RE: [squid-users] Noob - OWA - Squid3 - SSL

Remember externally for testing exchange.domain.com should point to the
squid server, the squid server itself should be able to resolve
exchange.domain.com to the actual owa server.

For testing you can make an entry in your workstation host file to point
exchange.domain.com to the squid server.

The squid server will actually listen on port 443, no need to specify port.
This is important since the OWA server doesn't specify a port.

Here's my config which worked.

visible_hostname whatever.domain.com
cache_mgr whoever@domain.com

https_port 443 cert=/opt/squid/etc/certificate.crt
key=/opt/squid/etc/private.key cafile=/opt/squid/etc/cacert.crt
defaultsite=exchange.domain.com

cache_peer exchange.domain.com parent 443 0 no-query ssl proxy-only
originserver login=PASS sslflags=DONT_VERIFY_PEER

debug_options ALL,3

ssl_unclean_shutdown on

acl owa-exchange urlpath_regex \/exchange(\/|$)
acl owa-webid urlpath_regex \/WebID\/

acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl owa-host dst XXX.XXX.XXX.XXX/255.255.255.255

http_access allow owa-host owa-exchange
http_access allow owa-host owa-webid
http_reply_access allow all-dst
http_access deny all
http_access deny all-dst

> -----Original Message-----
> From: Alex Zlaten [mailto:alex@reiusa.net]
> Sent: Wednesday, June 09, 2004 2:19 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Hi,
> I have been working with squid 3 for a few days now, I don't want to
> bother you guys with questions that have already been
> answered a million
> times but here goes.
> Is there a good post of a squif.conf for using squid3 as an SSL
> front-end?
>
> Does the URL in the browser have to be the FQDN of the exchange server
> or does squid take care of the url translation?
> Example:
>
> Squid server: https://10.0.0.1:3129
> Exchange server (from https_port in conf): exchange.domain.com
>
> Can I go to https://10.0.0.1:3129/exchange to communticate with
> http://exchange.domain.com/exchange ? Or do I have to have
> DNS point to
> my squid server as exchange.domain.com?
>
> Here is the changes to the default squid.conf I am using:
>
> https_port 3129 accel defaultsite=exchange.domain.com
> cert=/usr/local/squid/etc/squid.pem protocol=http cache_peer
> exchangeIP
> parent 80 0 no-query originserver front-end-https=on login=PASS
> name=exchange-https cache_peer_access exchange-https allow http
> always_direct allow all acl http proto http cache_peer_access
> exchange-https allow http
>
> Currently, if I go to https://10.0.0.1:3129 I get whatever is in the
> root of my exchange server (iis Under construction) If I go to
> https://10.0.0.1:3129/exchange, I get the Basic Authentication Login.
> After entering the login is says I'm leaving secure connection then I
> get page cannot be displayed.
>
> Thank you for any help.
> Alex Zlaten
>
>
>
Received on Wed Jun 09 2004 - 12:38:02 MDT