tailscale/tstest/integration/vms/squid.conf
Tom DNetto dec68166e4 tstest/integration/vms: smoke test derphttp through mitm proxies
Updates #4377

Very smoky/high-level test to ensure that derphttp internals play well
with an agressive (stare + bump) meddler-in-the-middle proxy.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2022-04-12 13:24:29 -07:00

39 lines
1.2 KiB
SquidConf

pid_filename /run/squid.pid
cache_dir ufs /tmp/squid/cache 500 16 256
maximum_object_size 4096 KB
coredump_dir /tmp/squid/core
visible_hostname localhost
cache_access_log /tmp/squid/access.log
cache_log /tmp/squid/cache.log
# Access Control lists
acl localhost src 127.0.0.1 ::1
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access deny all
forwarded_for on
# sslcrtd_program /nix/store/nqlqk1f6qlxdirlrl1aijgb6vbzxs0gs-squid-4.17/libexec/security_file_certgen -s /tmp/squid/ssl_db -M 4MB
sslcrtd_children 5
http_port 127.0.0.1:3128 \
ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/tmp/squid/myca-mitm.pem
ssl_bump stare all # mimic the Client Hello, drop unsupported extensions
ssl_bump bump all # terminate and establish new TLS connection