Not just squid but mostly any http proxy can be run in forward mode if you want.

Caddys "magic TLS" can be neat for this if you actually do want to dynamically intercept those https connections in an easy way. It's a use-case where Caddy really shines. You can go nuts trying to configure that cleanly in squid. The docs (perhaps intentionally) make you work for the hidden knowledge of these dark arts. You also get modernities like builtin http2, http3, etc.

Nobody else bothered by squids very lengthy restart time or have I just never configured it properly?

(Not to dunk on squid, it's otherwise mostly great. Especially for its caching features)

I've used Caddy for some of my projects (e.g. https://github.com/fsmunoz/parlamentodb/blob/54e0b252485905e... ), but not for this intercept approach you mentioned, I will give it a look!

I'm not bothered by restart times but that's mostly because that has never been a priority... but one thing I have half-done is a controller that gathers per-namespace configs, and with that reload times will become more of an issue.

Part of the reason I chose Squid here was precisely because I found it interesting to reuse something that was such a staple of web architecture patterns.