RE: [squid-users] Noob - OWA - Squid3 - SSL

You only need to modify the cache_peer line, I believe...

cache_peer exchange.domain.com parent 80 0 no-query proxy-only originserver
login=PASS

It's very important that squid listen on port 443 since the OWA server will
not return port number in the URLs.

You may also need to use some other owa specific option, can't remember what
it was, tells the OWA server that there's a HTTPS proxy in front of it so
that it will return https URLs.

Found it, front-end-https=auto.

So it's...

cache_peer exchange.domain.com parent 80 0 no-query proxy-only originserver
login=PASS front-end-https=auto

...maybe, give it a try.

> -----Original Message-----
> From: Alex Zlaten [mailto:alex@reiusa.net]
> Sent: Wednesday, June 09, 2004 3:21 PM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Derek,
>
> Thanks for the response.
> In your conf, it seems that you are communication with the exchange
> server via ssl port 443.
> I want squid to listen on 443 with https then retrieve the pages from
> exchange on 80 with http.
> I understand this is a major reason to use the pre-release of
> version 3.
>
> Is this how I would do that?:
> https_port 3129 accel defaultsite=exchange.domain.com
> cert=/usr/local/squid/etc/squid.pem protocol=http
> cache_peer exchangeIP parent 80 0 no-query originserver
> front-end-https=on login=PASS name=exchange-https
>
> Alex
> -----Original Message-----
> From: Derek Winkler [mailto:dwinkler@algorithmics.com]
> Sent: Wednesday, June 09, 2004 1:34 PM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Remember externally for testing exchange.domain.com should
> point to the
> squid server, the squid server itself should be able to resolve
> exchange.domain.com to the actual owa server.
>
> For testing you can make an entry in your workstation host
> file to point
> exchange.domain.com to the squid server.
>
> The squid server will actually listen on port 443, no need to specify
> port. This is important since the OWA server doesn't specify a port.
>
> Here's my config which worked.
>
> visible_hostname whatever.domain.com
> cache_mgr whoever@domain.com
>
> https_port 443 cert=/opt/squid/etc/certificate.crt
> key=/opt/squid/etc/private.key cafile=/opt/squid/etc/cacert.crt
> defaultsite=exchange.domain.com
>
> cache_peer exchange.domain.com parent 443 0 no-query ssl proxy-only
> originserver login=PASS sslflags=DONT_VERIFY_PEER
>
> debug_options ALL,3
>
> ssl_unclean_shutdown on
>
> acl owa-exchange urlpath_regex \/exchange(\/|$)
> acl owa-webid urlpath_regex \/WebID\/
>
> acl all src 0.0.0.0/0.0.0.0
> acl all-dst dst 0.0.0.0/0.0.0.0
> acl owa-host dst XXX.XXX.XXX.XXX/255.255.255.255
>
> http_access allow owa-host owa-exchange
> http_access allow owa-host owa-webid
> http_reply_access allow all-dst
> http_access deny all
> http_access deny all-dst
>
> > -----Original Message-----
> > From: Alex Zlaten [mailto:alex@reiusa.net]
> > Sent: Wednesday, June 09, 2004 2:19 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Noob - OWA - Squid3 - SSL
> >
> >
> > Hi,
> > I have been working with squid 3 for a few days now, I
> don't want to
> > bother you guys with questions that have already been answered a
> > million times but here goes.
> > Is there a good post of a squif.conf for using squid3 as an SSL
> > front-end?
> >
> > Does the URL in the browser have to be the FQDN of the
> exchange server
>
> > or does squid take care of the url translation?
> > Example:
> >
> > Squid server: https://10.0.0.1:3129
> > Exchange server (from https_port in conf): exchange.domain.com
> >
> > Can I go to https://10.0.0.1:3129/exchange to communticate with
> > http://exchange.domain.com/exchange ? Or do I have to have
> DNS point
> > to my squid server as exchange.domain.com?
> >
> > Here is the changes to the default squid.conf I am using:
> >
> > https_port 3129 accel defaultsite=exchange.domain.com
> > cert=/usr/local/squid/etc/squid.pem protocol=http cache_peer
> > exchangeIP parent 80 0 no-query originserver front-end-https=on
> > login=PASS name=exchange-https cache_peer_access
> exchange-https allow
> > http always_direct allow all acl http proto http cache_peer_access
> > exchange-https allow http
> >
> > Currently, if I go to https://10.0.0.1:3129 I get whatever
> is in the
> > root of my exchange server (iis Under construction) If I go to
> > https://10.0.0.1:3129/exchange, I get the Basic
> Authentication Login.
> > After entering the login is says I'm leaving secure
> connection then I
> > get page cannot be displayed.
> >
> > Thank you for any help.
> > Alex Zlaten
> >
> >
> >
>
Received on Wed Jun 09 2004 - 13:36:49 MDT