прокси squid в Ubuntu не принимает удаленные соединения https - PullRequest
Новая
       38

прокси squid в Ubuntu не принимает удаленные соединения https

0 голосов
/ 08 февраля 2019

У меня 4 IP-адреса на моем vps, и я пытаюсь установить анонимный прокси-сервер squid, используя это руководство

Однако мой прокси, похоже, не принимает внешние HTTPS-соединения.Он используется для более ранних версий в той же конфигурации, но не для новых VPS.

squid.conf: 

# Squid normally listens to port 3128
#http_port 3128
http_port xx.xx.232.76:9990 name=9990
http_port xx.xx.232.77:9991 name=9991
http_port xx.xx.232.78:9992 name=9992

acl meta myportname 9990 src 1xx.1xx.232.80
http_access allow meta
tcp_outgoing_address 1xx.1xx.232.76 meta

acl meta1 myportname 9991 src 1xx.1xx.232.80
http_access allow meta1
tcp_outgoing_address 1xx.1xx.232.77 meta1

acl meta2 myportname 9992 src 1xx.1xx.232.80
http_access allow meta2
tcp_outgoing_address 1xx.1xx.232.78 meta2


acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

# ANONYMOUS PROXY
via off
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all

Он не работает, когда я пытаюсь получить доступ извне, даже если я его установилsrc all

Кроме того, как было найдено в других решениях, я уже прокомментировал http_access deny parts 

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
#http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access allow CONNECT !SSL_ports

# Only allow cachemgr access from localhost
#http_access allow localhost manager
#http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

Журнал доступа: 

1549627286.917  60164 123.201.101.50 TCP_MISS/503 0 CONNECT www.ipify.org:443 - HIER_NONE/- -

Журнал кэша: 

Memory usage for squid via mallinfo():
        total space in arena:    6268 KB
        Ordinary blocks:         4894 KB    103 blks
        Small blocks:               0 KB     17 blks
        Holding blocks:         36892 KB      8 blks
        Free Small blocks:          1 KB
        Free Ordinary blocks:    1373 KB
        Total in use:           41786 KB 667%
        Total free:              1374 KB 22%
2019/02/08 06:14:29| Logfile: closing log daemon:/var/log/squid3/access.log
2019/02/08 06:14:29| Logfile Daemon: closing log daemon:/var/log/squid3/access.log
2019/02/08 06:14:29| Open FD UNSTARTED     5 DNS Socket IPv6
2019/02/08 06:14:29| Open FD READ/WRITE    6 DNS Socket IPv4
2019/02/08 06:14:29| Open FD UNSTARTED     7 IPC UNIX STREAM Parent
2019/02/08 06:14:29| Squid Cache (Version 3.3.8): Exiting normally.
2019/02/08 06:14:29| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2019/02/08 06:14:29| Process ID 22723
2019/02/08 06:14:29| Process Roles: master worker
2019/02/08 06:14:29| With 65536 file descriptors available
2019/02/08 06:14:29| Initializing IP Cache...
2019/02/08 06:14:29| DNS Socket created at [::], FD 5
2019/02/08 06:14:29| DNS Socket created at 0.0.0.0, FD 6
2019/02/08 06:14:29| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2019/02/08 06:14:29| Adding nameserver 8.8.4.4 from /etc/resolv.conf
2019/02/08 06:14:29| Logfile: opening log daemon:/var/log/squid3/access.log
2019/02/08 06:14:29| Logfile Daemon: opening log /var/log/squid3/access.log
2019/02/08 06:14:29| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2019/02/08 06:14:29| Store logging disabled
2019/02/08 06:14:29| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2019/02/08 06:14:29| Target number of buckets: 1008
2019/02/08 06:14:29| Using 8192 Store buckets
2019/02/08 06:14:29| Max Mem  size: 262144 KB
2019/02/08 06:14:29| Max Swap size: 0 KB
2019/02/08 06:14:29| Using Least Load store dir selection
2019/02/08 06:14:29| Set Current Directory to /var/spool/squid3
2019/02/08 06:14:29| Loaded Icons.
2019/02/08 06:14:29| HTCP Disabled.
2019/02/08 06:14:29| Pinger socket opened on FD 13
2019/02/08 06:14:29| Squid plugin modules loaded: 0
2019/02/08 06:14:29| Adaptation support is off.
2019/02/08 06:14:29| Accepting HTTP Socket connections at local=xx.xx.232.76:9990 remote=[::] FD 9 flags=9
2019/02/08 06:14:29| Accepting HTTP Socket connections at local=xx.xx.232.77:9991 remote=[::] FD 10 flags=9
2019/02/08 06:14:29| Accepting HTTP Socket connections at local=xx.xx.232.78:9992 remote=[::] FD 11 flags=9
2019/02/08 06:14:29| pinger: Initialising ICMP pinger ...
2019/02/08 06:14:29| pinger: ICMP socket opened.
2019/02/08 06:14:29| pinger: ICMPv6 socket opened
2019/02/08 06:14:29| Pinger exiting.
2019/02/08 06:14:30| storeLateRelease: released 0 objects

Я пытаюсь подключиться к этому с запросами и получаю следующую ошибку: 

requests.exceptions.ProxyError: HTTPSConnectionPool(host='www.ipify.org', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 503 Service Unavailable',)))
...