Skip to content
Builds Squid SSL-Bump Proxy with icap support for Raspberry Pi without using Docker
Branch: master
Clone or download
Pull request Compare This branch is 1 commit ahead, 12 commits behind justinschw:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

(docker-less) squid-sslbump-rpi

squid ssl proxy with icap without Docker on raspberry pi. Based on justinschw/docker-squid-sslbump-rpi, which was based on syakesaba/docker-sslbump-proxy. The Docker install didn't work on my Pi Zero, so here it is on the "bare metal."

Base Environment

  • Tested on: raspbian/stretch on Pi Zero and Zero W (it works, but it takes a long time to build!)
  • Tested on: Ubuntu 18.04 on Azure
  • Instructions below require git (or you can download the files directly)
  • sudo apt-get update
  • sudo apt-get install git


git clone
cd squid-sslbump-rpi
chmod +x ./
sudo ./
  • If you want, you can delete the squid-sslbump-rpi directory after install completes.

Using the Proxy

  • Set your client's proxy server to the IP address of your Pi , and use port 3128 (for both HTTP and HTTPS)
  • Export your fake root-cert from your Pi after installation and import it into your client web browsers.
  • (Root-cert path on the Pi after installation: /usr/local/squid/ssl/localCert.der)
  • OR, just access some HTTPS webpages from the client via the proxy and choose to "Trust Cert".


  • This deliberately uses a root-cert with weak encryption to support old devices
  • Make sure your is proxy safe.
  • To prevent unwanted use, firewalls or some squid-acls should be applied.


MIT License

You can’t perform that action at this time.