Skip to content

Instantly share code, notes, and snippets.

@uzen
Created September 18, 2018 09:43
Show Gist options
  • Save uzen/415fa5d64fe31247a429ac0b9d9ada92 to your computer and use it in GitHub Desktop.
Save uzen/415fa5d64fe31247a429ac0b9d9ada92 to your computer and use it in GitHub Desktop.
Squid + tor configuration
настройка tor + privoxy + squid
http(s)-proxy: 127.0.0.1:3128, 127.0.0.1:8118 (только через tor)
socks5: 127.0.0.1:9050
#/etc/squid/tor.url - на эти сайты ходим через tor
кэширование трафика отключено
#/etc/tor/torrc
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
RunAsDaemon 1
AvoidDiskWrites 1
#VirtualAddrNetworkIPv4 10.254.0.0/16
#AutomapHostsOnResolve 1
SocksPort 9050
SocksPolicy accept private:*,reject *:*
#TransPort 9040
#DNSPort 5353
DataDirectory /var/lib/tor
#/etc/privoxy/config
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy
#actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
#filterfile user.filter # User customizations
logfile logfile
debug 4096
debug 8192
listen-address 127.0.0.1:8118
listen-address [::1]:8118
forward-socks5t / 127.0.0.1:9050 .
toggle 0
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
#/etc/squid/squid.conf
acl manager proto cache_object
acl localnet src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128
acl CONNECT method CONNECT
# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost.
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
# Squid normally listens to port 3128
http_port 3128
#http_port 127.0.0.1:3129 intercept
acl tor_url dstdom_regex -i "/etc/squid/tor.url"
never_direct allow tor_url
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest name=privoxy
cache_peer_access privoxy allow tor_url
cache_peer_access privoxy deny all
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed.
http_access allow localhost
http_access allow localnet
# Finally deny all other access to this proxy.
http_access deny all
icp_access deny all
htcp_access deny all
forwarded_for off
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 4096 32 256
cache deny all
coredump_dir /var/spool/squid
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
#refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern . 0 20% 4320
access_log none
cache_store_log none
cache_log /dev/null
logfile_rotate 0
shutdown_lifetime 5 seconds
#/etc/squid/tor.url
2ip\.ru
telegram\.org
flibusta\.is
\.onion
Install Squid with ssl bump on Debian
https://github.com/jpelias/squid3-ssl-bump/blob/master/Install%20Squid%203.4%20with%20ssl%20bump%20on%20Debian%208%20(Jessie)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment