Trying out squid proxy with HTTP & HTTPs in Ubuntu-Part 2

If you haven’t read the part 1 of this article, you can find it here

In this part we will be discussing how to configure the HTTPs port for your squid server.

I have a nodejs backend server which is running in HTTPs and I have written a simple Java client which uses HTTPs that will invoke the squid server [3]. Both of these will use the keys generated below

Before running the Java client & nodejs backend you need to generate a public and private. Run the following command to generate the keystore and export the certificate.

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout squid-ca-key.pem -out squid-ca-cert.pem
keytool -import -alias certificate -keystore newkeystore.jks -file squid-ca-cer.pem

squid-ca-key.pem file and squid-ca-cert.pem files should be copied to the certs folder in the nodejs backend [1]

Provide the following in these code points in the java client [2]

If you try to invoke HTTPs backend of nodejs through the squid server now using this java client, you will get an error similar to shown below.

This is since we are connecting to the HTTP port of squid using a HTTPs connection. For this to work we need to configure HTTPs port for squid.

Combine the previously created keys using following

cat squid-ca-cert.pem squid-ca-key.pem >> squid-ca-cert-key.pem

Make the following directory and copy the combined file.

sudo mkdir /etc/squid/certs

add the following HTTPs config to the squid.conf file to configure the HTTPs port and the certificate file

You also need to add the following line acl SSL_ports port 3002 (port that the backend is running) to allow squid to mark port 3002 as a safe ssl port to connect to as shown below

Restart the squid server and invoke again using the java client. You will find the result below.

You successfully get the response from the HTTPs node server and if you check the access log of squid in /var/log/squid/access.log file you can see that the request has passed through the proxy server.

That’s about it for this article. Follow me on medium so you will be able to get notified about my content.

Until next time!

[1]- https://github.com/dushansilva/squid-sample/tree/main/backend-https/certs

[2]- https://github.com/dushansilva/squid-sample/blob/main/squid-client/src/main/java/com/squid/client/App.java#L41

[3]- https://github.com/dushansilva/squid-sample