Install squid proxy with –enable-ssl for https_port
Squid proxy with –enable-ssl
A few months back when I was testing a few reverse proxy for leveraging load on my web server, I needed to setup SSL for one of my websites, unfortunately squid proxy, which I was using for reverse proxy, was not installed by default with –enable-ssl. This is only happening on Debian based servers, I found that on CentOS for example, yum package installer installs squid with ssl. In this article I’m going to show you how you can compile squid and add support for squid proxy with –enable-ssl.
Adding deb-src to source.list
First we will need to add the option to download our source packages from apt, we can do this by editing the following file:
/etc/apt/sources.list
and add there the bellow lines:
1 2 3 |
deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free deb-src http://backports.debian.org/debian-backports wheezy-backports main contrib non-free deb-src http://volatile.debian.org/debian-volatile/ wheezy/volatile main contrib non-free |
Now for you this may be different, but you should just add new lines similar to what you currently have, but started with deb-src.
Next we will navigate to our source folder:
1 |
cd /usr/src |
Download and install squid
We then start and download our source files for squid directly from apt package installer:
1 |
apt-get source squid |
Next we will need to get some dependencies for compiling:
1 2 3 |
apt-get build-dep openssh apt-get build-dep openssl apt-get install devscripts build-essential fakeroot |
Next is to start and set some configuration, eg. add –enable-ssl to the rules file:
1 2 |
cd squid-<version> vi debian/rules |
The parameter needs to be added somewhere around line 132 # Configure the package.
Then we just start the configure command and wait for it to finish:
1 |
./configure |
Lastly we need to compile everything and build us the .deb packages:
1 |
debuild -us -uc -b |
Manually installing the .deb files
For those of you who probably will still get some errors right at the end, you will probably notice that in your folder /usr/src/ you will have (based on your own version):
1 2 |
squid_2.7.STABLE9-2.1_i386.deb squid-common_2.7.STABLE9-2.1_all.deb |
Using these files, even if you have had errors when it tried to installed them automatically, you can install them manually like so:
1 2 |
dpkg -i squid_2.7.STABLE9-2.1_i386.deb dpkg -i squid-common_2.7.STABLE9-2.1_all.deb |
LE: 10 November 2013
Then you are done, you can start using https_port and set your SSL certificates to use SSL with your website. So in a reverse squid proxy configuration, you can use a similar setup:
1 2 |
https_port public-ip:443 cert=/certificates/domain.com.crt key=/keys/domain.com.key cafile=/certificates/sf_bundle.crt defaultsite=domain.com cache_peer 127.0.0.1 parent 8081 0 no-query originserver login=PASS |
The public IP address needs to be the one you want squid to listen for SSL requests.
Don’t forget to share it if you like it and comment if you have anything to add.