My goal is to transparently intercept HTTP and HTTPS requests by using custom certificates and the following configuration:
acl clients src 192.168.160.0/24
http_access allow localhost
http_access allow clients
http_access deny all
http_port 0.0.0.0:3128 intercept
https_port 0.0.0.0:3129 intercept ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=10MB
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 10MB
acl step1 at_step SslBump1
#ssl_bump peek step1
#ssl_bump bump all
ssl_bump server-first all
sslproxy_cert_error allow all # It would also allow SSL connections which might be unsecure.
# only wait 5 seconds to terminate active connections
shutdown_lifetime 1 second
However, my squid server-unit won't start because of the following (very weird and unrelated seeming) error.
Feb 09 12:49:31 ubuntu-server-vm systemd[1]: Failed to start Squid Web Proxy Server.
Feb 09 12:49:31 ubuntu-server-vm squid[211266]: storeDirWriteCleanLogs: Starting...
Feb 09 12:49:31 ubuntu-server-vm squid[211266]: Finished. Wrote 0 entries.
Feb 09 12:49:31 ubuntu-server-vm squid[211266]: Took 0.00 seconds ( 0.00 entries/sec).
Feb 09 12:49:31 ubuntu-server-vm squid[211266]: FATAL: mimeLoadIcon: cannot parse internal URL: http://ubuntu-server-vm:0/squid-internal-static/icons/silk/image.png
Notice: ubuntu-server-vm is the name of the host
