RE: [squid-users] SSL and Reverse Proxy

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 24 Aug 2004 23:51:47 +0200 (CEST)

On Tue, 24 Aug 2004, Brad Taylor wrote:

> I updated my Squid install with the SSL update.
> I'm still having trouble getting this to work. Here is what I have.
>
> http_port 80
> httpd_accel_host 192.168.60.100 (SSL web server)

This should be the public domain name.

> httpd_accel_port 80 the web site at the page will redirect the SSL to
> port 443

This should most likely be 443, or virtual.

> httpd_accel_single host on
> httpd_accel_with_proxy on

a bit dangerous, but ok.

> httpd_accel_uses_host_header off

ok.

> https_port 433 cert=/path/cert.pem

ok.

> sslproxy_client_certifacate /path/cert.pem

why this? Does your web server require a the use of a client certificate
to access the server?

> http_access allow all

very dangerous.

> Even though I use the IP address of squid I'm sent to the origin server
> (192.168.60.100)

Most likely you web server redirects the user back to 192.168.60.100.

"log_mime_hdrs on", and study access logs of both Squid and you web
servers.

Regards
Henrik
Received on Tue Aug 24 2004 - 15:51:50 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT