AW: [squid-users] HTTP/1.1 reverse Proxy over SSL? from David Gibson on 2003-10-02 (squid-users)

From: David Gibson <dgibson@dont-contact.us>
Date: Thu, 2 Oct 2003 10:47:02 -0400

I got this to work using virtual ips, a redirector, and the cache peer statements.

cache_peer server1.wherever.org parent 80 443 no-query front-end-https=on
cache_peer server2.wherever.org parent 80 443 no-query front-end-https=on
never_direct allow all
acl acl1 dstdomain server1.wherever.org
cache_peer_access server1.wherever.org allow acl1
cache_peer_access server1.wherever.org deny all
acl acl2 dstdomain server2.wherever.org
cache_peer_access server2.wherever.org allow acl2
cache_peer_access server2.wherever.org deny all
redirect_program /opt/scripts/redirector.pl

httpd_accel_single_host off

#### here's the redirector- don't know if all of this is really necessary

#!/usr/bin/perl
    $|=1;
    while (<>) {
        open (INPUT,">>/tmp/input");
        printf INPUT;
        s@http://xxx\.xxx\.xxx\.xxx@http://server1.wherever.org@;
        s@http://yyy\.yyy\.yyy\.yyy@http://server1.wherever.org@;
        s@https://xxx\.xxx\.xxx\.xxx@http://server1.wherever.org@;
        s@https://yyy\.yyy\.yyy\.yyy@http://server2.wherever.org@;
        print;
        open (OUTPUT,">>/tmp/output");
        printf OUTPUT;
    }

Hope this helps,

David

-----Original Message-----
From: mailinglists [mailto:mailinglists@belfin.ch]
Sent: Thu 10/2/2003 6:55 AM
To: Markus Gaugusch; squid-users@squid-cache.org
Cc:
Subject: [MAYBE STA SPAM] AW: [squid-users] HTTP/1.1 reverse Proxy over SSL?

I know that Squid 2.5 doesn't support host headers if used in a ssl environment as yours.
What you intend to do can be done if you use 1 squid box per 1 M$ www box.
However I unfortunately can't say anything about Squid 3.0.

Philipp

> Unfortunately, my squid setup still doesn't work. I'll describe the
> scenario more detailed:
> We have several official ip's that we want to map 1:1 to
> internal (M$)
> Servers. Squid should terminate the SSL tunnel.
>
> INET<->Official-IP1:443<->Squid<->InternalServer1:80
> INET<->Official-IP2:443<->Squid<->InternalServer2:80
>
> So I really just want an 1:1 mapping, but squid doesn't allow
> to be run
> more than once (tried it), and with my current configuration
> it always
> uses the first cache_peer :-(
>
> I don't mind if I have to use Squid-3.0-PRE version or a
> stable. I just
> want it to work ...
>
> thanks for any hint!!
> Markus
>
>
Received on Thu Oct 02 2003 - 08:46:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:16 MST