SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Pound SSL Proxy
https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/
SSL Encryption
Create a private key to encrypt a site:
mkdir -p ~/.ssl/pound
cd ~/.ssl/pound
Generate an RSA private key for the server:
openssl genrsa -out server.key 2048
Then create the Certificate Signing Request file, or CSR.
openssl req -newkey rsa:2048 -keyout server.key -out server.csr
StartSSL has free Class 1 SSL certificates that can be used cheaply. Follow their Certificate Wizard to create the certificate.
Download their root CA certificate and the intermediate CA certificate:
cd ~/.ssl/pound
wget https://startssl.com/certs/ca.crt
wget https://startssl.com/certs/sca.server1.crt
Combine your private key, the domain's certificate (from StartCom), the intermediate certificate and the root certificate files into one PEM file for Pound to use:
cat server.key server.pem sca.server1.crt ca.crt \
>/usr/local/etc/pound/test1.mydomain.com.pem
Add the HTTPS directive to /usr/local/etc/pound.cfg
:
ListenHTTPS
Address 1.2.3.4
Port 443
Disable SSLv2
Disable SSLv3
Cert "/usr/local/pound/test1.mydomain.com.pem"
SSLHonorCipherOrder 1
Ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Service
HeadRequire "Host:.*test1.mydomain.com.*"
BackEnd
Address 192.168.1.11
Port 80
End
End
End
Resources
Pound Reverse SSL Proxy for Multiple Servers
Pound, SSL and real Certificates, redux
- Log in to post comments