On 2015-04-25, Ton Muller <spatie...@online.nl> wrote: >> Did you follow the pkg-readme? > uhm....no comment..
;) > well, port 80 goes perfect. > but it browser now get stuck if i add https in the pf rule. > i would have to get port 80 and 443 to, think thats a squid conf isue. https is (a lot) more complicated. You could use a standard proxy configuration configured in the browser, it's relatively easy to do, but requests won't be cached as the SSL session will just be passed across to the origin server directly. Otherwise you can configure ssl-bump mode to MITM the SSL connections and generate fake server certificates signed by your own private CA. This lets you cache and inspect/modify the content (with ICAP filters etc), but you'll need to install the CA certificate on client machines otherwise they'll fail to verify the dynamically-generated SSL certs. I have had ssl-bump working on OpenBSD (fairly recently; code was from around the time 5.7 was tagged), I ran into some problems (IIRC mostly at config reload time) where binding to ports failed so I'd still consider this a bit experimental at the moment.
