ssl-bump cert=/etc/squid/ssl/myCA.pem > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > ERROR: 'https_port' requires --enable-ssl > Processing: acl step1 at_step SslBump1 > FATAL: Invalid ACL type 'at_step' > FATAL: Bungled /etc/squid3/squid.conf line 130: acl step1 at_step SslBump1 > > how can I overcome these errors on squid 3.4.8? Drop it out. This is antique version which not yet supported modern SSL Bump ACL's/directives. As Wiki, by the way, is written about the implementation of different versions of the SSL bump in different SQUID. You need to carefully read. > > Is my version of squid ssl-enabled? and if not.. how can I re-configure it? Yes, but SSL bump has different implementation in antique 3.4.x. > > > thx > Vincenzo > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679562.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX3RTvAAoJENNXIZxhPexGJX8IAJ+73xZ4W9R8fxZibyJ8y2lQ GbxfMmoN9DW49RSqjMXNpLSi+Pqs/dcR0dySS7QwtL3cI/EnMP99ZsNFjxT8RUgi KsEiz0khi9lqkCeoYAJuQCUSD767T6jVTIGBEyMEQNMXynLzJV8QdfHafFBOETOP pIEzF8dkEPshohyjTrMcHojRiXA2EjXYwfNDSJb5k31F18adJ2ojcb7T6FikaVr2 w9nOiltEVxjCAere95AuhsMp1iW5ploKYHMP/0u3Pqwm5TPqlLhsUL1V4xAsCD/m +iItqH+wQO3eLabmGcsPRctDAMOZsGdmXdZU1zpnQI6qgPagCtj7vi7JOZvZm9Y= =whNB -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
Hello VB, Hopefully this will be helpful to recompile Squid on Raspberry PI - http://docs.diladele.com/administrator_guide_4_6/install/rpi/squid.html Scripts to do that are https://github.com/ra-at-diladele-com/qlproxy_external/tree/master/src/va/scripts.debian8 Best regards, Rafael Akchurin Diladele B.V. http://www.quintolabs.com http://www.diladele.com -- Please take a look at Web Safety - our ICAP based web filter server for Squid proxy. -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of VB Sent: Saturday, September 17, 2016 8:39 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SQUID 3.4.8 on RPi 3 Hi Yuri thx a lot for your links.. following the first one, what I did: 1. Create and sign the .pem certificate 2. Update my squid.conf with: https_port 3130 ssl-bump \ cert=/etc/squid/ssl/myCA.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all but when I check the configuration (squid3 -k parse), I get: Processing: https_port 3130 ssl-bump cert=/etc/squid/ssl/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB ERROR: 'https_port' requires --enable-ssl Processing: acl step1 at_step SslBump1 FATAL: Invalid ACL type 'at_step' FATAL: Bungled /etc/squid3/squid.conf line 130: acl step1 at_step SslBump1 how can I overcome these errors on squid 3.4.8? Is my version of squid ssl-enabled? and if not.. how can I re-configure it? thx Vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679562.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
Hi Yuri thx a lot for your links.. following the first one, what I did: 1. Create and sign the .pem certificate 2. Update my squid.conf with: https_port 3130 ssl-bump \ cert=/etc/squid/ssl/myCA.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all but when I check the configuration (squid3 -k parse), I get: Processing: https_port 3130 ssl-bump cert=/etc/squid/ssl/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB ERROR: 'https_port' requires --enable-ssl Processing: acl step1 at_step SslBump1 FATAL: Invalid ACL type 'at_step' FATAL: Bungled /etc/squid3/squid.conf line 130: acl step1 at_step SslBump1 how can I overcome these errors on squid 3.4.8? Is my version of squid ssl-enabled? and if not.. how can I re-configure it? thx Vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556p4679562.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] SQUID 3.4.8 on RPi 3
16.09.2016 17:50, VB пишет: Hi guys I'd like to ask you for a suggestion.. I'm running SQUID 3.4.8 under Rasberry PI3 (Rasbian Jesse) - proxy server "intercept" mode (with iptables forwarding rule to 3128). I've created ACL for devices (ipad, mobiles...) - time based, because I need to allow Internet connection restricted at some hours only to some children devices. The proxy works quite well.. it stops correctly HTTP...but... I'm facing an issue with HTTPS: Infact.. all http:\\addresses are stopped.. but for example https:\\www.google.com not.. Questions: 1. How can I stop both http and https? http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit 2. In case I'd like to compile a new squid version.. like the 3.5.21 on Rasbian Jesse.. how can I do? http://wiki.squid-cache.org/CategoryKnowledgeBase thx a lot for your feedback Vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] SQUID 3.4.8 on RPi 3
Hi guys I'd like to ask you for a suggestion.. I'm running SQUID 3.4.8 under Rasberry PI3 (Rasbian Jesse) - proxy server "intercept" mode (with iptables forwarding rule to 3128). I've created ACL for devices (ipad, mobiles...) - time based, because I need to allow Internet connection restricted at some hours only to some children devices. The proxy works quite well.. it stops correctly HTTP...but... I'm facing an issue with HTTPS: Infact.. all http:\\addresses are stopped.. but for example https:\\www.google.com not.. Questions: 1. How can I stop both http and https? 2. In case I'd like to compile a new squid version.. like the 3.5.21 on Rasbian Jesse.. how can I do? thx a lot for your feedback Vincenzo -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SQUID-3-4-8-on-RPi-3-tp4679556.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
