Last active
January 11, 2019 17:24
-
-
Save paraita/82a9c1dd1c8a0d589e5ee5c0be6745bf to your computer and use it in GitHub Desktop.
Minimal squid config for http and https basic auth (considering minimum2scp/squid's dockerfile)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# #### pre-requisites #### | |
# I use the following Dockerfile for Squid: | |
# https://hub.docker.com/r/minimum2scp/squid/~/dockerfile/ to deploy the proxy | |
# Replace the existing /etc/squid/squid.conf with this file | |
# Create the users credentials with htpasswd (apt-get install apache2-utils) | |
# htpasswd [-c] /etc/squid/squidusers username | |
# -с is to create a new file, not to change the existing file | |
# Use the following command to test the user/pass: | |
# /usr/lib/squid3/basic_ncsa_auth /etc/squid/squidusers | |
# provide <user> <password> at the prompt, for example: | |
# paraita wrong_password | |
# ERR Wrong password | |
# paraita good_password | |
# OK | |
# Ctrl-D | |
# Make sure squid can read the credentials file: | |
# chmod o+r /etc/squid/squidusers | |
# tell Squid what tool to validate user provided credentials | |
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squidusers | |
# http/https proxy port | |
http_port 3128 | |
# auth rule | |
acl onzelist proxy_auth REQUIRED | |
http_access allow onzelist | |
# deny https so it falls back to the auth rule | |
acl SSL_ports port 443 | |
acl SSL_ports port 832 | |
acl CONNECT method CONNECT | |
http_access deny CONNECT !SSL_ports |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment