sudo apt-get -y update
apt-get -y upgrade # I left this line out, it would have updated a lot of programs for me
apt-get -y install openssh-server net-tools
apt-get -y install openssl devscripts build-essential fakeroot libdbi-perl
libssl1.0-dev
cd ~
apt-get source -y squid3
apt-get build-dep -y squid3
cd squid3-3.5.23/
nano debian/rules # Make sure the following is defined in the end for "DEB_CONFIGURE_EXTRA_FLAGS":
the first line with user=proxy is already in the document, but make sure the line ends with " \"
--with-default-user=proxy \
--enable-ssl \
--enable-ssl-crtd \
--with-openssl \
--disable-ipv6
(you can use Strg+W to search)
(Strg+X to close, y and Enter answer the question if you want to save)
dpkg-source --commit
# answer the questions, I used ssl ass comment
debuild -us -uc # more than 30 minutes on my 2GHz i368 Processorcd ~
ls squid3*.deb
mv squid3_3.5.23-5+deb9u1_all.deb squid3_3.5.23-5+deb9u1_all.deb.NotIncluded
dpkg -i *.deb # I had to apt-get install squid-lanpack because it depends on it
apt-get -y install -f
mkdir /etc/squid/ssl_cert
cd /etc/squid/ssl_cert
openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -extensions v3_ca -keyout myCA.pem -out myCA.pem
chown -R proxy:proxy /etc/squid/ssl_cert
chmod 700 /etc/squid/ssl_cert
/usr/lib/squid/ssl_crtd -c -s /var/ssl_db -M 4MB
chown -R proxy:proxy /var/ssl_db
cd /etc/squid ; mv squid.conf squid.conf.orig ; wget https://blog.balcos.net/squid/squid.conf ; wget https://blog.balcos.net/squid/slack.acl ; mkdir /etc/squid/BL
nano /etc/squid/BL/blacklist for domains you want to black list. A domain should start with a "." (eg: ".youtube.com"). Give 1 line for each domain.
systemctl enable squid.service
To start the squid proxy: systemctl start squid.service
To stop: systemctl stop squid.service
To use the proxy with firefox: type about:preferences
in the address bar and Enter -> scroll down to the end -> proxy settings
at manual proxy settings type 127.0.0.1
and port 8080
tic "use for all protocols"
click OK
For https connections you need to import the certificate of squid. This is because squid is now the endpoint for ssl connections, decrypts the website for caching and encrypts for your browser again, using its own certificate.
cd /etc/squid/ssl_cert ; openssl x509 -in myCA.pem -outform DER -out myCA.der ; cp myCA.der ~
the certificate is now in your home folder, ready to be imported to the browser
In firefox go to about:preferences#privacy
-> scroll to the end section called certifictes -> klick show certificates -> import -> select the certificate from the home folder -> open
you now have to trust the certificate by ticcing trust this CA to identify websites -> OK<Ü>
Now you can surf ssl sites using the proxy
If the proxy should cache the sites, uncomment one cache_dir line (delete the "#") from /etc/squid/squid.conf:
cache_dir ufs /var/spool/squid 8192 16 256
Rechner mit Nat über anderen Rechner verbinden
Rechner A ist mit dem Internet verbunden
wlp2s0 ist die mit dem Internet verbundene Schnittstelle von A
Rechner B ist über Ethernet mit Rechner A verbunden
Rechner über Lankabel verbinden
Konfiguration Rechner A:
sudo ip addr add 10.0.0.2/8 dev eth0
echo "1" | sudo tee -a /proc/sys/net/ipv4/ip_forward > /dev/null
sudo iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE
Konfiguration Rechner B:
sudo ip addr add 10.0.0.1/8 dev eth0
sudo ip ro add 0.0.0.0/0 via 10.0.0.2
in /etc/resolv.conf sollte noch ein erreichbarer DNS-Server eingetragen werden, z.B. mit echo nameserver 46.182.19.48 | sudo tee -a /etc/resolv.conf > /dev/null
Ein großes Dankeschön für diese schöne Einleitung in NAT an Karl Rupp
error_reporting(E_ALL);
ini_set("display_errors", 1);
Angenommen Apache2 ist bereits installiert, dann installiere dir PHP und danach php-curl:
Getestet unter Debian 9 mit php 7
sudo apt-get install php
sudo apt-get install php-curl
sudo systemctl restart apache2
Ich bin mir nicht ganz sicher, aber das hier müsste ausreichen.
apt-get install ffmpeg
sudo apt-get install ffmpegthumbnailer gstreamer0.10-ffmpeg ffmpegthumbnailer
systemctl poweroff