Navigate to System → Cert Manager.

Click the green Add button.

Populate:

• Descriptive Name: SquidCA.
• Method: Create an internal Certificate Authority. Leave at the default.
• Key length (bits): 2048. Leave at the default.
• Digest Algorith: sha256. Leave at the default.
• Lifetime (days): 3650.
• Common Name: internal-ca. Leave at the default.
• Country Code: JE.
• State or Province: Jersey.
• City: St. Helier
• Organization: ShareWiz.
• Organizational Unit: IT.

openssl genrsa -out myProxyCA.key 2048

openssl req -x509 -new -nodes -key myProxyCA.key -sha256 -days 365 -out myProxyCA.pem

Country Name (2 letter code) [AU]:**JE**
State or Province Name (full name) [Some-State]:**Jersey**
Locality Name (eg, city) []:**St. Helier**
Organization Name (eg, company) [Internet Widgits Pty Ltd]:**ShareWiz**
Organizational Unit Name (eg, section) []:**IT**
Common Name (e.g. server FQDN or YOUR name) []:**sharewiz.net**
Email Address []:

myProxyCA.pem
myProxyCA.key

Navigate to Services → Squid Proxy Server.

On the General Settings tab:

• Enable Squid Proxy: Checked.
• Keep Settings/Data: Checked.
• Proxy Interface(s): LAN & Loopback.
• Proxy Port: 3128. You can change this to a custom one if you like.
• Allow Users on Interface: Yes.
• Resolve DNS IPv4 First: Checked.

• Transparent HTTP Proxy: Checked.
• Transparent Proxy Interface(s): LAN.

• HTTPS/SSL Interception: Checked.
• SSL/MITM Mode: Splice All.
• SSL Intercept Interface(s): LAN.
• SSL Proxy Compatibility Mode: Modern.
• DHParams Key Size: 2048.
• CA: SquidCA. The Certificate Authority created earlier.
• Remote Cert Checks: Do not verify remote certificates.
• Certificate Adapt: Sets the “Not Before” (setvalidbefore).

• Enable Access Logging: Checked.
• Log Store Directory: /var/squid/logs. The default.
• Rotate Logs: 7.
• Log Pages Denied by SquidGuard: Not checked.

• Custom Options (SSL/MITM):

  # YouTube
  acl serverIsYoutube ssl::server_name .ytimg.com
  #acl serverIsYoutube ssl::server_name .youtube.com
  
  # splice all the rest
  ssl_bump splice all

On the Local Cache tab:

• Cache Replacement Policy: LFUDA.
• Low-Water Mark in %: 90.
• High-Water Mark in %: 95.
• Do Not Cache:

  steampowered.com
  steamcommunity.com
  steamgames.com
  steamusercontent.com
  steamcontent.com
  steamstatic.com

• Enable Offline Mode: Not checked.
• External Cache Managers:

• Hard Disk Cache Size: 50000.
• Hard Disk Cache System: aufs.
• Level 1 Directories: 64.
• Hard Disk Cache Location: /var/squid/cache.
• Minimum Object Size: 0.
• Maximum Object Size: 1024.

• Memory Cache Size: 3072.
• Maximum Object Size in RAM: 1024.
• Memory Replacement Policy: Heap GDSF.

• Cache Dynamic Content: Checked.
• Custom refresh_patterns: SEE Squid Refresh Patterns Master List.

On the Antivirus tab:

• Enable AV: Checked.
• Client Forward Options: Send both client username and IP info (Default).
• Enable Manual Configuration: disabled.
• Redirect URL: <blank>.
• Google Safe Browsing: Checked.
• Exclude Audio/Video Streams: Checked.
• ClamAV Database Update: every one hour.
• Regional ClamAV Database Update Mirror: United Kingdom.
• Optional ClamAV Database Update Servers: <Blank>.

Navigate to Services → SquidGuard Proxy filter.

On the General Settings tab:

• Enable: Checked.

• Enable LDAP Filter: Not checked.
• LDAP DN: <Blank>
• LDAP DN Password: <Blank>.
• Strip NT domain name: Not checked.
• Strip Kerberos Realm: Not checked.
• LDAP Version: Version 3.