Re: [squid-users] squid 2.5pre3 as ssl accelerator. -- almost.. not quite. from Mike Lee on 2002-01-27 (squid-users)

From: Mike Lee <mlee@dont-contact.us>
Date: Sun, 27 Jan 2002 17:04:56 -0800

I remember having to putting the directory location for openssl with
./configure.

mike
----- Original Message -----
From: "Philipp Snizek" <mailinglists@belfin.ch>
To: "'Mike Lee'" <mlee@netclimb.com>
Cc: <squid-users@squid-cache.org>
Sent: Sunday, January 27, 2002 2:46 AM
Subject: AW: [squid-users] squid 2.5pre3 as ssl accelerator. -- almost.. not
quite.

> Hi,
>
> I'm trying to do the same config as you but when compiling squid I get
this:
>
> Making all in lib
> make[1]: Entering directory `/squid-2.5.PRE3/lib'
> source='rfc2617.c' object='rfc2617.o' libtool=no \
> depfile='.deps/rfc2617.Po' tmpdepfile='.deps/rfc2617.TPo' \
> depmode=gcc /bin/sh ../cfgaux/depcomp \
>
cc -DHAVE_CONFIG_H -I. -I. -I../include -I../include -I../include -g -W
> all -c `test -f rfc2617.c || echo './'`rfc2617.c
> In file included from rfc2617.c:52:
> ../include/md5.h:18: #error Cannot find OpenSSL headers
> make[1]: *** [rfc2617.o] Error 1
> make[1]: Leaving directory `/squid-2.5.PRE3/lib'
> make: *** [all-recursive] Error 1
>
> I use kernel 2.4.10, squid-2.5pre3, openssl 0.96b.
>
> Help please
>
> thanx
> Philipp
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Mike Lee [mailto:mlee@netclimb.com]
> > Gesendet: Freitag, 25. Januar 2002 01:59
> > An: squid-users@squid-cache.org
> > Betreff: [squid-users] squid 2.5pre3 as ssl accelerator. --
> > almost.. not
> > quite.
> >
> >
> > following config works.
> >
> > ---------------------------------------
> > http_port 80
> > https_port 10.1.1.2:443 cert=/usr/local/squid/etc/cert.pem
> > key=/usr/local/squid/etc/key.pem
> > debug_options ALL,1
> > acl all src 0.0.0.0/0.0.0.0
> > http_access allow all
> > cache_mgr root
> > cache_effective_user squid
> > httpd_accel_host <target real server's ip address>
> > httpd_accel_port 80
> > httpd_accel_single_host on
> > httpd_accel_with_proxy off
> > httpd_accel_uses_host_header on
> >
> > redirect_program /usr/local/squid/bin/squid_redirect.pl
> > redirect_children 30
> > redirect_rewrites_host_header off
> > --------------------------------------
> >
> > So, only thing i changed is httpd_accel_host, _single_host
> > and _port.. I
> > changed from virtual to single host.
> >
> > Does this mean that i can't do Squid 2.5Pre3+ssl accel+httpd accel to
> > multiple servers in the backend??
> >
> > thanks,
> >
> > Mike
> >
> > ----- Original Message -----
> > From: "Mike Lee" <mlee@netclimb.com>
> > To: <squid-users@squid-cache.org>
> > Sent: Thursday, January 24, 2002 3:35 PM
> > Subject: squid 2.5pre3 as ssl accelerator. -- some log messages
> >
> >
> > > Here are more info.
> > >
> > > cache.log indicated that squid started ok. --------------
> > > 2002/01/24 16:19:55| Restarting Squid Cache (version 2.5.PRE3)...
> > > 2002/01/24 16:19:55| FD 19 Closing HTTP connection
> > > 2002/01/24 16:19:55| FD 54 Closing HTTP connection
> > > 2002/01/24 16:19:55| DNS Socket created at 0.0.0.0, port 1043, FD 19
> > > 2002/01/24 16:19:55| Adding nameserver 10.1.1.2 from
> > /etc/resolv.conf
> > > 2002/01/24 16:19:55| helperOpenServers: Starting 30
> > 'squid_redirect.pl'
> > > processes
> > > 2002/01/24 16:19:55| Accepting HTTP connections at 0.0.0.0,
> > port 80, FD
> > 20.
> > > 2002/01/24 16:19:55| Initialising SSL.
> > > 2002/01/24 16:19:55| Using certificate in
> > /usr/local/squid/etc/cert.pem
> > > 2002/01/24 16:19:55| Using private key in
> > /usr/local/squid/etc/key.pem
> > > 2002/01/24 16:19:55| Accepting HTTPS connections at
> > 10.1.1.2, port 443, FD
> > > 55.
> > > 2002/01/24 16:19:55| WCCP Disabled.
> > > 2002/01/24 16:19:55| Loaded Icons.
> > > 2002/01/24 16:19:55| Ready to serve requests.
> > >
> > > access.log when tried https://server.domain.com ----------------
> > > 1011916037.433 4 10.1.1.30 TCP_NEGATIVE_HIT/400 849 GET
> > > http://server.domain.com:443/ - NONE/- text/html
> > >
> > >
> > > thanks,
> > >
> > > Mike
> > > ----- Original Message -----
> > > From: "Mike Lee" <mlee@netclimb.com>
> > > To: <squid-users@squid-cache.org>
> > > Sent: Thursday, January 24, 2002 3:09 PM
> > > Subject: squid 2.5pre3 as ssl accelerator.
> > >
> > >
> > > > Hi,
> > > >
> > > > I'm wondering if anyone can help me. I've gotten the
> > httpd accelerator
> > to
> > > > work. I'm trying to get SSL Accel to work.
> > > >
> > > > Here is my squid.conf ----------
> > > > http_port 80
> > > > https_port 10.1.1.2:443 cert=/usr/local/squid/etc/cert.pem
> > > > key=/usr/local/squid/etc/key.pem
> > > > httpd_accel_host virtual
> > > > httpd_accel_port 0
> > > > httpd_accel_single_host off
> > > > httpd_accel_with_proxy off
> > > > httpd_accel_uses_host_header on
> > > >
> > > > redirect_program /usr/local/squid/bin/squid_redirect.pl
> > > > redirect_children 30
> > > > redirect_rewrites_host_header off
> > > > -------------------------------------
> > > >
> > > >
> > > > When client tries to get to the SSL site, error message comes up.
> > > >
> > > > Bad Request
> > > > Your browser sent a request that this server could not understand.
> > > > Reason: You're speaking plain HTTP to an SSL-enabled server port.
> > > > Instead use the HTTPS scheme to access this URL, please.
> > > >
> > > >
> > > > Hint: https://server.domain.com:443/
> > >
> > >
> > --------------------------------------------------------------
> > ------------
> > > --
> > > > ---------------
> > > >
> > > > To explain exactly what happens..
> > > >
> > > > Certificate window does show up. I click on ok to accept the
> > certificate
> > > > and this error message shows up.
> > > >
> > > > When i tcpdump on the target machine(real server), i
> > don't even see any
> > > > packets come in. So, i'm pretty sure it's the squid box
> > that giving
> > this
> > > > error message back to the client..
> > > >
> > > >
> > > >
> > > > Help!!
> > > >
> > > > Mike
> > > >
> > > >
> > >
> >
>
Received on Sun Jan 27 2002 - 18:04:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:57 MST