我在 Ubuntu 14.04 上安装了 squid3.5,我正在尝试配置 squid 以使 WhatsApp 在移动设备上运行。我尝试使用squid3 文档但它不起作用。
我需要正确的配置才能使 WhatsApp 正常运行或任何可以帮助我的教程。
squid.conf 的当前配置:
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access allow all
# Squid normally listens to port 3128
http_port 8000
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#####################################################################
######### ** This are the lines i added from squid wiki ** #########
#####################################################################
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/etc/squid3/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
acl.url.nobump 文件:
# Web.whatsapp.com
(w[0-9]+|[a-z]+)\.web\.whatsapp\.com
# Whatsapp CDN issue
.whatsapp\.net
我是这样安装 squid3 的:
./configure \
--prefix=/usr \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--sharedstatedir=/var/lib \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-default-user=squid \
--enable-silent-rules \
--enable-dependency-tracking \
--with-openssl \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-esi \
--enable-follow-x-forwarded-for \
--enable-auth
然后我生成了自签名证书并将其安装在我的手机上
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt
浏览并尝试 WhatsApp 后的一些日志:
/var/log/squid/cache.log
2018/06/19 14:45:40| Squid is already running! Process ID 23347
2018/06/19 14:45:44 kid1| Shutdown: NTLM authentication.
2018/06/19 14:45:44 kid1| Shutdown: Negotiate authentication.
2018/06/19 14:45:44 kid1| Shutdown: Digest authentication.
2018/06/19 14:45:44 kid1| Shutdown: Basic authentication.
2018/06/19 14:45:44 kid1| Shutting down...
2018/06/19 14:45:44 kid1| storeDirWriteCleanLogs: Starting...
2018/06/19 14:45:44 kid1| Finished. Wrote 0 entries.
2018/06/19 14:45:44 kid1| Took 0.00 seconds ( 0.00 entries/sec).
CPU Usage: 0.016 seconds = 0.012 user + 0.004 sys
Maximum Resident Size: 64128 KB
Page faults with physical i/o: 0
2018/06/19 14:45:44 kid1| Logfile: closing log daemon:/var/log/squid/access.log
2018/06/19 14:45:44 kid1| Logfile Daemon: closing log daemon:/var/log/squid/access.log
2018/06/19 14:45:44 kid1| Open FD UNSTARTED 6 DNS Socket IPv6
2018/06/19 14:45:44 kid1| Open FD UNSTARTED 8 DNS Socket IPv4
2018/06/19 14:45:44 kid1| Open FD UNSTARTED 9 IPC UNIX STREAM Parent
2018/06/19 14:45:44 kid1| Squid Cache (Version 3.5.27): Exiting normally.
2018/06/19 14:46:06 kid1| Set Current Directory to /var/cache/squid
2018/06/19 14:46:06 kid1| Starting Squid Cache version 3.5.27 for x86_64-pc-linux-gnu...
2018/06/19 14:46:06 kid1| Service Name: squid
2018/06/19 14:46:06 kid1| Process ID 23521
2018/06/19 14:46:06 kid1| Process Roles: worker
2018/06/19 14:46:06 kid1| With 1024 file descriptors available
2018/06/19 14:46:06 kid1| Initializing IP Cache...
2018/06/19 14:46:06 kid1| DNS Socket created at [::], FD 6
2018/06/19 14:46:06 kid1| DNS Socket created at 0.0.0.0, FD 8
2018/06/19 14:46:06 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2018/06/19 14:46:06 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2018/06/19 14:46:06 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2018/06/19 14:46:06 kid1| Store logging disabled
2018/06/19 14:46:06 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/06/19 14:46:06 kid1| Target number of buckets: 1008
2018/06/19 14:46:06 kid1| Using 8192 Store buckets
2018/06/19 14:46:06 kid1| Max Mem size: 262144 KB
2018/06/19 14:46:06 kid1| Max Swap size: 0 KB
2018/06/19 14:46:06 kid1| Using Least Load store dir selection
2018/06/19 14:46:06 kid1| Set Current Directory to /var/cache/squid
2018/06/19 14:46:06 kid1| Finished loading MIME types and icons.
2018/06/19 14:46:06 kid1| HTCP Disabled.
2018/06/19 14:46:06 kid1| Pinger socket opened on FD 13
2018/06/19 14:46:06 kid1| Squid plugin modules loaded: 0
2018/06/19 14:46:06 kid1| Adaptation support is off.
2018/06/19 14:46:06 kid1| Accepting HTTP Socket connections at local=[::]:8000 remote=[::] FD 11 flags=9
2018/06/19 14:46:06| pinger: Initialising ICMP pinger ...
2018/06/19 14:46:06| icmp_sock: (1) Operation not permitted
2018/06/19 14:46:06| pinger: Unable to start ICMP pinger.
2018/06/19 14:46:06| icmp_sock: (1) Operation not permitted
2018/06/19 14:46:06| pinger: Unable to start ICMPv6 pinger.
2018/06/19 14:46:06| FATAL: pinger: Unable to open any ICMP sockets.
2018/06/19 14:46:07 kid1| storeLateRelease: released 0 objects
/var/log/squid/access.log
1529408773.577 1400 172.19.88.3 TCP_TUNNEL/200 6871 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408774.643 897 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.643 887 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.643 887 172.19.88.3 TCP_TUNNEL/200 183 CONNECT a248.e.akamai.net:443 - HIER_DIRECT/23.10.252.9 -
1529408774.647 1385 172.19.88.3 TCP_TUNNEL/200 3034 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408774.650 874 172.19.88.3 TCP_TUNNEL/200 2777 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408774.651 3548 172.19.88.3 TCP_TUNNEL/200 177 CONNECT img-s-msn-com.akamaized.net:443 - HIER_DIRECT/23.212.108.190 -
1529408774.653 2493 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408774.657 4442 172.19.88.3 TCP_TUNNEL/200 3893 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.660 872 172.19.88.3 TCP_TUNNEL/200 195 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.665 870 172.19.88.3 TCP_TUNNEL/200 195 CONNECT m.adnxs.com:443 - HIER_DIRECT/37.252.172.180 -
1529408774.667 5508 172.19.88.3 TCP_TUNNEL/200 6297 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.672 854 172.19.88.3 TCP_TUNNEL/200 5716 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.696 2349 172.19.88.3 TCP_TUNNEL/200 3150 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.704 882 172.19.88.3 TCP_TUNNEL/200 184 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.709 887 172.19.88.3 TCP_TUNNEL/200 184 CONNECT ping.chartbeat.net:443 - HIER_DIRECT/54.197.252.64 -
1529408774.711 4007 172.19.88.3 TCP_TUNNEL/200 468 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.715 888 172.19.88.3 TCP_TUNNEL/200 191 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.727 897 172.19.88.3 TCP_TUNNEL/200 191 CONNECT sb.scorecardresearch.com:443 - HIER_DIRECT/104.96.26.198 -
1529408774.745 5620 172.19.88.3 TCP_TUNNEL/200 6960 CONNECT www.bing.com:443 - HIER_DIRECT/204.79.197.200 -
1529408774.745 2066 172.19.88.3 TCP_TUNNEL/200 6542 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408774.745 2520 172.19.88.3 TCP_TUNNEL/200 6542 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408775.018 1756 172.19.88.3 TCP_TUNNEL/200 3845 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408776.063 1303 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.397 298 172.19.88.3 TCP_TUNNEL/200 277 CONNECT www.google.com:443 - HIER_DIRECT/172.217.18.228 -
1529408776.639 1884 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.669 1904 172.19.88.3 TCP_TUNNEL/200 5076 CONNECT ad.360yield.com:443 - HIER_DIRECT/18.184.58.214 -
1529408776.673 1889 172.19.88.3 TCP_TUNNEL/200 4490 CONNECT cm.adform.net:443 - HIER_DIRECT/37.157.2.238 -
1529408776.673 1884 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.679 1879 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.684 1892 172.19.88.3 TCP_TUNNEL/200 5091 CONNECT dh.serving-sys.com:443 - HIER_DIRECT/52.29.209.239 -
1529408776.690 1890 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.696 1876 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.717 1916 172.19.88.3 TCP_TUNNEL/200 191 CONNECT dsum-sec.casalemedia.com:443 - HIER_DIRECT/2.20.170.241 -
1529408776.725 1903 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.343 543 172.19.88.3 TCP_TUNNEL/200 5069 CONNECT bh.contextweb.com:443 - HIER_DIRECT/151.101.0.166 -
1529408777.401 2576 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.407 2583 172.19.88.3 TCP_TUNNEL/200 5077 CONNECT eb2.3lift.com:443 - HIER_DIRECT/18.184.92.103 -
1529408777.469 2641 172.19.88.3 TCP_TUNNEL/200 6317 CONNECT jadserve.postrelease.com:443 - HIER_DIRECT/54.77.30.217 -
1529408777.497 3712 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408777.573 3795 172.19.88.3 TCP_TUNNEL/200 6098 CONNECT login.live.com:443 - HIER_DIRECT/131.253.61.84 -
1529408778.419 4605 172.19.88.3 TCP_TUNNEL/200 5716 CONNECT otf.msn.com:443 - HIER_DIRECT/40.114.54.223 -
1529408778.605 1824 172.19.88.3 TCP_TUNNEL/200 3277 CONNECT pixel.rubiconproject.com:443 - HIER_DIRECT/213.19.162.80 -
1529408778.607 1873 172.19.88.3 TCP_TUNNEL/200 5805 CONNECT pm.w55c.net:443 - HIER_DIRECT/52.19.23.162 -
1529408778.611 1243 172.19.88.3 TCP_TUNNEL/200 3510 CONNECT prebid.adnxs.com:443 - HIER_DIRECT/37.252.161.184 -
1529408778.617 1189 172.19.88.3 TCP_TUNNEL/200 3856 CONNECT prebid.adnxs.com:443 - HIER_DIRECT/37.252.161.184 -
1529408778.637 3808 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408778.637 3807 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408778.759 1929 172.19.88.3 TCP_TUNNEL/200 4556 CONNECT bid.socdm.com:443 - HIER_DIRECT/202.241.208.2 -
1529408779.304 1756 172.19.88.3 TCP_TUNNEL/200 3163 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408786.308 11221 172.19.88.3 TCP_TUNNEL/200 5119 CONNECT secure.adnxs.com:443 - HIER_DIRECT/103.243.220.231 -
1529408788.620 11015 172.19.88.3 TCP_TUNNEL/200 4451 CONNECT x.dlx.addthis.com:443 - HIER_DIRECT/52.34.188.51 -
1529408802.161 23509 172.19.88.3 TCP_TUNNEL/200 3946 CONNECT encrypted-tbn0.gstatic.com:443 - HIER_DIRECT/172.217.18.238 -
1529408802.558 24104 172.19.88.3 TCP_TUNNEL/200 195 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408802.568 23770 172.19.88.3 TCP_TUNNEL/200 195 CONNECT ib.adnxs.com:443 - HIER_DIRECT/103.243.221.51 -
1529408802.568 23912 172.19.88.3 TCP_TUNNEL/200 4089 CONNECT lh3.googleusercontent.com:443 - HIER_DIRECT/172.217.18.225 -
1529408802.568 27740 172.19.88.3 TCP_TUNNEL/200 3388 CONNECT rtb-csync.smartadserver.com:443 - HIER_DIRECT/185.86.139.19 -
1529408802.568 27728 172.19.88.3 TCP_TUNNEL/200 5005 CONNECT sync.teads.tv:443 - HIER_DIRECT/52.213.171.180 -
1529408802.568 27726 172.19.88.3 TCP_TUNNEL/200 5005 CONNECT sync.teads.tv:443 - HIER_DIRECT/52.213.171.180 -
1529408802.568 27732 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568 27736 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568 27734 172.19.88.3 TCP_TUNNEL/200 4573 CONNECT s.thebrighttag.com:443 - HIER_DIRECT/54.228.243.159 -
1529408802.568 23894 172.19.88.3 TCP_TUNNEL/200 3947 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.18.227 -
1529408802.569 27730 172.19.88.3 TCP_TUNNEL/200 193 CONNECT sync-tm.everesttech.net:443 - HIER_DIRECT/151.101.2.49 -
1529408802.569 23890 172.19.88.3 TCP_TUNNEL/200 3948 CONNECT www.gstatic.com:443 - HIER_DIRECT/172.217.18.227 -
1529408803.751 9840 172.19.88.3 TCP_TUNNEL/200 5172 CONNECT kinesis.ap-southeast-1.amazonaws.com:443 - HIER_DIRECT/52.119.185.54 -
注意:浏览 http 和 https 网站正常