docs:add-advanced-settings-https-proxy (#2054)

2024-02-16 19:20:42 +07:00 · 2024-02-16 19:20:42 +07:00 · 1a8593a598
commit 1a8593a598
parent 47b890bba5
3 changed files with 122 additions and 0 deletions
--- a/docs/docs/guides/09-advanced-settings/01-https-proxy.mdx
+++ b/docs/docs/guides/09-advanced-settings/01-https-proxy.mdx
@ -0,0 +1,101 @@
 ---
 title: HTTPS Proxy
 slug: /guides/advanced-settings/https-proxy
 description: Jan is a ChatGPT-alternative that runs on your own computer, with a local API server.
 keywords:
  [
    Jan AI,
    Jan,
    ChatGPT alternative,
    local AI,
    private AI,
    conversational AI,
    no-subscription fee,
    large language model,
    advanced-settings,
    https-proxy,
  ]
 ---
 In this guide, we will show you how to set up your own HTTPS proxy server and configure Jan to use it.
 ## Why HTTPS Proxy?
 An HTTPS proxy helps you to maintain your privacy and security while still being able to browser the internet circumventing geographical restrictions. 
 ## Setting Up Your Own HTTPS Proxy Server
 In this section, we will show you a high-level overview of how to set up your own HTTPS proxy server. This guide focus on using Squid as a popular and open-source proxy server software, but there are other software options you might consider based on your needs and preferences.
 ### Step 1: Choosing a Server
 Firstly, you need to choose a server to host your proxy server. We recommend using a cloud provider like Amazon AWS, Google Cloud, Microsoft Azure, Digital Ocean, etc. Ensure that your server has a public IP address and is accessible from the internet.
 ### Step 2: Installing Squid
 ```bash
 sudo apt-get update
 sudo apt-get install squid
 ```
 ### Step 3: Configure Squid for HTTPS
 To enable HTTPS, you will need to configure Squid with SSL support.
 - Generate SSL certificate
 Squid requires an SSL certificate to be able to handle HTTPS traffic. You can generate a self-signed certificate or obtain one from a Certificate Authority (CA). For a self-signed certificate, you can use OpenSSL:
 ```bash
 openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout squid-proxy.pem -out squid-proxy.pem
 ```
 - Configure Squid to use the SSL certificate: Edit the Squid configuration file `/etc/squid/squid.conf` to include the path to your SSL certificate and enable the HTTPS port:
 ```bash
 http_port 3128 ssl-bump cert=/path/to/your/squid-proxy.pem
 ssl_bump server-first all
 ssl_bump bump all
 ```
 - Enable SSL Bumping: To intercept HTTPS traffic, Squid uses a process called SSL Bumping. This process allows Squid to decrypt and re-encrypt HTTPS traffic. To enable SSL Bumping, ensure the `ssl_bump` directives are configured correctly in your `squid.conf` file.
 ### Step 4 (Optional): Configure ACLs and Authentication
 - Access Control Lists (ACLs): You can define rules to control who can access your proxy. This is done by editing the squid.conf file and defining ACLs:
 ```bash
 acl allowed_ips src "/etc/squid/allowed_ips.txt"
 http_access allow allowed_ips
 ```
 - Authentication: If you want to add an authentication layer, Squid supports several authentication schemes. Basic authentication setup might look like this:
 ```bash
 auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
 acl authenticated proxy_auth REQUIRED
 http_access allow authenticated
 ```
 ### Step 5: Restart and Test Your Proxy
 After configuring, restart Squid to apply the changes:
 ```bash
 sudo systemctl restart squid
 ```
 To test, configure your browser or another client to use the proxy server with its IP address and port (default is 3128). Check if you can access the internet through your proxy.
 :::tip
 Tips for Secure Your Proxy:
 - Firewall rules: Ensure that only intended users or IP addresses can connect to your proxy server. This can be achieved by setting up appropriate firewall rules.
 - Regular updates: Keep your server and proxy software updated to ensure that you are protected against known vulnerabilities.
 - Monitoring and logging: Monitor your proxy server for unusual activity and enable logging to keep track of the traffic passing through your proxy.
 ::: 
 ## Setting Up Jan to Use Your HTTPS Proxy
 Once you have your HTTPS proxy server set up, you can configure Jan to use it. Navigate to `Settings` > `Advanced Settings` and specify the HTTPS proxy (proxy auto-configuration and SOCKS not supported).
 You can turn on the feature `Ignore SSL Certificates` if you are using a self-signed certificate. This feature allows self-signed or unverified certificates.
 ![01-https-proxy-jan-configure](./assets/01-https-proxy-jan-configure.png)
--- a/docs/docs/guides/09-advanced-settings/README.mdx
+++ b/docs/docs/guides/09-advanced-settings/README.mdx
@ -0,0 +1,21 @@
 ---
 title: Advanced Settings
 slug: /guides/advanced-settings/
 description: Jan is a ChatGPT-alternative that runs on your own computer, with a local API server.
 keywords:
  [
    Jan AI,
    Jan,
    ChatGPT alternative,
    local AI,
    private AI,
    conversational AI,
    no-subscription fee,
    large language model,
    advanced-settings,
  ]
 ---
 import DocCardList from "@theme/DocCardList";
 <DocCardList />
--- a/docs/docs/guides/09-advanced-settings/assets/01-https-proxy-jan-configure.png
+++ b/docs/docs/guides/09-advanced-settings/assets/01-https-proxy-jan-configure.png