I am operating an https proxy that intercepts ssl, and I have solved the problem, so I will record it. The environment to use is the following that was built last time. ** Create Proxy with Active Directory linkage and SSL interception with squid easily with docker **
I don't receive messages in the slack app. It wasn't updated unless I manually clicked "Load new message".
First, check the official information.
Use of Slack requires a persistent connection between Slack's messaging server and member apps and browsers. Slack uses WebSockets over port 443 for connectivity. In some cases, proxies and firewalls can block this connection. If users of Slack are unable to connect from a specific location, or if Slack connection tests show WebSocket issues, change your proxy and firewall settings to stay connected to Slack using the following methods: You need to keep it open.
Source: ** [Manage Slack connectivity issues](https://slack.com/intl/ja-jp/help/articles/360001603387-Slack-%E3%81%AE%E6%8E%A5%E7 % B6% 9A% E5% 95% 8F% E9% A1% 8C% E3% 82% 92% E7% AE% A1% E7% 90% 86% E3% 81% 99% E3% 82% 8B) **
So, try accessing the connection test URL https: // [WORKSPACE] .slack.com/help/test
. (Replace [WORKSPACE] with each workspace)
The test result is as follows, websocket seems to be useless.
Check the official workaround.
Check if the proxy is decrypting SSL. If you are doing encryption decryption, support WebSockets in your proxy or from SSL decryption \ * .slack-msgs.com, wss-primary.slack.com, wss-backup.slack.com, wss- You need to exclude the mobile.slack.com domain.
Source: ** [Manage Slack connectivity issues](https://slack.com/intl/ja-jp/help/articles/360001603387-Slack-%E3%81%AE%E6%8E%A5%E7 % B6% 9A% E5% 95% 8F% E9% A1% 8C% E3% 82% 92% E7% AE% A1% E7% 90% 86% E3% 81% 99% E3% 82% 8B) **
So, I decided to create a list of servers that use websoket and exclude SSL_BUMP. The target servers are those listed in slack officially.
wslist
^wss-(backup|primary|mobile)\.slack\.com:443$
^([^/][^/]*\.)*slack-msgs\.com:443$
Eat this in squid.conf
.
squid.conf
--------8<-----(snip)-----8<----------
#Create a list of websocket targets here
acl wslist url_regex -i "/etc/squid/wslist"
http_port 8081 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/ssl_bump_ca_cert.pem key=/etc/squid/certs/ssl_bump_ca_privkey.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/local/squid/ssl_db -M 4MB
sslcrtd_children 5
#Originally, the items other than those on the whitelist were excluded from BUMP as shown below, but this is commented out.
#ssl_bump bump !whitelist
#Include a list of websockets on sites that are not subject to BUMP
ssl_bump bump !whitelist !wslist
sslproxy_cert_error deny all
--------8<-----(snip)-----8<----------
Now try testing again.