On Wed, 10 Dec 2003 Jerry_Harbour@roundrockisd.org wrote:
> The problem is that the registered certificate that squid is configured
> with has a name mismatch with the second web site being reverse-proxied.
Reverse proxies does not solve the one-domain-per IP:PORT restriction of
SSL.
If you want to reverse-proxy multiple https server names then you need one
https_port with it's own certificate per domain just as you would need one
server definition per domain on a real https web server.
If both are different hosts in the same domain then you may be able to use
a wildcard certificate to cut down on the number of SSL ports needed, but
it should be noted that most CA charges excessively much for signing
wildcard certificates.
> I also tried to run two instances of squid with the second binding to
> different ports (like 444, instead of 443) but the second version of squid
> detects that squid is already running and refuses to start. Is there a way
> to run another copy of squid so I can configure for the second certificate?
Just make sure both instances does not share anything. The easiest way is
to install two Squids with different prefix, but it is also possible to
use different squid.conf which gives different paths to all required.
> I could not find a pid file if that is what squid uses as a marker.
It is specified in squid.conf with the strangely named pid_filename
directive...
Regards
Henrik
Received on Wed Dec 10 2003 - 14:41:01 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:09 MST