Squid3 Online-Server verbindet nicht

Gemeinsam ins Internet mit Firewall und Proxy.
Antworten
wanne
Moderator
Beiträge: 7448
Registriert: 24.05.2010 12:39:42

Re: Squid3 Online-Server verbindet nicht

Beitrag von wanne » 19.04.2018 19:08:47

Achso: Du kennst den SSH-socks-Proxy? Weit einfacher zu nutzen.
rot: Moderator wanne spricht, default: User wanne spricht.

Paddock
Beiträge: 9
Registriert: 17.04.2018 11:04:09

Re: Squid3 Online-Server verbindet nicht

Beitrag von Paddock » 19.04.2018 20:03:14

Achso: Du kennst den SSH-socks-Proxy? Weit einfacher zu nutzen.
Mir wird im Dashboard angeboten, "SSH Keys" zu generieren. Ich weiß nicht, ob das das gleiche ist.

Paddock
Beiträge: 9
Registriert: 17.04.2018 11:04:09

Re: Squid3 Online-Server verbindet nicht

Beitrag von Paddock » 20.04.2018 13:34:10

Ok. Wenn ich das jetzt richtig verstanden habe, dann soll ich squid.conf mit cat öffnen
und dann das hier

Code: Alles auswählen

auth_param digest program /usr/lib/squid/digest_file_auth -c /etc/squid/md5pws
auth_param digest children 20 startup=0 idle=1
auth_param digest realm squid_paddock
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
acl users proxy_auth REQUIRED
icp_access deny all # just to be shure
http_access allow users
http_access deny all
http_port 3128

forwarded_for delete
einfügen. Wenn ich squid.conf öffne, erhalte ich das hier:

Code: Alles auswählen

root@vultr:/etc/squid3# cat squid.conf
http_port 3128
cache deny all
hierarchy_stoplist cgi-bin ?

access_log none
cache_store_log none
cache_log /dev/null

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl CONNECT method CONNECT
acl siteblacklist dstdomain "/etc/squid3/blacklist.acl"
http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports
http_access deny siteblacklist
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow localhost
http_access allow password
http_access deny all

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Irgend etwas ersetzen kann ich nicht, wenn ich es mit cat öffne.
Ich habe es jetzt mit nano geöffnet und das hier

Code: Alles auswählen

auth_param digest program /usr/lib/squid/digest_file_auth -c /etc/squid/md5pws
auth_param digest children 20 startup=0 idle=1
auth_param digest realm squid_paddock
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
acl users proxy_auth REQUIRED
icp_access deny all # just to be shure
http_access allow users
http_access deny all
http_port 3128

forwarded_for delete
ganz unten rangehangen. squid.conf sieht jetzt so aus:

Code: Alles auswählen

root@vultr:/etc/squid3# cat squid.conf
http_port 3128
cache deny all
hierarchy_stoplist cgi-bin ?

access_log none
cache_store_log none
cache_log /dev/null

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl CONNECT method CONNECT
acl siteblacklist dstdomain "/etc/squid3/blacklist.acl"
http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports
http_access deny siteblacklist
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow localhost
http_access allow password
http_access deny all

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
root@vultr:/etc/squid3# ^C
root@vultr:/etc/squid3# nano squid.conf
root@vultr:/etc/squid3# cat squid.conf
http_port 3128
cache deny all
hierarchy_stoplist cgi-bin ?

access_log none
cache_store_log none
cache_log /dev/null

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl CONNECT method CONNECT
acl siteblacklist dstdomain "/etc/squid3/blacklist.acl"
http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports
http_access deny siteblacklist
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow localhost
http_access allow password
http_access deny all

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

auth_param digest program /usr/lib/squid/digest_file_auth -c /etc/squid/md5pws
auth_param digest children 20 startup=0 idle=1
auth_param digest realm squid_paddock
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
acl users proxy_auth REQUIRED
icp_access deny all # just to be shure
http_access allow users
http_access deny all
http_port 3128

forwarded_for delete
Dann habe ich das hier im squid-Verzeichnis ausgeführt:

Code: Alles auswählen

paddock:squid_paddock:4a7dc47711e8b079eb9bf556701574eb
Da kam dann das hier zurück:

Code: Alles auswählen

root@vultr:/etc/squid3# paddock:squid_paddock:4a7dc47711e8b079eb9bf556701574eb
-bash: paddock:squid_paddock:4a7dc47711e8b079eb9bf556701574eb: command not found
Dann habe ich noch den hier ausgeführt:

Code: Alles auswählen

echo -n paddock:squid_paddock:secret_passowrd | openssl md5
und da kam dann das hier zurück:

Code: Alles auswählen

(stdin)= 4a7dc47711e8b079eb9bf556701574eb
Also. Klärt mich doch mal auf, was ich anders machen muss. Ihr merkt schon, ich habe mich edv-Unterricht gedrückt :)

Paddock
Beiträge: 9
Registriert: 17.04.2018 11:04:09

Re: Squid3 Online-Server verbindet nicht

Beitrag von Paddock » 23.04.2018 13:04:11

Problem ist gelöst.
Es war ein Problem mit der Groß- und Kleinschreibung beim Benutzernamen.

Antworten