[squid-users] SSL<->SSL<->unencrypted, (was: provide external access)

From: mlister <mailme@dont-contact.us>
Date: Thu, 20 Mar 2003 14:44:52 -0500

This is great. I set up an accelerator box and its working. What I would
like to do next is talk SSL between two squid boxes (firewall will be in
between them).
The communication to the web server from SQUID2 should be
unencrypted.

    [ accellerator ] <--> [ FIREWALL ] <--> [ accellerator ]
<--> [ webserver ]
        <-SSL-> <-SSL-> <-SSL::UNENCRPTED->
<-UNENCRYPTED->
      SQUID1
SQUID2

For now, I have two squid boxes running. The FIREWALL is currently not
part of the setup
for the sake of troubleshooting. The SQUID1 is accelerating SQUID2 which
in turn is accellerating the webserver. This is working as far as
unencrypted communication.
when I try https from the first squid box , I believe its trying to do ssl
with the webserver,
which of course breaks. I added the following line in the configuration:
https_port 443 cert=/etc/httpd/ssl.crt/server.crt
key=/etc/httpd/ssl.key/server.key
on SQUID1

 Is this configuration possible? Thanks for any insight from anyone.

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "mlister" <mailme@triad.rr.com>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, March 20, 2003 2:25 AM
Subject: Re: [squid-users] provide external access

> Yes. This can be done via the accelerator mode of Squid. See the Squid
> FAQ for some basic setup instructions.
>
> Regards
> Henrik
>
> mlister wrote:
> >
> > I'm new to squid and looking to see if it would be the app which could
> > provide external access (outside of firewall) to an internal web server.
> > Basically, on the DMZ, we need a server to play "Middle-Man" with an
> > internal web server, providing access to outside internet users.
> > Would squid be feesible for this sort of task? If so, I'm curious if we
> > would need two squid boxes, as well, ONE on the outside, ONE on the
> > inside of the firewall and these TWO talk SSL between each other and
then
> > the internal squid server forwards the html data from internal web
> > server to the external squid server. Thanks much for any information
> > relating to this concept.
Received on Thu Mar 20 2003 - 12:44:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:11 MST