Re: [squid-users] SSL redirect questions

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Mon, 23 May 2005 11:55:08 +0200

On 22.05 12:35, Discussion Lists wrote:
> I have some general questions about reverse-proxying SSL.
>
> 1. What is the best way to do it using Squid:
> a. Do a straight redirect from port 443 to port 443 from server
> to server with no certificate presented from the firewall, but rather
> from the server that the connection is redirected to (is this even
> possible with Squid?).
> b. Redirect port 443 to port 80 on the destination server(s),
> and use the firewall to present each of the certificates.

Are you talking about reverse-proxying or redirecting?
when reverse proxying, you do not redirect anything. If redirecting, you do
not care about certificates.

what I understand under "reverse ssl proxy" is that squid listens for SSL
requests on port 443 and forwards plain HTTP requests to HTTP server.

There is of course possibility to forward https requests with different
key/certificate, but It has meaning only in some special cases.

> 2. If the answer is B, I have several backend SSL servers, all of which
> I want to redirect connections to.

why? Why do you want push one level of servers before backends?

> This is an aspect of proxying/reverse-proxying where my knowledge is
> weak, maybe some of you have some suggestions.

I do not understand why do you need reverse proxying at all...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
Received on Mon May 23 2005 - 03:55:11 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT