Inside the company Squid agent HTTPS access to information website

Colleague installs squid, I encrypt according to the following method:

Reference URL:

Http://www.tuicool.com/articles/iYv2YfU

As we all know, in the domestic access to foreign internet is often inaccessible, such as to find information on Google can not, or go to code Google want to download codes can not, (Ben collapse, not birds have wood), so we are trying to use a variety of methods to realize the turn, wall, Here are the general meanings of the proxy server squid and Stunnel.

Both tools are easier to install

Note:

(1) Squid can be installed in the source code, can also be installed online, if you are using a CentOS system can be executed by Yum install squid installed

(2) Squid website and:

http://www.squid-cache.org/

(3) About squid configuration

Official documents

Online Address: Http://www.squid-cache.org/Versions/v3/3.3/cfgman/index.html#toc_logfile_rotate

Do not understand the E-text friends, you can visit zyan.cc translation-"Squid Chinese authoritative Guide" (very good reference, found a lot of foreign things are he first introduced, find information to find more, found, this is something, O (∩_∩) o~)

Chinese Translation version

Online Address: http://zyan.cc/book/squid/index.html

(4) Stunnel you can refer to the following steps to do, do not explain

To use this method, the prerequisites are:

1, a server running abroad, or a virtual machine.

2, Squid is installed on this server.

3, of course, you have to be able to connect it from mainland China.

4, local installation of Stunnel

First, now configure squid on the server:

: http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.4.tar.gz

Decompression: TAR-ZXVF squid-3.2.4.tar.gz

Go to unzip directory, execute

--enable-sslmakemake Install

Note: If make has an error, please Google resolve it yourself

After the installation is complete, generate the cryptographic Agent certificate:

OpenSSL req-new > Lidongbest5.csropenssl RSA-inPrivkey.pem-outlidongbest5.keyopenssl x509-inLido NGBEST5.CSR-3650    

Comment out Http_port 3128 in/usr/local/squid/etc/squid.conf and add the following line

443 cert=/usr/local/squid/etc/lidongbest5.crt key=/usr/local/squid/etc/lidongbest5.key 

And in the file, change http_access deny all to http_access allow all

Note: If there is a problem with the file path, please whereis find it yourself

Start squid

Cd/usr/local/squid. /sbin/squid-z./sbin/squid Reload.  /sbin/squid Restart  

You can use Ps-ef after start | grep 443来 to see if the 443 encryption proxy port is enabled, if it is not enabled, the squid does not start, then you can go into the Squid log file to see the error, I was the boot did not succeed because of a cache file permissions problems and missing an Access file, This view log file is still easy to locate and resolve

Next download Stunnel on the client, address: ftp://ftp.stunnel.org/stunnel/

Boot after installation. Configure stunnel.conf in Configutation, empty the original content, write:

Yes[HTTPS]127.0.  0.1:8088server IP:443     

And then reload to configure OK.

The last is to configure the agent in the browser, it is recommended to use SWITCHYSHARP in Chrome, not to the Chrome app Stroe can be http://ishare.iask.sina.com.cn/download/ explain.php?fileid=24256272 Download

HTTP proxy:127.0.0.1 port:8088

Tick the same proxy server for all protocols, so it's OK

Inside the company Squid agent HTTPS access to information website