[SOLVED] Squid Proxy for Transparent Caching of HTTP and HTTPS
I'm running 2.1.5 amd64 (in two offices connected by IPSEC), I've been using pfSense for over two years. Both systems have 16GB RAM, Xeon Quad-Core processors, and 500GB of 7200RPM enterprise Seagate storage.
I would like to have transparent caching to speed up repetitive downloads to multiple systems (summary: Gentoo, Ubuntu, Archlinux, Mac OS X and Windows systems in a system building environment). While squid-2.7.9-stable stays up, all these OSes (when configured to use the same repositories via http) work great and synchronise really quickly for obvious reasons. This dramatically speeds up system building without maintaining huge superfluous internal repositories for so many platforms.
Package squid-2.7.9-stable works, but it ain't stable for me. It regularly crashes (in both offices), leaving systems with impaired access until squid is manually restarted.
So, I went to the squid3-dev-3.3.10 looking for, at least, better stability, but this package seems to block all http (https works well), no matter what I do. I've been through all the configuration options and I don't see why that should be the case or why no-one else seems to report this. I'm sure I'm not understanding some aspect of this package.
I do not profess to know anything about squid, so please be kind here — I'm not looking for a magic bullet, just to be pointed to area of documentation I need to read. I used to use squid quite successfully this way on IPCOP.
I'm happy to go back to stable and start over, but when I do that, all my previous settings reappear when I'd much rather start from scratch in case I've put a setting in that isn't feasible.
So, long-winded-fashion, my question is:
Should I just go back to stable? (if so, how do I wipe the settings and start over?) or what do I do to transparently proxy http and https through squid3-dev-3.3.10?
PS. I don't need filtering.
Well, I reinstalled stable 2.7.9 pkg v.4.3.4 and checked all the configuration, restarted pfSense 2.1.5, and everything's working perfectly, I can't find anything I did differently. Hopefully, it'll stay up. I'll post here if anything changes.
Going for HTTPS, which currently isn't supported via transparent proxy, ain't for me; my needs lie in transparent HTTP so no need for the trouble of SQUID3 configuration and manually configured browsers.
KOM last edited by
To do HTTPS with a transparent proxy, you will have to install a certificate on every client computer, so you end up touching all your clients anyway.