Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mozilla/ssl-config-generator.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/templates/partials/squid.hbs
diff options
context:
space:
mode:
Diffstat (limited to 'src/templates/partials/squid.hbs')
-rw-r--r--src/templates/partials/squid.hbs34
1 files changed, 34 insertions, 0 deletions
diff --git a/src/templates/partials/squid.hbs b/src/templates/partials/squid.hbs
new file mode 100644
index 0000000..2916e5c
--- /dev/null
+++ b/src/templates/partials/squid.hbs
@@ -0,0 +1,34 @@
+# {{output.header}}
+# {{{output.link}}}
+
+# The following example shows Squid configured as a cache proxy with SSL bump enabled
+
+http_port 3128 ssl-bump \
+ {{#if (minver "4" form.serverVersion)}}tls-{{/if}}cert=/path/to/ca_signing_cert \
+ {{#if (minver "4" form.serverVersion)}}tls-{{/if}}key=/path/to/ca_signing_private_key \
+{{#if output.ciphers.length}}
+ cipher={{{join output.ciphers ":"}}} \
+{{/if}}
+{{#if output.usesDhe}}
+ tls-dh=/path/to/dhparam \ # {{output.dhCommand}} > /path/to/dhparam
+{{/if}}
+ options={{#if (minver "4" form.serverVersion)}}NO_SSLv3{{else}}NO_SSLv2,NO_SSLv3{{/if}}{{#unless (includes "TLSv1" output.protocols)}},NO_TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}},NO_TLSv1_1{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}},NO_TLSv1_2{{/unless}},NO_TICKET
+
+sslcrtd_program /usr/lib/squid/{{#if (minver "4" form.serverVersion)}}security_file_certgen{{else}}ssl_crtd{{/if}} -s /var/cache/squid/ssl_db -M 4MB
+acl step1 at_step SslBump1
+ssl_bump peek step1
+ssl_bump bump all
+
+
+# The following example shows Squid configured as a reverse Proxy / Accelerator
+
+https_port 443 accel defaultsite=example.net \
+ {{#if (minver "4" form.serverVersion)}}tls-{{/if}}cert=/path/to/signed_cert_plus_intermediates \
+ {{#if (minver "4" form.serverVersion)}}tls-{{/if}}key=/path/to/private_key \
+{{#if output.ciphers.length}}
+ cipher={{{join output.ciphers ":"}}} \
+{{/if}}
+{{#if output.usesDhe}}
+ tls-dh=/path/to/dhparam \ # {{output.dhCommand}} > /path/to/dhparam
+{{/if}}
+ options={{#if (minver "4" form.serverVersion)}}NO_SSLv3{{else}}NO_SSLv2,NO_SSLv3{{/if}}{{#unless (includes "TLSv1" output.protocols)}},NO_TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}},NO_TLSv1_1{{/unless}}{{#unless (includes "TLSv1.2" output.protocols)}},NO_TLSv1_2{{/unless}},NO_TICKET
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 15:21:10 +0300