mirror of
https://github.com/tailscale/tailscale.git
synced 2025-10-24 09:39:39 +00:00

Updates #4377 Very smoky/high-level test to ensure that derphttp internals play well with an agressive (stare + bump) meddler-in-the-middle proxy. Signed-off-by: Tom DNetto <tom@tailscale.com>
39 lines
1.2 KiB
SquidConf
39 lines
1.2 KiB
SquidConf
pid_filename /run/squid.pid
|
|
cache_dir ufs /tmp/squid/cache 500 16 256
|
|
maximum_object_size 4096 KB
|
|
coredump_dir /tmp/squid/core
|
|
visible_hostname localhost
|
|
cache_access_log /tmp/squid/access.log
|
|
cache_log /tmp/squid/cache.log
|
|
|
|
# Access Control lists
|
|
acl localhost src 127.0.0.1 ::1
|
|
acl manager proto cache_object
|
|
acl SSL_ports port 443
|
|
acl Safe_ports port 80 # http
|
|
acl Safe_ports port 21 # ftp
|
|
acl Safe_ports port 443 # https
|
|
acl Safe_ports port 70 # gopher
|
|
acl Safe_ports port 210 # wais
|
|
acl Safe_ports port 1025-65535 # unregistered ports
|
|
acl Safe_ports port 280 # http-mgmt
|
|
acl Safe_ports port 488 # gss-http
|
|
acl Safe_ports port 591 # filemaker
|
|
acl Safe_ports port 777 # multiling http
|
|
acl CONNECT method CONNECT
|
|
|
|
http_access allow localhost
|
|
http_access deny all
|
|
forwarded_for on
|
|
|
|
# sslcrtd_program /nix/store/nqlqk1f6qlxdirlrl1aijgb6vbzxs0gs-squid-4.17/libexec/security_file_certgen -s /tmp/squid/ssl_db -M 4MB
|
|
sslcrtd_children 5
|
|
|
|
http_port 127.0.0.1:3128 \
|
|
ssl-bump \
|
|
generate-host-certificates=on \
|
|
dynamic_cert_mem_cache_size=4MB \
|
|
cert=/tmp/squid/myca-mitm.pem
|
|
|
|
ssl_bump stare all # mimic the Client Hello, drop unsupported extensions
|
|
ssl_bump bump all # terminate and establish new TLS connection |