更新 1:

更新 1:

最后更新:我最终使用nginx证明squid很难使用,请参阅最后的更新了解更多详细信息

我正在尝试使用 SNI(不解密)通过 squid 设置透明的 HTTPS 代理,但它不起作用。

我不知道我做错了什么,我将非常感激你的帮助。

我尝试过以下解决方案:A

记录期间发生的事件:

HTTP 调用

curl -v http://example.com
*   Trying 127.0.0.1:80...
* Connected to example.com (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.82.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Age: 512560
< Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
< Date: Sun, 11 Jun 2023 15:28:56 GMT
< ETag: "3147526947+ident"
< Expires: Sun, 18 Jun 2023 15:28:56 GMT
< Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
< Server: ECS (bsa/EB17)
< Vary: Accept-Encoding
< X-Cache: HIT
< Content-Length: 1256
< X-Cache: MISS from eb91c8aa314b
< X-Cache-Lookup: MISS from eb91c8aa314b:3128
< Via: 1.1 eb91c8aa314b (squid/5.7)
< Connection: keep-alive

HTTPS 调用

curl -v https://example.com
*   Trying 127.0.0.1:443...
* Connected to example.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):

对于 HTTPS,它卡住了。

squid.conf:

acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8     # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10      # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12      # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16     # RFC 1918 local private network (LAN)
acl localnet src fc00::/7           # RFC 4193 local private network range
acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

include /etc/squid/conf.d/*.conf

# http_access allow localhost
# http_access deny all
# http_port 3128

coredump_dir /var/spool/squid
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320


# ---------------------- Added configs ----------------------

http_access allow all

# always_direct allow all

# Squid kept crashing and after checking out the logs and searching, I found following bug report
# which in first comment there was some suggested workarounds one of them was setting a value for max_filedescriptors 
# https://bugs.launchpad.net/ubuntu-docker-images/+bug/1978272 
max_filedescriptors 1048576

# transparent proxy for http 
http_port 3128 accel vhost allow-direct

# transparent proxy for https 
acl step1 at_step SslBump1
# acl step2 at_step SslBump2
# acl step3 at_step SslBump3

ssl_bump peek step1 
ssl_bump splice all 
# ssl_bump bump 


https_port 3129 intercept ssl-bump cert=/etc/squid/squid.pem

访问日志:

1686498023.786    671 172.17.0.1 TCP_MISS/304 436 GET http://example.com/ - HIER_DIRECT/93.184.216.34 -
1686498025.905      0 172.17.0.1 NONE_NONE/000 0 - error:accept-client-connection - HIER_NONE/- -

缓存.日志:

2023/06/11 15:40:17 kid1| Set Current Directory to /var/spool/squid
2023/06/11 15:40:17 kid1| Starting Squid Cache version 5.7 for x86_64-pc-linux-gnu...
2023/06/11 15:40:17 kid1| Service Name: squid
2023/06/11 15:40:17 kid1| Process ID 9
2023/06/11 15:40:17 kid1| Process Roles: worker
2023/06/11 15:40:17 kid1| With 1048576 file descriptors available
2023/06/11 15:40:17 kid1| Initializing IP Cache...
2023/06/11 15:40:17 kid1| DNS Socket created at 0.0.0.0, FD 8
2023/06/11 15:40:17 kid1| Adding nameserver 1.1.1.1 from /etc/resolv.conf
2023/06/11 15:40:17 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2023/06/11 15:40:17 kid1| Adding nameserver 9.9.9.9 from /etc/resolv.conf
2023/06/11 15:40:17 kid1| Adding domain . from /etc/resolv.conf
2023/06/11 15:40:17 kid1| helperOpenServers: Starting 5/32 'security_file_certgen' processes
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2023/06/11 15:40:17 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2023/06/11 15:40:17 kid1| Store logging disabled
2023/06/11 15:40:17 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2023/06/11 15:40:17 kid1| Target number of buckets: 1008
2023/06/11 15:40:17 kid1| Using 8192 Store buckets
2023/06/11 15:40:17 kid1| Max Mem  size: 262144 KB
2023/06/11 15:40:17 kid1| Max Swap size: 0 KB
2023/06/11 15:40:17 kid1| Using Least Load store dir selection
2023/06/11 15:40:17 kid1| Set Current Directory to /var/spool/squid
2023/06/11 15:40:17 kid1| Finished loading MIME types and icons.
2023/06/11 15:40:17 kid1| HTCP Disabled.
2023/06/11 15:40:17 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted
2023/06/11 15:40:17 kid1| Pinger socket opened on FD 24
2023/06/11 15:40:17 kid1| Squid plugin modules loaded: 0
2023/06/11 15:40:17 kid1| Adaptation support is off.
2023/06/11 15:40:17 kid1| Accepting reverse-proxy HTTP Socket connections at conn12 local=0.0.0.0:3128 remote=[::] FD 21 flags=9
2023/06/11 15:40:17 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn14 local=0.0.0.0:3129 remote=[::] FD 22 flags=41
2023/06/11 15:40:17| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2023/06/11 15:40:17| pinger: Initialising ICMP pinger ...
2023/06/11 15:40:17| pinger: ICMP socket opened.
2023/06/11 15:40:17| pinger: ICMPv6 socket opened
2023/06/11 15:40:18 kid1| storeLateRelease: released 0 objects
2023/06/11 15:40:25 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on conn23 local=172.17.0.2:3129 remote=172.17.0.1:57978 FD 14 flags=33: (2) No such file or directory
    listening port: 3129
2023/06/11 15:40:25 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on conn23 local=172.17.0.2:3129 remote=172.17.0.1:57978 FD 14 flags=33
    listening port: 3129

环境:

我在 docker 容器内运行 squid,其已发布端口为 80:3128 和 443:3129

Host: Fedora 37
Docker version: 24.0.2
Docker image: my_own_dockerfile and ghcr.io/b4tman/squid-ssl-bump (tired both)
Squid version: 5.7 (squid-openssl debian package)

squid-ssl-bump图片来自b4tman@github

我已经尝试了这两个图像,但最终得到了相同的结果,我也尝试了 Docker 之外的结果也是一样的。

我的docker文件:


FROM debian:bookworm-slim

RUN apt-get update \
 && apt-get install -y squid-openssl \ 
 && rm -rf /var/lib/apt/lists/*

RUN /usr/lib/squid/security_file_certgen -c -s /var/spool/squid/ssl_db -M 4MB
RUN touch /run/squid.pid && chmod o=rw /run/squid.pid

USER proxy
 
EXPOSE 3128 3129

CMD ["squid","--foreground"]

测试:

我一直在使用 /etc/hosts 将某些域(example.com)指向 127.0.0.1(仅用于测试目的)并使用 curl 和 Firefox 来测试结果。

把它们加起来:

目标:使用 SNI(解密流量)将 squid 作为透明的 HTTPS 代理。

非目标:解密 HTTPS 流量并在客户端上安装证书。

问题:就我而言,它不起作用(对于 HTTPS),并且搜索日志中出现的错误没有太大帮助。

PS:我对网络的了解非常有限。

更新 1:

根据评论中提到的它可能与 docker 有关,我在 docker 之外做了更多测试。

我已经在 Fedora 37 上进行了测试,它是我的主要机器,还有一个 Debian 11 服务器

Fedora 37 环境:

squid version: 5.8 (squid package on fedora)

Debian 11 环境:

squid version: 4.13 (squid-openssl package on debian)

两种情况下的结果几乎相同,并且都没有达到目标,但是与docker相比日志略有不同。

这是 Fedora 中的 conf 和日志文件:

squid配置文件

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8     # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10      # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16     # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12      # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16     # RFC 1918 local private network (LAN)
acl localnet src fc00::/7           # RFC 4193 local private network range
acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny to_localhost
http_access deny to_linklocal

# For example, to allow access from your local networks, you may uncomment the
# following rule (and/or add rules that match your definition of "local"):
# http_access allow localnet

#http_access deny all

#http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320




# ---------------------- Added configs ----------------------

http_access allow all

# always_direct allow all

# Squid kept crashing and after checking out the logs and searching, I found following bug report
# which in first comment there was some suggested workarounds one of them was setting a value for max_filedescriptors
# https://bugs.launchpad.net/ubuntu-docker-images/+bug/1978272
#max_filedescriptors 1048576

# transparent proxy for http
http_port 80 accel vhost allow-direct

# transparent proxy for https
acl step1 at_step SslBump1
# acl step2 at_step SslBump2
# acl step3 at_step SslBump3

ssl_bump peek step1
ssl_bump splice all


https_port 443 intercept ssl-bump cert=/etc/squid/squid.pem

访问日志

1686566705.397    869 127.0.0.1 TCP_MISS/200 1708 GET http://example.com/ - HIER_DIRECT/93.184.216.34 text/html

1686567418.039      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.039      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.039      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.040      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.040      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.040      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.040      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.041      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.041      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.041      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.042      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.042      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.042      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.042      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.043      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.043      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.043      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.044      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.044      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.044      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.044      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.045      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.045      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.045      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.046      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567418.046      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
.........
1686567420.514      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567420.514      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567420.514      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -
1686567420.515      0 127.0.0.1 NONE_NONE/000 0 CONNECT 127.0.0.1:443 - HIER_NONE/- -

缓存日志

2023/06/12 14:14:10 kid1| Set Current Directory to /var/spool/squid
2023/06/12 14:14:10 kid1| Starting Squid Cache version 5.8 for x86_64-redhat-linux-gnu...
2023/06/12 14:14:10 kid1| Service Name: squid
2023/06/12 14:14:10 kid1| Process ID 20583
2023/06/12 14:14:10 kid1| Process Roles: worker
2023/06/12 14:14:10 kid1| With 16384 file descriptors available
2023/06/12 14:14:10 kid1| Initializing IP Cache...
2023/06/12 14:14:10 kid1| DNS Socket created at [::], FD 8
2023/06/12 14:14:10 kid1| DNS Socket created at 0.0.0.0, FD 9
2023/06/12 14:14:10 kid1| Adding nameserver 127.0.0.53 from /etc/resolv.conf
2023/06/12 14:14:10 kid1| Adding domain . from /etc/resolv.conf
2023/06/12 14:14:10 kid1| helperOpenServers: Starting 5/32 'security_file_certgen' processes
2023/06/12 14:14:10 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2023/06/12 14:14:10 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2023/06/12 14:14:10 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2023/06/12 14:14:10 kid1| Store logging disabled
2023/06/12 14:14:10 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2023/06/12 14:14:10 kid1| Target number of buckets: 1008
2023/06/12 14:14:10 kid1| Using 8192 Store buckets
2023/06/12 14:14:10 kid1| Max Mem  size: 262144 KB
2023/06/12 14:14:10 kid1| Max Swap size: 0 KB
2023/06/12 14:14:10 kid1| Using Least Load store dir selection
2023/06/12 14:14:10 kid1| Set Current Directory to /var/spool/squid
2023/06/12 14:14:10 kid1| Finished loading MIME types and icons.
2023/06/12 14:14:10 kid1| HTCP Disabled.
2023/06/12 14:14:10 kid1| Squid plugin modules loaded: 0
2023/06/12 14:14:10 kid1| Adaptation support is off.
2023/06/12 14:14:10 kid1| Accepting reverse-proxy HTTP Socket connections at conn13 local=[::]:80 remote=[::] FD 22 flags=9
2023/06/12 14:14:10 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn15 local=[::]:443 remote=[::] FD 23 flags=41
2023/06/12 14:14:11 kid1| storeLateRelease: released 0 objects
2023/06/12 14:27:00 kid1| WARNING! Your cache is running out of filedescriptors
    listening port: 443

测试:

由于 squid 在主机操作系统上运行,我无法使用/etc/hosts(为了防止循环),因此我使用 进行了测试curl -x

HTTP:

curl -x http://127.0.0.1:80 -v http://example.com
*   Trying 127.0.0.1:80...
* Connected to (nil) (127.0.0.1) port 80 (#0)
> GET http://example.com/ HTTP/1.1
> Host: example.com
> User-Agent: curl/7.82.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Age: 370504
< Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
< Date: Mon, 12 Jun 2023 10:45:05 GMT
< ETag: "3147526947+ident"
< Expires: Mon, 19 Jun 2023 10:45:05 GMT
< Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
< Server: ECS (nyb/1D20)
< Vary: Accept-Encoding
< X-Cache: HIT
< Content-Length: 1256
< X-Cache: MISS from fedora
< X-Cache-Lookup: MISS from fedora:80
< Via: 1.1 fedora (squid/5.8)
< Connection: keep-alive

HTTPS:

curl -x https://127.0.0.1:443 -v https://example.com
*   Trying 127.0.0.1:443...
* Connected to (nil) (127.0.0.1) port 443 (#0)
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL connection timeout
* Operation timed out after 300000 milliseconds with 0 bytes received
* Closing connection 0
curl: (28) SSL connection timeout

更新 2

我按照步骤做了@tegan-yorekcache建议在我的 squid.conf 中添加:

cache_dir ufs /var/squidcache  100 16 256
ipcache_size 2048
fqdncache_size 2048

但又出现了一系列新错误。
我有一个nginx可以解决问题的设置,所以我没有按照错误来寻找解决方案。

最后更新:

由于鱿鱼很难处理,我最终开始寻找替代品,
并找到了nginx's ngx_stream_ssl_preread_module它满足了我的需要。

由于我没有让鱿鱼工作,所以我将留下这个问题而不给出可接受的答案,谢谢大家的帮助。

答案1

尝试将您的配置放在https_port 3129您的配置上方ssl_bump。另外,我还没有在 docker 中使用过 squid。我总是必须使用https_port拦截来配置我的,这需要从 进行转发443

例如

#https_port 443 cert=/xyz
#https_port 3129 intercept ssl-bump cert=/xyz 
   
ssl_bump peek step1
ssl_bump splice all 

答案2

因此,经过一些测试,不幸的是,测试是在 Ubuntu 而不是 Fedora 上进行的。我想出了。Ssl_bump peek step1 ssl_bump splice all。我发现 squid 正在断开连接,因为 cdn 托管的网站正在触发主机头伪造检测。我的解决方法是添加一个单独的缓存,然后在第二个缓存行下添加 ipcache_size 和 fqdncache_size。Ipcache 是不言而喻的,fqdn 缓存服务器 ip 地址的域名。发生的情况是客户端计算机收到一个 ip 地址,而 squid 代理收到一个不同的 ip 地址。然后触发主机头伪造。

更新以帮助使用 squid sni 解决方法。在 squid 配置文件中设置另一个缓存行。cache_dir aufs /route/to/cache 2000 16 256 然后在其下方添加。ipcache_size # 无论单位大小 MB/KB/B
fqdncache_size # 无论单位大小 MB/KB/B 然后添加这两行。positive_dns_ttl # 无论时间单位 hr/min/sec negative_dns_ttl # 无论时间单位。注意,不设置存储单位大小,squid 将自动默认为字节。还要保持 negative_dns_ttl 低于正值,我将我的设置为 1 分钟。在文件中设置配置后,使用 sudo service squid stop 停止 squid。在配置中为分配的缓存创建目录 sudo mkdir -p /path/to/cache。然后使用 sudo chmod proxy:proxy /path/to/cache 授予 squid 所有权。根据 Linux 发行版,用户可能是 squid。代理是 ubuntu 中的默认设置。然后发出另一个命令来初始化缓存 sudo squid -z。然后使用 sudo service squid restart 重新启动 squid。检查您的日志,您会看到很多错误:transaction-end-before-headers,但随着时间的推移,它们会开始减弱。

我知道已经有一段时间了,但我还是想更新它以供将来参考,并供遇到类似问题的人参考。

相关内容