1. prereq

wget -nv http://d01cid.ddns.net/sharel/etc/udev/rules.d/10-eth1.rules -P /etc/udev/rules.d/
udevadm control --reload
rmmod ax88179_178a && modprobe ax88179_178a
cube /etc/ssh/sshd_config 'PasswordAuthentication yes' with 'PasswordAuthentication no'
cube /etc/ssh/sshd_config '#UseDNS yes' with 'UseDNS no'
systemctl restart sshd.service
cube /etc/sysconfig/network-scripts/ifcfg-eth0 'GATEWAY=' with '#GATEWAY='
cube /etc/sysconfig/network-scripts/ifcfg-eth0 'DNS1=' with '#DNS1='

2. installation

rpm -q --quiet firewalld || yum -y install firewalld
systemctl enable firewalld
systemctl start firewalld
rpm -q --quiet squid || yum -y install squid
systemctl enable squid.service

3. configuration

pgrep -x squid && systemctl stop squid.service
cat /etc/squid/squid.conf.default > /etc/squid/squid.conf
sed -i '4i include /etc/squid/conf.d/*' /etc/squid/squid.conf
mkdir -p /etc/squid/acl /etc/squid/conf.d
wget -N -nv http://d01cid.ddns.net/sharel/etc/squid/conf.d/cid.conf -P /etc/squid/conf.d/
mkdir -p /data1/var/spool/squid
rm -fr /data1/var/spool/squid/*
chown squid:squid /data1/var/spool/squid/
test -d /data1/var/spool/squid/00/00/ || squid -z
systemctl start squid.service

4. init and other stuff

curl -s http://d01cid.ddns.net/sharel/img/squid/squid-20210516.tgz | tar xz -C /
systemctl enable ss-squid-analyzer.timer
systemctl start ss-squid-analyzer.timer

5. ssl

mkdir -p /opt/squid/etc
openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -keyout /opt/squid/etc/squid.key -out /opt/squid/etc/squid.pem
openssl x509 -in /opt/squid/etc/squid.pem -outform DER -out /opt/squid/etc/squid.der
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout /opt/squid/etc/squid.pem -out /opt/squid/etc/squid.pem
openssl genrsa -out /opt/squid/etc/squid.key 2048
openssl req -new -key /opt/squid/etc/squid.key -out /opt/squid/etc/squid.csr

6. debug

squid -k parse

7. references