Squid & SSL Proxies

Hi,

I'm wondering if anyone can point me in the right direction for information on using squid in the following manner (or, alternatively, I can always install something other than Squid…):

I want to use my web browser such that content is encrypted from the browser to my linode running squid, which will then retrieve content from a non-SSL-enabled site, sending back the content to me over the encrypted connection. Yes -- I realize that the content from the non-ssl-enabled server to my linode will not be encrypted, I don't need it to be. But I do want the traffic from my linode to my browser to be encrypted…

Is that possible? I'm assuming it must be. I would imagine that the browser and the proxy software exchange certificates and then chat away… But searches through google yield copious numbers of documents on how to get SSL working with Squid so that you can have your proxy server get documents from SSL-enabled websites and pass them to you… I can do that already. But I'd like to SSL to the proxy, and have the proxy fetch the unencrypted content for me.

Any help would be appreciated.

Thanks! :)

j.

4 Replies

Maybe I've not understood the question…

If you configure an http proxy in your browser, the browser will pass http requests to that proxy. If you configure an https proxy on your browser, the browser will pass all ssl requests to that proxy. I don't think you can change protocols part way through the proxying process.

To achieve what I think you want (secure http browsing connection through a hostile network or firewall) - what about setting localhost as your http proxy on a non-standard port and then using ssh to forward that port from your desktop to your linode. Configure the proxy/cache on your Linode to listen to the forwarded port and off you go - maybe. I haven't tried this, but I use a similar technique to burrow through my employer's corporate firewall and connect MySQL GUI admin tools on an XP desktop to MySQL on my Linode.

For your Linode proxy - what about Apache with mod_proxy. Configure a virtual server to listen on the forwarded port and put all the proxy config directives inside that server's config section.

@pclissold:

To achieve what I think you want (secure http browsing connection through a hostile network or firewall) - what about setting localhost as your http proxy on a non-standard port and then using ssh to forward that port from your desktop to your linode.
Yup – I'm looking for a secure connection to my linode through a hostile network. I like the localhost ssh forward idea, but I'm trying to come up with a solution that will be easy for non-techie users to implement. I've stumbled across stunnel recently, which, if I'm not mistaken, allows users to encrypt TCP traffic generally to a host, which then decrypts and passes it internally to another server of some kind.

I still have to do a bunch more reading to figure out if it's possible, but I think I could probably have stunnel listen on a non-standard port, decrypt the connection and pass it to Squid, which would then proxy the results and return them to stunnel. Stunnel would encrypt the result on the way back to the client. I don't know if that'll work, I have yet to try it…

> For your Linode proxy - what about Apache with modproxy. Configure a virtual server to listen on the forwarded port and put all the proxy config directives inside that server's config section.
That's a good idea – I've been trying Squid lately, but I wonder if using mod
proxy would free up some memory given that apache is already running anyway…

Thanks for your suggestions pclissold -- I'll keep reading… If anyone comes up with anything else, feel free to add…

j.

Stunnel would be good for non-techie users - if you're stuck with Win2K or XP as a client like I am, you can run it as a service and they'll never know it's there. I went with ssh because I always have a ssh client window open for my Linode and the F-Secure ssh client allows you to start a bunch of pre-configured tunnels from there with a single mouse click - easy.

Adding a module to Apache sure sounds like it's got to be more memory efficient that running Squid - but Linux lesson #1 is that you can't be sure until you've tried it :).

That's what I do except with a normal SSH connection. Setup your linode to run squid, and then ssh into your linode, opening a local port for the tunnel. Then set your browser to connect to your localhost as a proxy and all web data will travel through the tunnel.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct