Closed hanwoody closed 9 years ago
https is designed to prevent man in the middle attacks. A transparent proxy is effectively a man in the middle. If you want to use squid for https proxying transparently you need to setup a private CA certificate and push it to all your users so they trust the proxy. An example of how to set this up can be found here.
I'd suggest that this is out of scope for squid-in-a-can
Agreed with @tfoote.
Of course if someone wants to contribute support for that I'll be happy to consider merging it!
What would be the best way to go about this?
I briefly read the Robert's centos guide linked and I was thinking something along the lines: Create an entrypoint that generates the credentials at runtime, then when spinning up the container, mount the directory where the public certificate is generated to a shared volume to be mounted in future containers.
Where would those shared volumes then be mounted to? Does debian:jessie's version of squid support ssl_crtd?
many downloads is ssl ,for example maven, nmp etc, squid cannot handle it.