diff options
| author | jgoutin <jgoutin@pm.me> | 2021-06-19 21:37:14 +0300 |
|---|---|---|
| committer | jgoutin <jgoutin@pm.me> | 2021-06-19 21:37:14 +0300 |
| commit | 495fba72445f59f42093e2c0114aed8bdbcb4a55 (patch) | |
| tree | 6c3d7ad7a4994437924439b8fe81093f2b2800c5 | |
| parent | b74db77e4ffd8f4d52ecbf3d952e0495ea720a63 (diff) | |
Add Squid support
| -rwxr-xr-x | src/js/configs.js | 9 | ||||
| -rw-r--r-- | src/templates/partials/squid.hbs | 34 |
2 files changed, 43 insertions, 0 deletions
diff --git a/src/js/configs.js b/src/js/configs.js index 812873e..ae02433 100755 --- a/src/js/configs.js +++ b/src/js/configs.js @@ -157,6 +157,15 @@ module.exports = { tls13: '6.0', usesOpenssl: true, }, + squid: { + highlighter: 'nginx', // TODO: find better + latestVersion: '4.14', + name: 'Squid', + showSupports: false, + supportsHsts: false, + supportsOcspStapling: false, + tls13: '3.5', + }, tomcat: { highlighter: 'xml', latestVersion: '9.0.30', diff --git a/src/templates/partials/squid.hbs b/src/templates/partials/squid.hbs new file mode 100644 index 0000000..2916e5c --- /dev/null +++ b/src/templates/partials/squid.hbs @@ -0,0 +1,34 @@ +# {{output.header}} +# {{{output.link}}} + +# The following example shows Squid configured as a cache proxy with SSL bump enabled + +http_port 3128 ssl-bump \ + {{#if (minver "4" form.serverVersion)}}tls-{{/if}}cert=/path/to/ca_signing_cert \ + {{#if (minver "4" form.serverVersion)}}tls-{{/if}}key=/path/to/ca_signing_private_key \ +{{#if output.ciphers.length}} + cipher={{{join output.ciphers ":"}}} \ +{{/if}} +{{#if output.usesDhe}} + tls-dh=/path/to/dhparam \ # {{output.dhCommand}} > /path/to/dhparam +{{/if}} + options={{#if (minver "4" form.serverVersion)}}NO_SSLv3{{else}}NO_SSLv2,NO_SSLv3{{/if}}{{#unless (includes "TLSv1" output.protocols)}},NO_TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}},NO_TLSv1_1{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}},NO_TLSv1_2{{/unless}},NO_TICKET + +sslcrtd_program /usr/lib/squid/{{#if (minver "4" form.serverVersion)}}security_file_certgen{{else}}ssl_crtd{{/if}} -s /var/cache/squid/ssl_db -M 4MB +acl step1 at_step SslBump1 +ssl_bump peek step1 +ssl_bump bump all + + +# The following example shows Squid configured as a reverse Proxy / Accelerator + +https_port 443 accel defaultsite=example.net \ + {{#if (minver "4" form.serverVersion)}}tls-{{/if}}cert=/path/to/signed_cert_plus_intermediates \ + {{#if (minver "4" form.serverVersion)}}tls-{{/if}}key=/path/to/private_key \ +{{#if output.ciphers.length}} + cipher={{{join output.ciphers ":"}}} \ +{{/if}} +{{#if output.usesDhe}} + tls-dh=/path/to/dhparam \ # {{output.dhCommand}} > /path/to/dhparam +{{/if}} + options={{#if (minver "4" form.serverVersion)}}NO_SSLv3{{else}}NO_SSLv2,NO_SSLv3{{/if}}{{#unless (includes "TLSv1" output.protocols)}},NO_TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}},NO_TLSv1_1{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}},NO_TLSv1_2{{/unless}},NO_TICKET |