test: try https_prox

.drone/drone-home.jsonnet

@@ -83,8 +83,8 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
               'set -e',
               "docker network prune -f",
               "cd /stack/squid/myCA",
-              'openssl genrsa -out CA_key.pem 2048',
-              'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
+              //'openssl genrsa -out CA_key.pem 2048',
+              //'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
               'cd ..',
               "docker stack rm squid",
               "sleep 60",

.drone/drone-home.yml

@@ -50,8 +50,6 @@ steps:
     - set -e
     - docker network prune -f
     - cd /stack/squid/myCA
-    - openssl genrsa -out CA_key.pem 2048
-    - openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"
     - cd ..
     - docker stack rm squid
     - sleep 60

docker-compose.yml

@@ -15,6 +15,7 @@ services:
       - ./myCA/CA_key.pem:/apps/CA_key.pem      
     ports:
       - 3128:3128
+      - 3129:3129
     networks:
       - appnet
       - externalnet

docker/squid.intercept.conf

@@ -29,6 +29,7 @@ htcp_access deny all
 visible_hostname git.local-domain
 
 http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
+https_port 3129 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 
 always_direct allow all
 acl excluded_sites ssl::server_name .wellsfargo.com