Can’t connect to HTTPS websites via squid proxy

centos7squid

I've just tried to create a proxy server on a OpenVZ VPS in CentOS7.
All good, but I can't access https websites like google, instagram, facebook, etc..it says timeout, took too long to respond.

I've generated a myCA.pem certificate and using ssl_bump I've linked the signed certificate without errors (checked with systemctl status squid) and now all when I'm trying to connect to the websites above enumerated it gives me no internet error:

1

Below is my squid.conf and here my cache.log http://pastebin.com/MUkujTig

acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_port 3128 ssl-bump \
 generate-host-certificates=on \
 dynamic_cert_mem_cache_size=4MB \
 key=/etc/squid/ssl_cert/myCA.pem \
 cert=/etc/squid/ssl_cert/myCA.pem

# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB    sslcrtd_children 8 startup=1 idle=1

hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
cache deny all

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

icp_port 3130

forwarded_for off

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all

I've added 3128 port in public zone using firewall-cmd

Best Answer

For my purpose it doesn't need to use sslbump so I have deleted it and solved it by adding this line in squid.conf dns_v4_first on

Related Topic