install PROXY di Virtual BOX (sesi 5)

Posted by

Lanjut ke HTTPS caching
Untuk caching HTTPS kita butuh feature SSL_BUMP , DynamicSslCert. Feature ini harus diaktifkan saat
configure





#Ayo kita configure ulang

sudo su

#Tambahkan dulu paket pendukung
apt-get install libssl-* -y
apt-get install libsasl2-dev –y
cd squid-3*
make clean
./configure --prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--sysconfdir=/etc/squid \
--localstatedir=/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--enable-err-languages=English \
--enable-default-err-language=English \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--disable-dependency-tracking \
--enable-storeio=ufs,aufs,diskd \
--enable-removal-policies=lru,heap \
--enable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-snmp \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-large-files \
--enable-underscores \
--disable-auth \
--enable-async-io \
--with-pthreads \
--disable-ipv6 \
--enable-ssl
--enable-ssl-crtd
make && make install

#setelah selesai lanjut
mkdir -p /etc/squid/ssl_cert
cd /etc/squid/ssl_cert
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
mkdir -p /var/squid/ssl_db
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy /var/squid/ssl_db/certs

#Edit squid.conf
nano /etc/squid/squid.conf

#Tambahkan directive
http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db/certs/ -M 4MB
sslcrtd_children 5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all
#Simpan dengan menekan tombol Ctrl+o dan Enter
#Keluar dengan menekan tombol Ctrl+x
#Lanjut
squid -k reconfigure
reboot
squid start

#Edit manual proxy browser
#coba buka facebook
#Muncul warning This Connection is Untrusted, browser ga mengenal CA yg ngeluarin certificate palsu
dari SQUID. Maka harus diimport CA certificatenya terlebih dahulu.
 #Di Firefox Tools > Options > Advanced > Certificates

dah gitu dulu selanjutnya oprek sendiri



FOLLOW and JOIN to Get Update!

Social Media Widget SM Widgets




Demo Blog NJW V2 Updated at: 14:09:00

0 komentar:

Post a Comment

ilmu lebih berharga dari pada uang