Re: Re: [squid-users] reverse proxy with different ports

Well.
I would be much more interested in the first config.
I've tried the following squid.conf successfully :
-------
https_port 1443 defaultsite=192.168.x.x:80 protocol=http cert=rproxy.cert
https_port 2443 defaultsite=192.168.x.x:81 protocol=http cert=rproxy.cert
cache_peer 192.168.x.x parent 80 0 no-query originserver
cache_peer 192.168.x.x parent 81 0 no-query originserver
-------
So, it works as I want.
However, there is a problem when I add a "clientca=myca.cert" instruction
to my first https_port declaration : error "Failed to acquire SSL
certificate 'rproxy2.crt'". There is no error when this instruction is at
the end of the last https_port declaration !

For the second config, vhost works fine if there is no special ports
(https:// for the connection to squid and http:// from squid to the origin
server).
In my case, I use special ports (https://virt_serv_name:2443 and
http://virt_serv_name:81...) and it looks like the vhost instruction in
https_port doesn't work with it.

Regards,
Laurent

Henrik Nordstrom <hno@squid-cache.org>
09/09/2003 20:35

 
        Pour : laurent.derrien@gouv.nc, squid-users@squid-cache.org
        cc :
        Objet : Re: [squid-users] reverse proxy with different ports

On Tuesday 09 September 2003 09.58, laurent.derrien@gouv.nc wrote:
> Hello,
>
> I have a question about accel mode special configuration...
> Is it possible to have this configuration with SQUID3-PRE3 :
>
> User -----[https on port 1443]-----> Reverse Proxy ------[http on
> port 80]------> Original server
> User -----[https on port 2443]-----> Reverse Proxy ------[http on
> port 81]------> Original server
>
> Both links through the same Squid ?

Yes.

> Should I write a special redirector ?

With Squid-2.5 a redirector is needed. Squid-3 will do this nicely
without the help of a redirector.

> If it's too hard, I could work with this other configuration :
>
> User -----[https on port 1443 to virtual server name1]----->
> Reverse Proxy ------[http on port 80]------> Original server
> User -----[https on port 1443 to virtual server name2]----->
> Reverse Proxy ------[http on port 81]------> Original server

Same problem basic problem..

> https_port 1443 defaultsite=original-site cert=rproxy.cert

This will make the URLs accepted by Squid look like
https://original-site/path/to/requested/document

your acls need to match this.

If you want the https_port to support virtual domains then you need to
use the vhost directive, which will make the URLs read like
  https://requested-domain-name/path/to/requested/document

and again your acls need to match this.

When using the vhost directive the defaultsite= option just specified
the host name to assume if no host name was given in the request sent
by the client.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com