Wiki

User Tools

Site Tools

Trace:
pfsense:squid:setup_completely

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:squid:setup_completely [2020/04/06 14:14] peterpfsense:squid:setup_completely [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 29: Line 29:
  
 <code bash> <code bash>
-openssl genrsa -out myProxykey.key 2048+openssl genrsa -out myProxyCA.key 2048
 </code> </code>
  
-This will create an rsa key file named myProxykey.key that we use to sign our rootCA with in the next command for generating the pem file for the rootCA.+This will create an rsa key file named myProxyCA.key that we use to sign the pem file we will generate next.
  
 Create a pem file signed with the key: Create a pem file signed with the key:
  
 <code bash> <code bash>
-openssl req -x509 -new -nodes -key myProxykey.key -sha256 -days 365 -out myProxyca.pem+openssl req -x509 -new -nodes -key myProxyCA.key -sha256 -days 365 -out myProxyCA.pem
 </code> </code>
  
-This will prompt you to answer some questions to generate the needed pem file:+This will prompt you to answer some questions to generate the pem file:
  
 <code bash> <code bash>
Line 55: Line 55:
  
 <code bash> <code bash>
-myProxyca.pem +myProxyCA.pem 
-myProxykey.key+myProxyCA.key
 </code> </code>
  
Line 65: Line 65:
   * Descriptive Name:  **SquidCA**.   * Descriptive Name:  **SquidCA**.
   * Method: **Import an existing Certificate Authority**.   * Method: **Import an existing Certificate Authority**.
-  * Certificate data: **Copy \ Paste the info from myProxyca.pem file**. +  * Certificate data: **Copy \ Paste the info from myProxyCA.pem file**. 
-  * Certificate Private Key (optional): **Copy \ Paste the info from myProxykey.key file**.+  * Certificate Private Key (optional): **Copy \ Paste the info from myProxyCA.key file**.
   * Serial for next certificate: **1**.   * Serial for next certificate: **1**.
   * Save and apply.   * Save and apply.
Line 92: Line 92:
   * Resolve DNS IPv4 First: **Checked**.   * Resolve DNS IPv4 First: **Checked**.
  
 +{{:pfsense:squid:pfsense_squid_general_settings.png?800|}}
 ==== Transparent Proxy Settings: ==== ==== Transparent Proxy Settings: ====
  
Line 98: Line 98:
   * Transparent Proxy Interface(s): **LAN**.   * Transparent Proxy Interface(s): **LAN**.
  
 +{{:pfsense:squid:pfsense_squid_transparent_proxy_settings.png?800|}}
 ==== SSL Man In the Middle Filtering ==== ==== SSL Man In the Middle Filtering ====
  
Line 110: Line 110:
   * Certificate Adapt: **Sets the "Not Before" (setvalidbefore)**.   * Certificate Adapt: **Sets the "Not Before" (setvalidbefore)**.
  
 +
 +{{:pfsense:squid:pfsense_squid_ssl_man_in_the_middle_filtering.png?800|}}
 ==== Logging Settings ==== ==== Logging Settings ====
  
Line 117: Line 119:
   * Log Pages Denied by SquidGuard: **Not checked**.   * Log Pages Denied by SquidGuard: **Not checked**.
  
 +{{:pfsense:squid:pfsense_squid_logging_settings.png?800|}}
 ==== Advanced Features ==== ==== Advanced Features ====
  
Line 127: Line 130:
 ssl_bump splice all ssl_bump splice all
 </code> </code>
 +
 +
 +{{:pfsense:squid:pfsense_squid_advanced_features.png?800|}}
  
 ---- ----
Line 149: Line 155:
   * External Cache Managers:   * External Cache Managers:
  
 +{{:pfsense:squid:pfsense_squid_cache_general_settings.png?800|}}
  
 ==== Squid Hard Disk Cache Settings ==== ==== Squid Hard Disk Cache Settings ====
Line 157: Line 164:
   * Hard Disk Cache Location: **/var/squid/cache**.   * Hard Disk Cache Location: **/var/squid/cache**.
   * Minimum Object Size: **0**.   * Minimum Object Size: **0**.
-  * Maximum Object Size: **1024**. +  * Maximum Object Size: **2048**.
  
 +{{:pfsense:squid:pfsense_squid_hard_disk_cache_settings.png?800|}}
 ==== Squid Memory Cache Settings ==== ==== Squid Memory Cache Settings ====
  
Line 167: Line 174:
  
  
 +{{:pfsense:squid:pfsense_squid_memory_cache_settings.png?800|}}
 ==== Dynamic and Update Content ==== ==== Dynamic and Update Content ====
  
   * Cache Dynamic Content: **Checked**.   * Cache Dynamic Content: **Checked**.
   * Custom refresh_patterns: SEE [[PFSense:Squid:Refresh Patterns:Squid Refresh Patterns Master List|Squid Refresh Patterns Master List]].   * Custom refresh_patterns: SEE [[PFSense:Squid:Refresh Patterns:Squid Refresh Patterns Master List|Squid Refresh Patterns Master List]].
 +
 +{{:pfsense:squid:pfsense_squid_dynamic_and_update_content.png?800|}}
  
 ---- ----
Line 188: Line 198:
   * Optional ClamAV Database Update Servers: **<Blank>**.   * Optional ClamAV Database Update Servers: **<Blank>**.
  
 +{{:pfsense:squid:pfsense_squid_clamav_anti-virus_integration_using_c-icap.png?800|}}
  
 ---- ----
Line 202: Line 212:
   * Enable: **Checked**.   * Enable: **Checked**.
  
 +{{:pfsense:squid:pfsense_squidguard_general_options.png?800|}}
  
 ==== LDAP Options ==== ==== LDAP Options ====
Line 211: Line 222:
   * Strip Kerberos Realm: **Not checked**.   * Strip Kerberos Realm: **Not checked**.
   * LDAP Version: **Version 3**.   * LDAP Version: **Version 3**.
 +
 +{{:pfsense:squid:pfsense_squidguard_ldap_options.png?800|}}
 +
 +
 +==== Logging Options ====
 +
 +
 +  * Enable GUI log:  **Checked**.
 +  * Enable log:  **Checked**.
 +  * Enable log rotation:  **Checked**.
 +
 +{{:pfsense:squid:pfsense_squidguard_logging_options.png?800|}}
 +
 +
 +==== Miscellaneous ====
 +
 +  * Clean Advertising:  **Checked**.
 +
 +{{:pfsense:squid:pfsense_squidguard_miscellaneous.png?800|}}
 +
 +
 +==== Blacklist options ====
 +
 +  * Blacklist:  **Checked**.
 +  * Blacklist proxy: **<Blank>**.
 +  * Blacklist URL: **http://www.shallalist.de/Downloads/shallalist.tar.gz**.
 +
 +{{:pfsense:squid:pfsense_squidguard_blacklist_options.png?800|}}
 +
 +----
 +
  
pfsense/squid/setup_completely.1586182466.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki