Install squid proxy with –enable-ssl for https_port

→ Are you a new visitor? Please visit the page guidance for new visitors ←

Squid proxy with –enable-ssl

A few months back when I was testing a few reverse proxy for leveraging load on my web server, I needed to setup SSL for one of my websites, unfortunately squid proxy, which I was using for reverse proxy, was not installed by default with –enable-ssl. This is only happening on Debian based servers, I found that on CentOS for example, yum package installer installs squid with ssl. In this article I’m going to show you how you can compile squid and add support for squid proxy with –enable-ssl.

Adding deb-src to source.list

First we will need to add the option to download our source packages from apt, we can do this by editing the following file:

/etc/apt/sources.list

and add there the bellow lines:

Now for you this may be different, but you should just add new lines similar to what you currently have, but started with deb-src.

Next we will navigate to our source folder:

Download and install squid

We then start and download our source files for squid directly from apt package installer:

Next we will need to get some dependencies for compiling:

Next is to start and set some configuration, eg. add –enable-ssl to the rules file:

The parameter needs to be added  somewhere around line 132 # Configure the package.

Then we just start the configure command and wait for it to finish:

Warning! Do not run make and make install, this will get you with errors at the end!

Lastly we need to compile everything and build us the .deb packages:

Manually installing the .deb files

For those of you who probably will still get some errors right at the end, you will probably notice that in your folder /usr/src/ you will have (based on your own version):

Using these files, even if you have had errors when it tried to installed them automatically, you can install them manually like so:

LE: 10 November 2013

Then you are done, you can start using https_port and set your SSL certificates to use SSL with your website. So in a reverse squid proxy configuration, you can use a similar setup:

The public IP address needs to be the one you want squid to listen for SSL requests.

Don’t forget to share it if you like it and comment if you have anything to add.

  • Sigit Sugiharto

    sample squid.conf please

    • http://www.yourhowto.net/ Raica Bogdan

      I added a sample usage on this, you can check above or use the example bellow:

  • Xiaoxiao Xiaowee

    is this possible in lusca? cuz lusca is useful in updating games like steam i hope u can make a tut for pfsense lusca 2.0.3 i know its not supported in packages but its useful, it depends to a user.

    • http://www.yourhowto.net/ Raica Bogdan

      Not entirely sure what you want me to do. Perhaps you want a proxy in front of your game? But that would add a few ms latency and not sure if that is best in games.

  • Xiaoxiao Xiaowee

    yes im using pfsense 2.0.3 with lusca in 100 clients i wonder if it’s possible lusca can cache https with ur tut but isee it’s in debian i use pfsense with limiting without affecting lusca for 2 years and it was great for updating games but only https cant cache

    • http://www.yourhowto.net/ Raica Bogdan

      Well Lusca is a fork of squid 2, depending on how you got it compiled, you can enable the SSL in the same way it was enabled on squid. Should be the same if I’m not wrong. I haven’t used Lusca so I can’t help much unfortunately. Would need to play / test and come with a tutorial which at the moment is not possible, holidays and all…

  • Xiaoxiao Xiaowee

    but i like ur tut i hope u test for if it’s possible thank you happy holidays mwaaaaah :)

    • http://www.yourhowto.net/ Raica Bogdan

      I’ll see if I can do something in the coming week.

      Cheers.

Request an article ←