squid 开启 ssl

1.生成测试用的证书：

openssl req -new -keyout /etc/squid/key.pem -nodes -x509 -days 365 -out /etc/squid/cert.pem

SSL配置：

http_port 8080 transparent

https_port 443 cert=/usr/local/etc/squid/cert.pem key=/usr/local/etc/squid/key.pem transparent protocol=http
#https_port 443 cert=/usr/local/etc/squid/https.pem key=/usr/local/etc/squid/https.pem transparent vport=80 protocol=http
visible_hostname gw2.beihai365.com
icp_port 0
logfile_rotate 2
cache_mgr 237852571@qq.com
#cache_effective_user squid
#cache_effective_group squid
#cache_dir ufs /data/webcache 4096 16 256 read-only
#cache_dir ufs /data2/squid/cache 61440 56 256
cache_dir ufs /data/squid3/cache 61440 56 256
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 512 KB
#cache_vary on
#acl httpd rep_header Server ^Apache ^nginx ^Nginx
#broken_vary_encoding allow httpd
####
#acl norob_url url_regex -i \.(jpg|gif|png|wmv|avi|rmvb|rm|wav|mp3|wma|asf|vob|swf)$
#acl link_url referer_regex -i ^http://[^/]+\.beihai365\.com$
#acl link_url referer_regex -i ^http://[^/]+\.beihai365\.com\/
#acl link_url referer_regex -i ^http://[^/]+\.beihai365\.com\:
#acl link_url referer_regex -i ^http://beihai365\.com$
#acl link_url referer_regex -i ^http://beihai365\.com\/
#acl link_url referer_regex -i ^http://beihai365\.com\:
#acl rob_url url_regex -i ^http://www\.beihai365\.com/images/logo01071\.gif
#deny_info http://www.beihai365.com/images/logo01071.gif norob_url
#http_access allow norob_url link_url
#http_access allow rob_url
#http_access deny !link_url norob_url
####
acl all src 0.0.0.0/0
http_access allow all


cache_log /data/squid3/log/cache.log
cache_access_log /data/squid3/log/access.log

cache_store_log none

#
refresh_pattern -i \.html$ 43200 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 43200 90% 129600 reload-into-ims
refresh_pattern -i \.hml$ 43200 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.css$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.swf 86400 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.wma$ 86400 90% 129600 reload-into-ims
refresh_pattern -i \.wmv$ 86400 90% 129600 reload-into-ims


negative_ttl 0
read_timeout 5 minutes
client_lifetime 1 minutes
half_closed_clients Off
#acl snmppublic snmp_community public
#snmp_port 3401
#snmp_access allow snmppublic me


client_persistent_connections off
#server_persistent_connections off
pconn_timeout 5 seconds