Crear un proxy per ordinadors antics

Farem servir la característica ssl-bump del proxy squid amb linux. D’aquesta manera permetrem a un ordinador antic amb navegadors no suportats avui dia poder navegar per la xarxa.

#!/bin/bash
# fork from: https://github.com/codepoet80/squid-sslbump-rpi

if [ $(id -u) -ne 0 ]; then
  printf "Script must be run with sudo\n"
  exit 1
fi
echo "" && echo "Squid SSL Bump Simplified Install" 
echo "---------------------------------"

SQUID_USER=squid
SQUID_DIR=/usr/local/squid

# update and install pre-reqs
echo "" && echo "Installing Pre-Reqs..."
apt-get update
apt-get -qq -y install openssl libssl1.0-dev build-essential wget curl net-tools dnsutils tcpdump
apt-get clean

# fetch, unpack, configure and install squid 3.5.27
echo "" && echo "Building Squid..."
wget http://www.squid-cache.org/Versions/v5/squid-5.1.tar.gz
tar zxvf squid-5.1.tar.gz
cd squid-5.1/
./configure --prefix=$SQUID_DIR --enable-ssl --with-openssl --enable-ssl-crtd --with-large-files --enable-auth --enable-icap-client
make
make install


# prep environment

echo "" && echo "Prepping Environment..."
mkdir -p $SQUID_DIR/var/lib
mkdir -p $SQUID_DIR/ssl
$SQUID_DIR/libexec/ssl_crtd -c -s $SQUID_DIR/var/lib/ssl_db
mkdir -p $SQUID_DIR/var/cache
useradd $SQUID_USER -U -b $SQUID_DIR
chown -R ${SQUID_USER}:${SQUID_USER} $SQUID_DIR
export PATH=$PATH:$SQUID_DIR

echo "" && echo "Generating Certificate..."

openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -extensions v3_ca  -subj "/C=CA/ST=Catalunya/L=Barcelona/O=org/OU=sysadmin/CN=*" -keyout $SQUID_DIR/ssl/squid-ca-key.pem -out $SQUID_DIR/ssl/squid-ca-cert.pem
cat $SQUID_DIR/ssl/squid-ca-cert.pem $SQUID_DIR/ssl/squid-ca-key.pem >$SQUID_DIR/ssl/squid-ca.pem
openssl x509 -in $SQUID_DIR/ssl/squid-ca-cert.pem -outform DER -out $SQUID_DIR/ssl/squid-ca-cert.der

sudo -u $SQUID_USER -s $SQUID_DIR/libexec/security_file_certgen -c -s $SQUID_DIR/var/cache/squid/ssl_db -M 4MB

# set config

echo "" && echo "Updating Squid Config..."


cat >$SQUID_DIR/etc/squid.conf <<EOF
#=== sslbump config===
cache_mem 128 MB
workers 5
http_access allow all

forwarded_for off

cache_effective_user squid
cache_effective_group squid
always_direct allow all
icap_service_failure_limit -1

acl broken_sites ssl::server_name .example.com
ssl_bump splice localhost
ssl_bump splice broken_sites
ssl_bump bump all

sslproxy_cert_error allow all

sslcrtd_program $SQUID_DIR/libexec/security_file_certgen -s $SQUID_DIR/var/cache/squid/ssl_db -M 16MB 
sslcrtd_children 3 startup=1 idle=1

http_port 3128 ssl-bump generate-host-certificates=on cert=$SQUID_DIR/ssl/squid-ca.pem dynamic_cert_mem_cache_size=16MB

EOF

cat >$SQUID_DIR/sbin/startsquid.sh <<EOF
#!/bin/bash

SQUID_USER=squid
SQUID_DIR=/usr/local/squid

exec $SQUID_DIR/sbin/squid -f $SQUID_DIR/etc/squid.conf -NYCd 10
EOF
chmod +x $SQUID_DIR/sbin/startsquid.sh

# done
echo ""
echo "Done! If there were no errors, things are ready to go."
echo "Run '$SQUID_DIR/startsquid.sh' elevated to start the proxy server."
«

    Deixa un comentari

    L'adreça electrònica no es publicarà. Els camps necessaris estan marcats amb *

    seven + ten =