RE: [squid-users] Squid 3.0 PRE3 in accellerator mode

Heres my cache_peer line..

cache_peer www.servername.com.au parent 443 443 ssl originserver

Currently the world DNS points at 1.1.1.1 and the cache proxy is on 2.2.2.2

Ive manually changed a workstation hosts file to point at 2.2.2.2 for that
domain name.

I can https access the server so I think the https_port is right. Here it
is...

https_port 443 cert=/usr/local/squid/etc/server.cert.pem
key=/usr/local/squid/etc/server.key.pem vhost

So, what I think will happen is the squid 3.0PRE3 will look at the headers
and decide to use the cache_peer line based on the server name. is that
correct ?

What im after is a way to transparently put this accelerated server inside
my network (possibly by port redirection, or by DNSing the cache and giving
it overriding hosts entries on the cache box to know about the real server)

As per your request, heres the access log...
192.168.1.177 - - [16/Jun/2006 11:36:51] "GET https://www.servername.com.au/
HTTP/1.1" 503 2776 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4" TCP_MISS:TIMEOUT_NONE

I also have

2006/06/16 11:36:51| fwdNegotiateSSL: Error negotiating SSL connection on FD
14: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1)
2006/06/16 11:36:51| TCP connection to www.servername.com.au/443 failed

In the stdout for squid (running in non daemon mode)

Thanks.

--
Kevin Withnall
ILB Computing
PH: 02 4227 0001 Mobile: 0412 453 846
FAX: 02 4227 0081
http://kevin.withnall.com/
 
> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] 
> Sent: Sunday, 11 June 2006 10:00 PM
> To: Kevin Withnall
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid 3.0 PRE3 in accellerator mode
> 
> sön 2006-06-11 klockan 11:50 +1000 skrev Kevin Withnall:
> 
> > Ive setup squid 3.0 PRE3 to accelerate them and can connect 
> to the squid
> > proxy on https and I have it looking at the vhost headers 
> to talk to the
> > back end servers.
> > 
> > What doesn't seem to be working is the https connection to 
> the back end
> > and, unless I set always_direct, it won't connect to the 'origin'
> > server. Are there any docs or similar I should be looking 
> at or should I
> > post some config file extracts here ?
> 
> SSL to the backend should be supported.. what does access.log say?
> 
> Regarding always_direct: In Squid-2.6 and 3.0 accelerators is 
> configured
> using the cache_peer directive. This is mentioned in the 
> release notes.
> 
> Regards
> Henrik
>